Threat Horizon 2022: Cyber Attacks Businesses Need to Prepare for Now

The digital and physical worlds are on an irreversible collision course. By 2022, organizations will be plunged into crisis as ruthless attackers exploit weaknesses in immature technologies and take advantage of an unprepared workforce. At the same time, natural forces will ravage infrastructure.

Over the coming years organizations will experience growing disruption as threats from the digital world have an impact on the physical. Invasive technologies will be adopted across both industrial and consumer markets, creating an increasingly turbulent and unpredictable security environment. The requirement for a flexible approach to security and resilience will be crucial as a hybrid threat environment emerges.

The impact of threats will be felt on an unprecedented scale as ageing and neglected infrastructure is attacked, with services substantially disrupted due to vulnerabilities in the underlying technology. Mismanagement of connected assets will provide attackers with opportunities to exploit organizations.

A failure to understand the next generation of workers, the concerns of consumers and the risk posed by deceptive technology will erode the trust between organizations, consumers and investors. As a result, the need for a digital code of ethics will arise in order to protect brand reputation and profitability.

Organizations will have to adapt quickly to survive when digital and physical worlds collide. Those that don't will find themselves exposed to threats that will outpace and overwhelm them.

At the Information Security Forum, we recently released Threat Horizon 2021, the latest in an annual series of reports that provide businesses a forward-looking view of the increasing threats in today's always-on, interconnected world. In Threat Horizon 2021, we highlighted the top three threats to information security emerging over the next two years, as determined by our research.

Let's take a quick look at these threats and what they mean for your organization:

THREAT #1: INVASIVE TECHNOLOGY DISRUPTS THE EVERYDAY

New technologies will further invade every element of daily life with sensors, cameras and other devices embedded in homes, offices, factories and public spaces. A constant stream of data will flow between the digital and physical worlds, with attacks on the digital world directly impacting the physical and creating dire consequences for privacy, well-being and personal safety.

Augmented Attacks Distort RealityThe development and acceptance of AR technologies will usher in new immersive opportunities for businesses and consumers alike. However, organizations leveraging this immature and poorly secured technology will provide attackers with the chance to compromise the privacy and safety of individuals when systems and devices are exploited.

Behavioral Analytics Trigger A Consumer Backlash: Organizations that have invested in a highly connected nexus of sensors, cameras and mobile apps to develop behavioral analytics will find themselves under intensifying scrutiny from consumers and regulators alike as the practice is deemed invasive and unethical. The treasure trove of information harvested and sold will become a key target for attackers aiming to steal consumer secrets, with organizations facing severe financial penalties and reputational damage for failing to secure their information and systems.

Robo-Helpers Help Themselves to Data: A range of robotic devices, developed to perform a growing number of both mundane and complex human tasks, will be deployed in organisations and homes around the world. Friendly-faced, innocently-branded, and loaded with a selection of cameras and sensors, these constantly connected devices will roam freely. Poorly secured robo-helpers will be weaponized by attackers, committing acts of corporate espionage and stealing intellectual property. Attackers will exploit robo-helpers to target the most vulnerable members of society, such as the elderly or sick at home, in care homes or hospitals, resulting in reputational damage for both manufacturers and corporate users.

THREAT #2: NEGLECTED INFRASTRUCTURE CRIPPLES OPERATIONS

The technical infrastructure upon which organizations rely will face threats from a growing number of sources: man-made, natural, accidental and malicious. In a world where constant connectivity and real-time processing is vital to doing business, even brief periods of downtime will have severe consequences. It is not just the availability of information and services that will be compromised – opportunistic attackers will find new ways to exploit vulnerable infrastructure, steal or manipulate critical data and cripple operations.

Edge Computing Pushes Security to the Brink:In a bid to deal with ever-increasing volumes of data and process information in real time, organizations will adopt edge computing – an architectural approach that reduces latency between devices and increases speed – in addition to, or in place of, cloud services. Edge computing will be an attractive choice for organizations, but will also become a key target for attackers, creating numerous points of failure. Furthermore, security benefits provided by cloud service providers, such as oversight of particular IT assets, will also be lost.

Extreme Weather Wreaks Havoc on Infrastructure:Extreme weather events will increase in frequency and severity year-on-year, with organizations suffering damage to their digital and physical estates. Floodplains will expand; coastal areas will be impacted by rising sea levels and storms; extreme heat and droughts will become more damaging; and wildfires will sweep across even greater areas. Critical infrastructure and data centers will be particularly susceptible to extreme weather conditions, with business continuity and disaster recovery plans pushed to breaking point.

The Internet of Forgotten Things Bites Back: IoT infrastructure will continue to expand, with many organizations using connected devices to support core business functions. However, with new devices being produced more frequently than ever before, the risks posed by multiple forgotten or abandoned IoT devices will emerge across all areas of the business. Unsecured and unsupported devices will be increasingly vulnerable as manufacturers go out of business, discontinue support or fail to deliver the necessary patches to devices. Opportunistic attackers will discover poorly secured, network-connected devices, exploiting organizations in the process.

THREAT #3: A CRISIS OF TRUST UNDERMINES DIGITAL BUSINESS

Bonds of trust will break down as emerging technologies and the next generation of employee's tarnish brand reputations, compromise the integrity of information and cause financial damage. Those that lack transparency, place trust in the wrong people and controls, and use technology in unethical ways will be publicly condemned. This crisis of trust between organizations, employees, investors and customers will undermine organizations' ability to conduct digital business.

Deepfakes Tell True Lies: Digital content that has been manipulated by AI will be used to create hyper-realistic copies of individuals in real-time – deepfakes. These highly plausible digital clones will cause organizations and customers to lose trust in many forms of communication. Credible fake news and misinformation will spread, with unwary organizations experiencing defamation and reputational damage. Social engineering attacks will be amplified using deepfakes, as attackers manipulate individuals with frightening believability.

The Digital Generation Become the Scammer's Dream: Generation Z will start to enter the workplace, introducing new information security concerns to organizations. Attitudes, behaviors, characteristics and values exhibited by the newest generation will transcend their working lives. Reckless approaches to security, privacy and consumption of content will make them obvious targets for scammers, consequently threatening the information security of their employers.

Activists Expose Digital Ethics Abuse: Driven by huge investments in pervasive surveillance and tracking technologies, the ethical element of digital business will enter the spotlight. Activists will begin targeting organizations that they deem immoral, exposing unethical or exploitative practices surrounding the technologies they develop and who they are sold to. Employees motivated by ethical concerns will leak intellectual property, becoming whistle-blowers or withdrawing labor entirely. Brand reputations will suffer, as organizations that ignore their ethical responsibilities are placed under mounting pressure.

Preparation Must Begin Now

Information security professionals are facing increasingly complex threats—some new, others familiar but evolving. Their primary challenge remains unchanged; to help their organizations navigate mazes of uncertainty where, at any moment, they could turn a corner and encounter information security threats that inflict severe business impact.

In the face of mounting global threats, organization must make methodical and extensive commitments to ensure that practical plans are in place to adapt to major changes in the near future. Employees at all levels of the organization will need to be involved, from board members to managers in non-technical roles.

The three themes listed above could impact businesses operating in cyberspace at break-neck speeds, particularly as the use of the Internet and connected devices spreads. Many organizations will struggle to cope as the pace of change intensifies. These threats should stay on the radar of every organization, both small and large, even if they seem distant. The future arrives suddenly, especially when you aren't prepared.

About the author: Steve Durbin is Managing Director of the Information Security Forum (ISF). His main areas of focus include strategy, information technology, cyber security and the emerging security threat landscape across both the corporate and personal environments. Previously, he was senior vice president at Gartner.

Copyright 2010 Respective Author at Infosec Island

via Infosec Island Latest Articles https://ift.tt/2SqxEkp
RSS Feed

If New feed item from http://www.infosecisland.com/rss.html, then send m

Download IFTTT for iOS Download IFTTT for Android

Comments

Post a Comment

Popular posts from this blog

Evernote cuts staff as user growth stalls

Image
Note-taking app Evernote has fallen on hard times of late, culminating in its latest spate of job cuts impacting 15 percent of its workforce (54 employees). CEO Chris O' Neil -- an ex-Googler who took the reins in 2015 -- announced the firings at an all-hands meeting earlier today, reports TechCrunch . In a message on the Evernote blog , O' Neill admitted he'd set "incredibly aggressive goals" for the company in 2018. He continued: "Going forward, we are streamlining certain functions, like sales, so we can continue to speed up and scale others, like product development and engineering." The layoffs follow an exec exodus just weeks ago and the company's recent brand refresh (complete with a refined logo and wordmark). But critics are more concerned about its product, especially the free tier, which they claim lacks the perks to
Read more

The best air conditioner

Image
By Liam McCabe This post was done in partnership with Wirecutter . When readers choose to buy Wirecutter's independently chosen editorial picks, it may earn affiliate commissions that support its work. Read the full article here . After six summers of researching, testing, and recommending window air conditioners, we've learned that quiet and affordable ACs make most people the happiest—and we think the LG LW8016ER will fit the bill in most rooms. This 8,000 Btu unit cools as efficiently and effectively as any model with an equal Btu rating, and runs at a lower volume and deeper pitch than others at this price. Little extra features like a fresh-air vent, two-axis fan blades, and a removable drain plug help set it apart, too. The LG LW8016ER is a top choice for an office or den, and some people will find it quiet enough for a bedroom, too. If our main pic
Read more

We won't see a 'universal' vape oil cartridge anytime soon

Image
Pre-loaded cartridges of cannabis concentrate are currently among the most popular means of consumption, and for good reason. They're discreet to use and easy to handle, a far cry from the dark days of 2016 when we had to dribble hash oil or load wax into narrow-mouthed vape pens by hand. But, frustratingly, an ever increasing number of oil cartridge manufacturers employ one-off design standards so that their products won't work with those of their competitors, thereby locking customers into proprietary ecosystems. We've already seen this with nicotine vaporizers -- which has a seen a massive rise in "pod systems" in the last few years, each outfitted with a unique canister and battery built to be incompatible with those of their competition. Is it too late for the burgeoning cannabis industry to set a universal standard for their product designs?
Read more