Enterprises will face nine major threats, including vulnerabilities in software and other applications, state-backed espionage with emerging technology and malware feats and manipulated machine learning, says Threat Horizon 2021 from the Information Security Forum (ISF).
“By 2021 the world will be heavily digitized,” says Steve Durbin, Managing Director, ISF. The top cyber security concern moving forward, he says, is “technology and society’s overdependence on it”, as it “continues to enable innovative digital business models. The race to develop the next generation of super-intelligent machines is in full swing and technology will continue to be ever more intertwined with everyday life. This new hyper connected digital era creates an impression of stability, security and reliability. However, this illusion when coupled with heightened global mistrust and rising geopolitical tensions, will give rise to ever more sophisticated and pervasive cyber threats that are targeted and disruptive, making operating environment for business increasingly volatile. Technology will intrude into many aspects of personal and working life, creating a digital-centric, always-connected society that raises fundamental questions around social well-being.”
The three key themes in the report include:
1 – DIGITAL CONNECTIVITY EXPOSES HIDDEN DANGERS: Vast webs of intelligent devices, combined with increased speeds, automation and digitisation will create possibilities for businesses and consumers that were previously out of reach. The Internet of Things (IoT) will continue to develop at an astonishing rate, with sensors and cameras embedded into a range of devices across critical infrastructure. The resulting nexus of complex digital connectivity will prove to be a weakness as modern life becomes entirely dependent on connected technologies, amplifying existing dangers and creating new ones.
2 – DIGITAL COLD WAR ENGULFS BUSINESS: By 2021, a digital cold war will unfold, causing significant damage to business. The race to develop strategically important, next generation technologies will provoke a period of intense nation state-backed espionage – intellectual property (IP) will be targeted as the battle for economic and military dominance rages on. Cloud services will become a prime target for sabotage by those seeking to cause disruption to society and business. Drones will become both the weapon and target of choice as attackers turn their attention skywards.
3 – DIGITAL COMPETITORS RIP UP THE RULEBOOK: Competing in the digital marketplace will become increasingly difficult, as businesses develop new strategies which challenge existing regulatory frameworks and social norms, enabling threats to grow in speed and precision. Vulnerabilities in software and applications will be frequently disclosed online with ever-decreasing time to fix them. Organizations will struggle when one or more of the big tech giants are broken up, plunging those reliant on their products and services into disarray. Organizations will rush to undertake overly ambitious digital transformations in a bid to stay relevant, leaving them less resilient and more vulnerable than ever.
Durbin says, “If digital competitors are to continue to stay up top and survive they will need to respond to this changing mood. For some this will require a reinvention of business models and practices such as changes to the collection, management, use of personal data and a more transparent and co-operative approach both to the individual and regulators. Specifically, businesses should evaluate overall dependencies on the big tech giants to ensure that the impact of any changes can be mitigated. This should involve:
• Understanding the exposure to the services of big tech providers
• Reviewing IT strategies, particularly in relation to insourcing vs outsourcing
• Reducing dependency on single providers
• Updating resilience and business continuity in the context of a big tech break up
Enterprises should focus on safety, drive organizational growth and development as understanding cyber risks and building appropriate cybersecurity from the start is fundamental to success. For businesses to mitigate and prepare for the risks of the digital world, Durbin says, enterprises will have “to implement means of maintaining situational awareness and cyber resilience,” which will mean increased monitoring and gathering of threat intelligence. It will require, “businesses to respond to the challenge that cyber is not an IT or purely technical issue and that operating in the digital world is the new business as usual," he says, meaning a change to the way cyber risks are managed.
Durbin notes, “Cyber is now a business issue and any mitigation and preparation for the risks of the digital world will fail without the buy-in and ownership of business leaders. The onus will fall on them to identify the critical business assets that must be protected and to make the protection of the organization an integral part of their business strategy and implementation plans."