An expert in cybersecurity says that Australia should look to enforcing stricter regulations to help safeguard the country’s cyber landscape.

Dr Suranga Seneviratne, Lecturer in Security at the School of Computer Science at the University of Sydney, said that tighter regulation, increasingly sophisticated attacks on key infrastructure and AI-driven cyber warfare will be common trends in 2020

Securing household Internet of Things

“Internet of Things (IoT) technology is becoming increasingly popular, with smart home devices on the rise in Australia,” Dr Seneviratne said.

“Domestically, the household IoT market reached $1.1 billion in 2018, which was a 57 per cent increase compared to the previous year,” Dr Seneviratne said.

“We can’t deny IoT’s ubiquity, but are all these devices really secure? Are we opening up our houses to attackers to build botnets (ie: secretly using our smart home devices to attack other internet hosts), steal our data, or worse, control our houses?

“Perhaps it’s time we looked at enforcing stricter regulations to make these devices more secure, which is already happening in the UK and US. The draft Australian Voluntary Code of Practice: Securing the Internet of Things for Consumers is definitely a step in the right direction.”

Tech giants under scrutiny: what to expect

“Under the European Union’s General Data Protection Regulation (GDPR) framework we saw some big tech companies being held accountable for collecting personal data without proper consent,” said Dr Seneviratne.

“The Cambridge Analytica incident also generated a much-needed and overdue discourse on how to collect and handle personal data.

“In California, where the majority of US tech-companies are based, the CCPA (California Consumer Privacy Act) will come into effect from January 2020.

“Yet, globally, we still don’t have a proper framework on how to balance the trade-offs between privacy and consumer utility, particularly with data that’s stored remotely. Will storing data on devices finally become trendy?”

Cyberthreats on critical infrastructure 

“This year we witnessed several global attack attempts on critical infrastructure, such as electrical grids and government services. These attacks are likely to become more frequent, more sophisticated and increasingly politically motivated,” Dr Seneviratne said.

“While it is important for governments and businesses to take all possible measures to detect and prevent these attacks, they must begin preparing for worst-case scenarios. In 2015 Ukraine bore the first ever attack of this kind. Attackers were able to disrupt the power supply of more than 200,000 people for a few hours.

AI-driven security and privacy threats

“Artificial intelligence is becoming pervasive: already we’ve witnessed demonstrations that have used AI to bypass CAPTCHA and facial-recognition software. For example, on one occasion, researchers showed how specially printed patterns on spectacle frames could trick state-of-the-art commercial facial recognition systems to think the wearer was someone else,” Dr Seneviratne said.

“It can be expected that these attacks will soon go beyond prototypes and into the real world, with hackers using AI to circumvent traditional antivirus solutions, such as malware detection systems and intrusion detection systems.”