By 2021, the world will be significantly digitised and connected. Competing in the digital marketplace will become increasingly difficult, as businesses develop new strategies which challenge existing regulatory frameworks and social norms, enabling threats to grow in speed and precision. Vulnerabilities in software and applications will be frequently disclosed online with ever-decreasing time to fix them.
Organisations will struggle when one or more of the big tech giants are broken up, plunging those reliant on their products and services into disarray. Organisations will rush to undertake overly ambitious digital transformations in a bid to stay relevant, leaving them less resilient and more vulnerable than ever.
Let’s take a quick look at a few of the threats on the horizon and what they mean for your organisation:
Digital vigilantes weaponize vulnerability disclosure
Vulnerability disclosure will evolve from a predominantly altruistic endeavour to one that actively damages organisations. Attackers will search for, and publicly disclose, vulnerabilities to undercut competitors and destroy corporate reputations. Fraudsters will manipulate financial markets by releasing exploits at opportune moments. A lack of regulation will lead to a culture of digital vigilantism whereby vulnerability disclosure is weaponised for commercial advantage.
Organisations will be caught unaware as their vulnerabilities are disclosed at an accelerated pace, often without knowledge or consent. They will face unachievable timeframes to fix disclosed vulnerabilities, draining internal resources. The release of exploit code, the self-propagating nature of some malware and the interconnectivity of devices could see vulnerabilities exploited faster than ever before (accelerated by developments in AI) with major impacts to business.
Software providers and organisations that rely on their products will experience disruption from strategic vulnerability disclosure by rogue competitors, organised criminal groups and hacktivists. Given the global dependence on commercial software, the weaponization of vulnerabilities will have far-reaching consequences for businesses and their customers alike.
Dealing with zero-day vulnerabilities should be business as usual for organisations. However, as vulnerability disclosure becomes weaponized this will require re-evaluation of current approaches to patch management, threat intelligence and resilience.
Big tech break up fractures business models
The big tech giants are currently at a crossroads. Both the public and regulators will continue to demonstrate concern that the dominance of a few big players is not healthy for either society or business. This will result in the forced break up of one or more of the big tech giants, significantly disrupting organisations that are dependent on them. Product and service offerings will be fractured and organisations will scramble to sustain operating models.
If big tech giants are forced to change, so will business. Organisations will need to find new vendors for a range of products and services, potentially having to use the services of unproven companies located in areas of the world with divergent regulatory approaches. There will be a period of significant turbulence in IT operations. Hundreds of systems will need to be replaced, with terabytes of data repatriated and thousands of contracts renegotiated, fracturing long-term IT strategies.
During this time of intense change, information security will be stretched to its limit. New and existing services will need to be assessed, as business continuity and recovery processes need to be revised and data needs to be transferred in a timely, secure manner. Meanwhile, amid this period of turbulence, malicious actors will seek out and prey on vulnerable, transitioning organisations.
Organisations should evaluate overall dependencies on the big tech giants to ensure that if one of them is broken up risk can be mitigated.
Rushed digital transformations destroy trust
Organisations will rush to conduct digital transformation programs in order to stay relevant in the marketplace – winners will dominate industries, losers will be left behind. However, as organisations race to adopt cutting-edge technology to digitise and automate, hurried and weak integration with underlying, legacy systems will lead to disastrous outcomes.
Organisations will create new applications, deploy AI and other tools (using different protocols and technology) which are expected to work seamlessly with existing and legacy systems. Consumers and dependent supply chains will lose trust in organisations that do not integrate systems and services effectively. Digital transformations will attract the attention of opportunistic attackers, who will target transitioning organisations that hold sensitive information, such as credit cards or personal details, exploiting new vulnerabilities as they are introduced.
Organisations that have built digital transformation programs on top of legacy systems will find that they have introduced new attack vectors and exposed previously hidden vulnerabilities. They will also experience availability and supportability issues, leading to service disruption as older technologies struggle to deal with step changes in performance requirements that newer technologies demand.
Organisations that undertake a digital transformation of any kind must carefully consider the risks that new technologies may bring, as well as how they are going to effectively integrate with legacy or underlying systems.
Preparation must begin now
Information security professionals are facing increasingly complex threats—some new, others familiar but evolving. Their primary challenge remains unchanged; to help their organisations navigate mazes of uncertainty where, at any moment, they could turn a corner and encounter information security threats that inflict severe business impact.
In the face of mounting global threats, organisation must make methodical and extensive commitments to ensure that practical plans are in place to adapt to major changes in the near future. Employees at all levels of the organisation will need to be involved, from board members to managers in non-technical roles.
The threats listed above could impact businesses operating in cyberspace at break-neck speeds, particularly as the use of the Internet and connected devices spreads. Many organisations will struggle to cope as the pace of change intensifies. These threats should stay on the radar of every organisation, both small and large, even if they seem distant. The future arrives suddenly, especially when you aren’t prepared.
Steve Durbin, Managing Director, Information Security Forum