Cybercriminals always seem to be a step or two ahead of cybersecurity professionals, finding new and innovative ways to conduct malicious attacks on high value data assets across the world. From phishing attacks to implanting malware and ransomware, these criminals are constantly keeping the cyber security experts on their collective toes.
As more and more enterprises seek cyber security as a service to continuously review internal security vulnerabilities and threats, some of these flaws could be missed in oversight resulting in persistent damage to the business continuity as well as reputation. In fact, cyber threats are evolving in a way where businesses could be left far behind and exposed to threats in future. Here’s a look at how things may pan out over the next few months and years…
The threat to high powered computing
With the large technology companies planning to deliver high-powered quantum computing hardware, could pose a risk to traditional cyber security and encryption. The White House had warned that some of these top notch computing devices can potentially break open public-key cryptography. For now, the encryption is strong enough but cyber criminals too will have access to quantum computing, which may then challenge existing cryptography protocols.
Imagine the possibility of a nation state-backed hacking efforts from our neighborhood? Getting access to some rogue organization with quantum computing capabilities to commit cyber espionage or decode encrypted data stolen in the past is no more science fiction. They could easily breach passwords and other cyber defenses to install ransomware or other malware.
The soft underbelly of supply chains
The attack by Russian Intelligence on SolarWinds is fresh in our minds of how hackers can break into the software-building process and infect legitimate stuff with malware updates. We can assume that this was possibly a trailer of what’s in store, given the penchant for the SaaS and cloud-based technology solutions.
The challenge then is that having one’s network resilient to cyber attacks doesn’t suffice. If one supplier gets their network broken into, then they are virtually into your living room. The secure by design concept is a means to enhance safety, but with cybersecurity budgets facing more pressure, this soft underbelly of the software supply chain will remain exposed for some time.
The IoT rigmarole
Connected devices are perceived as the next stage of the Internet’s purview of our lives. We may talk about large factories with IoT devices controlling output or hospitals managing healthcare using wearable technology or a simple household where most devices are connected using an Alexa or Google Nest.
Nobody doubts their efficacy, but the challenge of cyberattacks needs to be factored in too, because the fact remains that most IoT devices are unsafe. If one of the devices is facing the public internet, criminals can exploit poor security controls to gain access to the network. There was a report of how hackers controlled an IoT fish tank and stole customer data from a casino.
The dark and deep world of deepfakes
Business and email compromise has been described by the FBI as amongst the costliest for businesses and governments worldwide. Email hacking is as old as the internet and email though each year criminals find newer and more creative ways to trick users into submitting their personal information, using which they steal mounds of data.
Though people are more suspicious of emails from sources they do not know directly, deepfakes make it possible for them to be convinced if they’re face to face with the real person, who is shown or sounds like the one they know. The FBI has asked people to be vigilant against such deepfakes who apply for remote jobs as well.
However, the biggest threat of them all is the abject shortage of trained staff in the security roles, one that is only getting worse with each passing month.