Hyperconnectivity driven by the rise of the digital-everything economy and the internet of things (IoT) will soon disrupt the cybersecurity landscape in a way that hasn’t been seen in the past—and organizations should act now to be prepared.
That’s the assessment from The Information Security Forum (ISF)’s Threat Horizon 2019 report, which frames this year’s trends as setting the stage for much worse scenarios down the road.
The rest of 2017, the report noted, will see the rise of more and more connected things, increasing sophistication in crime syndicates, an over-dependence on critical infrastructure and weaponized systemic vulnerabilities, all against a backdrop of crumbling legacy technology and global consolidation. All of that will mean that the impact of data breaches increases dramatically.
“How an organization responds to today’s increasing cybersecurity threats will vary based on a number of factors, including its unique blend of people and skills, products and services offered and approach to risk management,” said Steve Durbin, managing director of the ISF. “However, an organization that is well-informed about emerging technologies and corresponding threats will be best placed to make winning decisions. The key differentiating factor will be the degree to which organizations are prepared to meet the challenges of a fully connected society.”
That will be critical given the ISF’s expectations for next year. The report predicts that the IoT will continue to leak sensitive information, while opaque algorithms compromise integrity. Also, rogue governments will start to use terrorist groups to launch cyber-attacks, as criminal capabilities expand gaps in international policing. And, researchers will be silenced to hide security vulnerabilities while the cyber-insurance safety net is pulled away. Regulations will fragment the cloud.
By 2019, organizations will be faced with a hyper-connected world where the pace and scale of change—particularly in terms of technology—will have accelerated substantially. ISF said that we’ll see premeditated internet outages bringing trade to its knees; ransomware hijacking the IoT; privileged insiders coerced into giving up the crown jewels; automated misinformation and falsified information that compromises performance; subverted blockchains that shatter trust; surveillance laws exposing corporate secrets; privacy regulations impeding the monitoring of insider threats; and a headlong rush to deploy artificial intelligence that will lead to unexpected outcomes.
Navigating this calls for a strong collaborative culture with the right people congregating at the right time to play their part in ensuring success, the report postulates.
In all, the document highlights nine major threats, broken down into three challenging themes that organizations can expect to face over the next two years as a result of increasing developments in technology:
1. Disruption: From an over reliance on fragile connectivity requiring a seismic shift in the way business continuity is planned, practiced and implemented.
2. Distortion: As trust in the integrity of information is lost, the monitoring of access and changes to sensitive information will become critical as will the development of complex incident management procedures.
3. Deterioration: When controls are eroded by regulations and technology bringing a heightened focus on risk assessment and management in the light of regulatory changes and the increased prevalence of artificial intelligence in everyday technology.
“Traditional business models will certainly be disrupted over the next two years, forcing business leaders to develop cutting-edge trading models while dealing with new regulation, advanced technology and distorted information,” said Durbin. “With established controls rendered ineffective by the latest security threats, new and innovative ways must be found to protect an organization’s most critical information assets.”
Some of the recommendations include changing up existing business continuity plans to engage with internal and external stakeholders to agree alternative methods of communication (e.g. telex, satellite, microwave); and lobbying for minimum security standards for IoT devices via regulation. Having a clear sense of who has access to which critical assets and how to manage that will be crucial; as will monitoring access and changes made to sensitive information, using tools such as a Federated Identity and Access Management (FIAM) systems and Content Management Systems (CMS).
The ISF also recommends building collaboration across the organization, and conducting a risk assessment to understand the impact of metadata being lost by a communications provider. Businesses should also hire AI specialists now.
“Moving forward, organizations must prepare themselves for unprecedented levels of collaboration,” said Durbin. “Legal, compliance, audit, HR, IT, information security and other stakeholders must congregate to assess risks and inform the decision-making process. This collaboration should be extended to partners, manufacturers, vendors and regulators to ensure information security requirements are met.”