As cyber-criminals get smarter and the pace of communications accelerates, organizations are being forced to continually adapt and rapidly respond to a shifting threat landscape. The Information Security Forum (ISF) is taking a view to 24 months out, predicting that ever-faster internet speeds, tech rejectionists and even human death will all be hallmarks of the future security reality.
Threat Horizon 2017, the latest in a series of the ISF’s annual Threat Horizon reports, identifies nine specific emergent threats that encapsulate the imminent dangers that the ISF considers the most prominent. They all have the capacity to transmit their impact through cyber-space at break-neck speeds, particularly as the use of the internet spreads beyond the estimated 50 percent of the literate population who are already connected, the organization noted in its report.
The threats are:
- Increased Connectivity Speeds Present Issues in Organizational Response Time
- Criminal Organizations Become More Structured and Sophisticated
- Widespread Social Unrest Breaks Out, Led by ‘Tech Rejectionists’
- Dependence on Critical Infrastructure Becomes Dangerous
- Malicious Agents Weaponize Systemic Vulnerabilities
- Legacy Technology Crumbles
- Disruption to Digital Systems Leads to Verifiable Human Deaths
- Global Consolidation of Organizations Endangers Competition and Security
- Cost and Scale of Data Breaches Increases Dramatically
“The pace and scale of information security threats continues to accelerate, endangering the integrity and reputation of trusted organizations,” said Steve Durbin, managing director of the ISF. “Although cyber-space offers opportunities for leading organizations, this environment is uncertain and potentially dangerous.” He added, “We predict that many organizations will struggle to cope as the pace of change intensifies. Consequently, at least until a conscious decision is taken to the contrary, these nine threats should appear on the radar of every organization.”
For instance, regarding the first point, it’s clear that reasonably-priced gigabit connectivity will become widely available to supply the growing demands of devices and users, signifying a dramatic leap forward, increasing both data volume and velocity. In an interview, Durbin laid out some of the risk scenarios for super-charged connectivity.
“As billions of devices are connected, there will be more data that must be managed,” he explained. “Conventional malicious use will increase rapidly, resulting in cascading failures between sectors. This will enable new and previously impracticable avenues for destructive activity online, increasing financial and reputational liabilities and overwhelming traditional defenses. When combined with the steady growth of processing power and storage, this increased connectivity will allow malicious actors to launch new attacks that will be both lucrative and difficult to detect. Businesses will struggle to keep up with these attacks.”
Also, as connectivity gets faster and more mission-critical functions are moved online and to the cloud, ISF predicts that the disruption of digital systems in transport and medical services will lead to verifiable deaths. Organizations should thus assess the exposure to and liabilities of cyber-physical systems, and revise corporate communication and crisis response mechanisms accordingly.
Related to the hyperconnectivity issue, increasing network scale, helped along by global consolidation, presents another emerging threat. As the pending Comcast-Time Warner Cable and AT&T-DirecTV mega-mergers demonstrate, broadband companies are interested in getting larger. Companies of all sizes will have fewer options for connectivity, which could give network operators undue influence (and create a known number of “super-vectors” for criminals to attack).
To address this threat, organizations need to first identify and assess risks related to dependence on the suppliers for which there are few alternatives; engage in dialogue and exchange information with governments to assess the extent to which markets remain either competitive or closed; invest in expanding and diversifying the suppliers of critical services; and, where diversification proves difficult, focus instead on embedding resilience in information security strategies.
“Network operators should be ever-mindful of the challenges that consolidation brings to the industry, and should proactively engage in dialogue with governments and regulators whilst continuing to operate in a transparent fashion with customers,” Durbin said. “This will be challenging and may bring them into conflict with government security agencies, as we have seen with Apple and Google, in terms of providing access to government agencies to core products, but will be essential as they are a provider of core infrastructure service which continues to grow in importance. Maintaining an objective stance will be difficult, but essential, to preserve the trust of the end user.”
Despite lightning-fast broadband, the report predicts that "tech rejectionists" will disrupt local economies in response to record levels of socio-economic inequality, leading to widespread, global, social unrest.
“Discontent will be driven by uncertainty and confusion and inflamed by job losses and displacement due to globalization and automation,” Durbin said. “Rejectionists will dismiss the benefits of technology-enabled globalization, pointing instead at the social and economic costs shouldered by those who are not among the economic elite. The resulting chaos will disrupt businesses and supply chains, and force countries to reconsider the balance between technological progress and long-established social and economic equilibriums.”