ISF’s Steve Durbin details findings from the firm’s recent Threat Horizon 2021 report, highlighting the top three threats to information security emerging in the next two years.
Information security threats are intensifying every day. Organizations risk becoming disoriented and losing their way in a maze of uncertainty as they grapple with complex technology, data proliferation, increased regulation and a debilitating skills shortage.
By 2021, the world will be even more heavily digitized. Technology will enable innovative digital business models, and society will be critically dependent on technology to function. This new hyperconnected digital era will create an impression of stability, security and reliability. However, it will prove to be an illusion that is shattered by new vulnerabilities, relentless attacks and disruptive cyber threats.
The race to develop the next generation of super-intelligent machines will be in full swing, and technology will be intertwined with everyday life. Coupled with heightened global mistrust and rising geopolitical tensions, this will lead to a cyber threat that is relentless, targeted and disruptive. The operating environment for business will become increasingly volatile.
Recent research from Information Security Forum revealed significant threats on the horizon for businesses in today’s always-on, interconnected world. Let’s take a quick look at these threats and what they mean for your organization:
Threat #1: Digital Connectivity Exposes Hidden Dangers
Vast webs of intelligent devices, combined with increased speeds, automation and digitization will create possibilities for businesses and consumers that were previously out of reach. The internet of things (IoT) will continue to develop at an astonishing rate, with sensors and cameras embedded into a range of devices across critical infrastructure. The resulting nexus of complex digital connectivity will prove to be a weakness as modern life becomes entirely dependent on connected technologies, amplifying existing dangers and creating new ones.
5G Technologies Broaden Attack Surfaces
The emergence of the fifth generation of mobile networks and technologies (5G) will provide a game-changing platform for businesses and consumers alike. Colossal speeds, minimal latency and a range of newly available radio frequencies will connect previously unconnected devices, accelerate processes and change entire operating models – but with these changes comes a broader attack surface, as millions of telecommunication masts are built with varying levels of security. As organizations become heavily reliant on 5G to operate, new attack vectors will exploit weaknesses in this emerging technology.
Manipulated Machine Learning Sows Confusion
Machine learning, and neural networks in particular, will underpin processes such as image recognition, pricing analysis and logistics planning. As businesses become reliant upon machine learning and humans are taken out of the knowledge loop, machine learning will become a prime target for attackers. Confusion, obfuscation and deception will be used by attackers to manipulate these systems, either for financial gain or to cause as much damage and disruption as possible.
Parasitic Malware Feasts on Critical Infrastructure
Parasitic malware is a particular strain of malware designed to steal processing power, traditionally from computers and mobile devices. However, attackers will turn their attention to the vast interconnectivity and power consumption of industrial control systems (ICS), IoT devices and other critical infrastructure, which offer an enticing environment for this malware to thrive. All organizations will be threatened as this form of malware sucks the life out of systems, degrading performance and potentially shutting down critical services.
Threat #2: Digital Cold War Engulfs Business
By 2021 a digital cold war will unfold, causing significant damage to business. The race to develop strategically important, next-generation technologies will provoke a period of intense, nation state-backed espionage – intellectual property (IP) will be targeted as the battle for economic and military dominance rages on. Cloud services will become a prime target for sabotage by those seeking to cause disruption to society and business. Drones will become both the weapon and target of choice as attackers turn their attention skyward.
State-Backed Espionage Targets Next-Gen Tech
A new wave of nation state-backed espionage will hit businesses as the battle for technological and economic supremacy intensifies. The target: the next generation of technology. History teaches us that at times of great technological change, targeted industrial espionage follows. Organizations developing technologies such as artificial intelligence (AI), 5G, robotics and quantum computing, will find their IP systematically targeted by nation state-backed actors.
Sabotaged Cloud Services Freeze Operations
Popular cloud providers will have further consolidated their market share – organizations will be heavily, if not totally, dependent on cloud providers to operate. Attackers will aim to sabotage cloud services, causing disruption to critical national infrastructure (CNI), crippling supply chains and compromising vast quantities of data. Organizations and supply chains that are reliant on cloud services will become collateral damage when cloud services go down for extended periods of time.
Drones Become Both Predator and Prey
Drones will become predators controlled by malicious actors to carry out more targeted attacks on business. Developments in drone technologies, combined with the relaxation of aviation regulations, will amplify attackers’ capabilities as the threat landscape takes to the skies. Conversely, drones used for commercial benefit will be preyed upon, hijacked and spoofed, with organizations facing disruption and loss of sensitive data.
Threat #3: Digital Competitors Rip Up The Rulebook
Competing in the digital marketplace will become increasingly difficult as businesses develop new strategies that challenge existing regulatory frameworks and social norms, enabling threats to grow in speed and precision. Vulnerabilities in software and applications will be frequently disclosed online with ever-decreasing time to fix them. Organizations will struggle when one or more of the big tech giants are broken up, plunging those reliant on their products and services into disarray. Organizations will rush to undertake overly ambitious digital transformations in a bid to stay relevant, leaving them less resilient and more vulnerable than ever.
Digital Vigilantes Weaponize Vulnerability Disclosure
Ethical vulnerability disclosure will descend into digital vigilantism. Attackers will weaponize vulnerability disclosure to undercut organizations, destroy corporate reputations or even manipulate stock prices. Organizations will find their resources drained as digital vigilantes reduce the timelines to fix vulnerabilities and apply patches, seriously threatening operations, reputations and endangering customers.
Big Tech Break Up Fractures Business Models
Calls for the breakup of big technology giants will reach their peak by 2021. By then, at least one of them will be broken up, significantly disrupting the availability of the products and services they provide to dependent organizations. From email to search engines, advertising, logistics and delivery, the entire operating environment will change. Malicious actors will also prey upon vulnerable, transitioning organizations.
Rushed Digital Transformations Destroy Trust
The demand for organizations to remain relevant in a technology-centric world will drive them to undertake rushed digital transformations. Organizations will deploy technologies such as blockchain, AI and robotics, expecting them to seamlessly integrate with aging systems. Organizations will be faced with significant disruption to services, as well as compromised data when digital transformations go wrong.
Preparation Must Begin Now
Information security professionals are facing increasingly complex threats — some new, others familiar, but evolving. Their primary challenge remains unchanged: to help their organizations navigate mazes of uncertainty where, at any moment, they could turn a corner and encounter information security threats with severe business impact.
In the face of mounting global threats, organizations must make methodical and extensive commitments to ensure practical plans are in place to adapt to major changes in the near future. Employees at all levels of the organization will need to be involved, from board members to managers in nontechnical roles.
The three themes listed above could impact businesses operating in cyberspace at breakneck speeds, particularly as the use of connected devices spreads. Many organizations will struggle to cope as the pace of change intensifies. These threats should stay on the radar of every organization, both small and large, even if they seem distant. The future arrives suddenly, especially when you aren’t prepared.