By 2021, the world will be significantly digitized and connected. The race to develop the next generation of super-intelligent machines will be in full swing and technology will be intertwined with everyday life. Coupled with heightened global mistrust and rising geopolitical tensions, this will lead to a cyber threat that is relentless, targeted and disruptive. The operating environment for business will become increasingly volatile.
Over the next two years, a digital cold war will unfold, causing significant damage to business. The race to develop strategically important, next generation technologies will provoke a period of intense nation state-backed espionage – intellectual property (IP) will be targeted as the battle for economic and military dominance rages on. Cloud services will become a prime target for sabotage by those seeking to cause disruption to society and business. Drones will become both the weapon and target of choice as attackers turn their attention skywards.
Let’s take a quick look at a few of the threats on the horizon and what they mean for your organization:
State-Backed Espionage Targets Next Gen Tech
Nation states’ intelligence services will combine forces with commercial organizations to launch a new wave of industrial espionage. Organizations developing strategically important, next generation technologies will be systematically targeted as national and commercial interests blur.
Business models will unravel as data is compromised by nation state-backed attackers aiming to steal secrets and disrupt development. Strategic plans, IP and other trade secrets regarding the next generation of technologies will become a prime target for nation states aiming to get ahead in the race for economic and military superiority. Whilst the concept of espionage is not new, the digital realm has widened the attack surface. Cyber spies will optimize existing tools and develop new ones to launch espionage attacks on a grand scale. Targeted organizations should expect to face sustained and well-funded attacks, involving a range of techniques such as drone surveillance, zero-day exploits, DDoS attacks and advanced persistent threats. This will be amplified by concerted attempts to infiltrate organizations and coerce existing employees.
The first nation state to develop technologies such as AI, 5G, robotics and quantum computing will gain unparalleled economic, social and military advantage over rivals. Organizations involved in their development will become highly enticing targets for nation state-backed espionage.
Organizations that use or develop next generation technologies will need to take proactive steps to secure IP or take legal steps to mitigate the impact of espionage.
Sabotaged Cloud Services Freeze Operations
Cloud service providers will be systematically sabotaged by attackers aiming to disrupt Critical National Infrastructure (CNI) or cripple supply chains. Organizations dependent on cloud services will find their operations and supply chains undermined when key cloud services go down for extended periods of time.
Nation states that engage in a digital cold war will aim to disrupt economies and take down CNI by sabotaging cloud infrastructure through traditional physical attacks or by exploiting vulnerabilities across homogeneous technologies. Attacks on cloud providers will become more regular, resulting in significant damage to businesses which share those platforms. Organizations with a just-in-time supply chain model will be particularly vulnerable to service outages and will struggle to know when services will be restored, as cloud providers scramble to prioritize customer recovery.
Further consolidation of the cloud services market will create a small number of distinct targets that underpin a significant number of business models, government services and critical infrastructure. A single act of sabotage will freeze operations across the globe.
Organizations that are reliant on cloud providers for one or more critical system or service should prioritize preparation and planning activities to ensure future resilience.
Drones Become Both Predator and Prey
Commercial drones will become a predator controlled by attackers to conduct targeted assaults on business. Drones will become smaller, more autonomous with increased range and equipped with cameras for prolonged surveillance missions. Flying in close proximity to operating environments, they will also be used to conduct advanced man-in-the-middle attacks, degrade mobile networks or spoof and jam other signals.
Conversely, drones will become prey as they are targeted by attackers in order to disrupt dependent businesses. Drones will be knocked out of the sky and hijacked. Information collected by drones will be stolen or manipulated in real time. Industries that leverage drones to become more efficient, such as construction, agriculture and border control, will see their drones targeted as attackers’ spoof and disrupt transmissions.
Technological breakthroughs in drone technologies, combined with developments in 5G, big data, the Internet of Things (IoT), and the relaxation of aviation regulations, will mean that drones will become increasingly important to operating models. Organizations will rely upon them for delivery, monitoring, imagery and law enforcement, whilst attackers will embrace drones as their new weapon of choice. The threat landscape will take to the skies.
If an organization is reliant upon drones for critical operations then diligent risk assessments need to be conducted, and controls must be implemented or upgraded to mitigate risk to the business. As drones take to the skies, organizations must become more vigilant and warier.
Organizations Must Begin Preparations Now
Information security professionals are facing increasingly complex threats—some new, others familiar but evolving. Their primary challenge remains unchanged; to help their organizations navigate mazes of uncertainty where, at any moment, they could turn a corner and encounter information security threats that inflict severe business impact.
In the face of mounting global threats, organization must make methodical and extensive commitments to ensure that practical plans are in place to adapt to major changes in the near future. Employees at all levels of the organization will need to be involved, from board members to managers in non-technical roles.
The threats listed above could impact businesses operating in cyberspace at break-neck speeds, particularly as the use of the Internet and connected devices spreads. Many organizations will struggle to cope as the pace of change intensifies. These threats should stay on the radar of every organization, both small and large, even if they seem distant. The future arrives suddenly, especially when you aren’t prepared.
About the Author
Steve Durbin is Managing Director of the Information Security Forum (ISF). His main areas of focus include the emerging security threat landscape, cyber security, BYOD, the cloud, and social media across both the corporate and personal environments. Previously, he was senior vice president at Gartner.