Hazards Ahead: The Dangers of Runaway Technology

Technology has advanced at an astonishing rate in the last decade, and the pace is only set to accelerate. Capabilities that seemed impossible only a short time ago will develop extremely quickly, aiding those who see them coming and hindering those who don’t. Developments in smart technology will create new possibilities for organizations of all kinds – but they will also create opportunities for attackers and adversaries by reducing the effectiveness of existing controls. Previously well-protected information will become vulnerable.

At the Information Security Forum, we recently released Threat Horizon 2020, the latest in an annual series of reports that provide businesses a forward-looking view of the increasing threats in today’s always-on, interconnected world. In Threat Horizon 2020, we highlighted the top threats to information security emerging over the next two years, as determined by our research.

Let’s take a quick look at a few of these threats and what they mean for your organization:

Quantum Arms Race Undermines the Digital Economy

The emergence of quantum computing will herald a step change in processing power, shifting perceptions about what computers can achieve. However, the increase in performance will enable those who develop or acquire the technology to break current encryption standards. With a fundamental security mechanism rendered obsolete, information and transactions of all kinds will suddenly become vulnerable.

Why Does This Threat Matter?

The next generation of computer technology – quantum computing – will be able to crack encryption that would have taken traditional computers millions of years in mere hours or minutes. As a consequence, a security mechanism that forms the bedrock of today’s digital economy will require a complete overhaul, potentially exposing organizations to millions in transformation costs and lost trade. However, the practical problems start now. In particular, various parties will pre-empt this new technology by starting to harvest gigantic pools of encrypted information, using it later when the technology is available.

National intelligence organizations will lead the charge to be the first to get their hands on this technology. The sensitive information, communications, services, transactions and critical infrastructure of adversaries will all become an open book. The desire to be first across the line is certain to drive a digital arms race. Who will be the quantum winner? That remains unclear.

Some nation states will want to expand their horizons and use quantum computing as an offensive weapon to undermine the digital economies of their perceived enemies – as will others who can get early access to the technology. Organizations in both the public and private sectors will then be prime targets for a range of attackers. None will be safe, even those that believe their information is secure now.

Artificially Intelligent Malware Amplifies Attackers’ Capabilities

Attackers will also take advantage of breakthroughs in artificial intelligence (AI) to develop malware that can learn from its surrounding environment and adapt to discover new vulnerabilities. Such malware will surpass the performance of human hackers, exposing information including mission-critical information assets and causing financial, operational and reputational damage.

Why Does This Threat Matter?

According to many futurists, AI will bring huge benefits to society, especially in areas such as research and healthcare. However, it will also be deployed in more damaging ways, one of which will be to build computer malware that can change both its form and purpose. Attackers will use this artificially intelligent malware to find new ways to access an organization’s network and disrupt its operations. Mission-critical information assets such as trade secrets, R&D plans and business strategies will be targets for compromise – all without detection.

As it is AI-based, this new form of malware will learn from its environment, analyzing applications and systems to discover and exploit new vulnerabilities in real time. It will be hard to distinguish what is safe from unauthorized access and what isn’t. Even information previously believed to be well protected will be open to compromise.

Conventional techniques used to identify and remove malware will quickly become ineffective. Instead, AI-based solutions will be needed to fight this new malware – leading to a race for supremacy between offensive and defensive AI. The eventual winners will be hard to spot for some considerable time.

Attacks on Connected Vehicles Put the Brakes on Operations

While advanced computing power will be used to directly target information assets, the prevalence of computers in connected vehicles will create new physical threats. By hacking connected systems, including those that control the vehicle, attackers will cause accidents that threaten human life and disrupt supply chains – not to mention impacting the reputation and revenue of vehicle manufacturers.

Why Does This Threat Matter?

Attackers will look to remotely hack a range of connected vehicles – cars, lorries, vessels and trains – taking advantage of vulnerabilities within on-board systems to take control of them, steal them or disable vital safety features. All forms of vehicles will be exposed. The sheer scale of targets will be dramatic: for example, the number of connected cars manufactured globally is predicted by Gartner to grow from 12.4 million in 2016 to 61 million by 2020.

The effects will be felt by various people and organizations. Individuals who travel in connected vehicles, or are in the vicinity, will have their lives put at risk. Organizations with supply chains that rely on connected vehicles to transport goods or materials will face operational disruption. Vehicle manufacturers and their subcontractors will face reputational damage, and maintenance providers will come under pressure to perform immediate software and hardware updates.

Liability for incidents – including deliberate attacks – will be a particularly hot topic. Insurance companies will be forced to rethink their strategies to take into consideration claims over incidents involving connected vehicles; organizations will wish to consider themselves blameless but may be held liable; while vehicle manufacturers are likely to face complex class action legal battles should incidents begin to fall into recognizable patterns.

Preparation Must Begin Now

Information security professionals are facing increasingly complex threats—some new, others familiar but evolving. Their primary challenge remains unchanged; to help their organizations navigate mazes of uncertainty where, at any moment, they could turn a corner and encounter information security threats that inflict severe business impact.

In the face of mounting global threats, organization must make methodical and extensive commitments to ensure that practical plans are in place to adapt to major changes in the near future. Employees at all levels of the organization will need to be involved, from board members to managers in non-technical roles.

The themes listed above could impact businesses operating in cyberspace at break-neck speeds, particularly as the use of the Internet and connected devices spreads. Many organizations will struggle to cope as the pace of change intensifies. These threats should stay on the radar of every organization, both small and large, even if they seem distant. The future arrives suddenly, especially when you aren’t prepared.

This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security magazine. Subscribe here.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.

How can security leaders charged with investigations handle the management of interviewers and interrogators, as well as handle interviewing, including dealing with false confessions and misleading information?