Our CISO, Jim Tiller, answers a question he is asked often, and looks at the biggest cyber threats of the future. This article first appeared on ComputerWeekly.com.
As a CISO and cyber specialist, I am often asked what I see as the big cyber threats of the future. Whilst I’m not a fan of crystal ball gazing for its own sake, nevertheless it can be helpful to think about what may be coming – and what we can do about it.
So here are my four big threats – or what we may more colourfully term the four ‘horsemen of the apocalypse’ – together with some thoughts how we can prepare for them so that it doesn’t actually turn into the end of the world!
With the advent of AI, especially natural language algorithms like ChatGPT, and their access to everything on the internet, combined with the ability to create essentially AI plug-ins for text-to-speech and imagery, very soon we’ll have more virtual humans online than real ones.
Today we have botnets: networks of robots that were surreptitiously installed through malware onto computing systems around the world doing the bidding of cybercriminals. With the power of millions of computers at their disposal, industrious hackers can do everything from mine crypto to offer ransomware as a service to other criminals.
Moving forward, cybercriminals and even nation states will have the ability to mobilize huge swaths of digital people seemingly operating independently but aligned with a larger mission. We see tiny examples of this today with virtual interviews resulting in unintentionally hiring a hacker or spy.
Real humans are and will remain victims to fraud and confidence schemes. Even to this day, email borne attacks, such as phishing, are highly effective. Imagine a world where parents are having interactive video calls with their children asking for money.
But what if that child is actually a digital fake? Given how much information there is about you as an individual, thanks to data breaches and social media posts, very rapidly there will emerge virtual replicas. Versions of you designed to leverage you for a greater gain by crossing ethical boundaries you are not willing to take.
Quantum computing has leapt off the pages of sci-fi into reality and has been actively processing data not just for a few years now, but decades. Many companies have developed quantum computers, but the reason we have yet to see something dramatic is, in many ways, because they all use a different architecture.
It’s like Apple and Microsoft in 1986, separate and completely incompatible. Moreover, thanks to the nuances of quantum mechanics, networking quantum computers has proven to be difficult.
Nevertheless, both these barriers are diminishing rapidly. Soon the race for processing the most qubits will be shortened and accelerated as scientists solve the networking challenge. Overnight, the global human race will have access to thousands if not tens of thousands of qubits.
From a cybersecurity perspective, most encryption will instantly be rendered useless. All of a sudden, your secure transaction to your bank or all the data transmitted over you VPN are no longer protected. In fact, every secure interaction you’ve ever made is likely to have been collected, allowing adversaries to go back and decrypt all those communications. The underlying basis of blockchain crumbles, permitting the ability to rewrite financial history.
As we delve into the world of digital transformation and Web 3.0, the ecosystem of technology is becoming increasingly complex and layered. In the early days computers existed in a single room. Soon, individual computers were able to communicate.
As networks expanded, along with processing speeds and availability of cheap storage, computer applications began to interact, requiring less and less standardization across platforms. With this evolution has come more points of interaction and the ability to leverage specific capabilities from a wider range of technologies, and at different layers of computing.
Today, cybersecurity is just coming to grips with the challenges of third-party and supply chain risk in computing. Companies that are currently undergoing digital transformation will likely not simply have three or four layers of suppliers, but that rather closer to twenty.
Moving forward the combined demand for pace, growth and innovation will require more and more from the computing ecosystem. These pressures will result in greater degrees of specialization in the supply chain causing it to expand rapidly. As such, it will be a primary target of cybercriminals because its manipulation can undermine trust in surface-level computing, permitting hackers to take control of any system without detection.
The role of technology and its importance in the physical world is increasing exponentially and will soon reach a point where computer-related issues, including everything from errors to hackers, will have a tangible impact in the real world.
Today, we’re exploring self-driving vehicles, intelligent power distribution, and automation in industrial control systems, all of which have direct physical interactions with people and places.
As we evolve, increasingly sophisticated technology will not only be embedded into everything from the mundane toaster to the most complex infrastructure but will also be interconnected and operated across a set of automated systems. For example, smart medical devices will become increasingly common and will quickly move beyond tactical monitoring to automated delivery of off the shelf medication, prioritization of emergency services, and even control access to various facilities.
While these capabilities will greatly enhance human services, improve healthcare, and reduce accidents, cyberthreats will target these systems to perform everything from theft to terrorism. Instead of your data being held ransom, hackers may hold your car for ransom, withhold access to your home for money, or deny you medication or emergency services without payment.
In the face of these seemingly insurmountable challenges, is there any light at the end of the tunnel? Thankfully, I believe there is.
For example, many companies are now developing quantum-resistant technologies, such as encryption algorithms, blockchain technology, and communication networks. These may help nullify some of the cyber risks of quantum computing – the challenge will be to develop the strength of the defenses in proportion to the magnitude of the risks as quantum computing takes off.
In relation to the expanding ecosystem, although the supply chain is growing beyond comprehension, there are efforts such as Software Bill of Materials (SBOM), enhanced software updating and patching standards, and even IoT product labeling is being explored. Active expert thinking is being applied to the issue.
When dealing with the future related to smart devices and now, with ChatGPT and its ilk, smart AI, I think we have to change our perspective of how we coexist as companies and individuals with technology. It’s less about being a hard target with strong defenses, and rapidly becoming all about being a resilient target rather than a victim.
With solid planning and preparation, resilience is possible. Be aware of the risks and think ahead of them. Focus on having alternatives, out-of-band options, and, critically, awareness of potential threat capabilities so that your plan B and even plan C aren’t rendered useless.
The cyber future may sound worrying – but at the same time, human ingenuity will also find ways to build new protections and mitigations.
We've launched the 25th Anniversary edition of the Digital Leadership Report. The world's largest and longest running survey of senior technology decision makers.
Download the full report here.