Cyber criminals always seem to be one or two ahead of cybersecurity professionals, finding new and innovative ways to perform malicious attacks on high-value data assets around the world. From phishing attacks to implanting malware and ransomware, these criminals constantly keep cybersecurity experts on their toes.
As more and more enterprises look to cybersecurity as a service to continuously assess internal security vulnerabilities and threats, some of these oversight errors may be missed, leading to ongoing damage to business continuity and reputation. In fact, cyber threats are evolving in such a way that companies could fall far behind and be exposed to threats in the future. Here’s a look at how things could play out in the months and years ahead…
The threat to high-powered computing
With the major tech companies planning to deliver high-performance quantum computing hardware, this could pose a risk to traditional cybersecurity and encryption. The White House had warned that some of these premium computing devices could potentially break open public-key cryptography. For now, the encryption is strong enough, but cybercriminals will also have access to quantum computing, which could then challenge existing cryptography protocols.
Imagine the possibility of a state-sponsored hacking effort of our neighborhood? Gaining access to a rogue organization with quantum computing capabilities to commit cyber espionage or decrypt encrypted data stolen in the past is no longer science fiction. They can easily break passwords and other cybersecurity to install ransomware or other malware.
The soft underbelly of supply chains
The Russian intelligence attack on SolarWinds is still fresh in the mind of how hackers can break into the software building process and infect legitimate things with malware updates. We can assume that this may have been a trailer of what lies ahead, given the predilection for the SaaS and cloud-based technology solutions.
The challenge then is that it is not enough to make your network resilient to cyber attacks. If one supplier’s network is broken into, they are virtually in your living room. The ‘secure by design’ concept is a means of improving security, but as cybersecurity budgets come under more pressure, this soft underbelly of the software supply chain will remain visible for some time to come.
The IoT rigmarole
Connected devices are seen as the next stage of the scope of our lives over the internet. We could be talking about large factories with IoT devices that control the output or hospitals that manage healthcare with wearable technology or a simple household where most of the devices are connected through an Alexa or Google Nest.
No one doubts their effectiveness, but the challenge of cyber-attacks must also be considered, as the fact remains that most IoT devices are insecure. If one of the devices is exposed to the public internet, criminals can exploit poor security controls to gain access to the network. There was a report on how hackers monitored an IoT fish tank and stole customer data from a casino.
The dark and deep world of deepfakes
Business-Email Compromise has been described by the FBI as one of the costliest for businesses and governments around the world. Email hacking is as old as the Internet and email, although every year criminals are finding newer and more creative ways to trick users into submitting their personal information, stealing mountains of data.
While people are more suspicious of emails from sources they don’t know directly, deepfakes make it possible for them to be convinced when they come face to face with the real person, appearing or sounding like the one who they know. The FBI has asked people to be vigilant against such deepfakes who also apply remotely.
The biggest threat of all, however, is the severe shortage of skilled personnel in the security functions, which is only getting worse by the month.