What is next on the threat horizon for 2019: staying one step ahead
Technological revolution is not a new thing; however, the pace at which the revolution is now taking place is unprecedented. Novel technological solutions are churned out every day and there are so many innovative solutions around us that we have probably stopped being amazed by them. Smartphones not only help us keep in touch with our near and dear ones, but they help us in managing literally every important day-to-day task, right from waking us up in the morning to sending important emails and messages, making online payments for utilities, shopping, monitoring health and vitals and even controlling some connected appliances back at office or work. A concept like biometric identification is no more a fantasy but our way of unlocking our mobile phones and intelligent robots with human-like cognitive power are no more restricted to Sci-fi movies. Isn’t the world that we live in currently is amazing?
Yes it is but it’s certainly not where the great minds are stopping. They are putting more resources and intelligent thinking constantly into developing out-of-the-box solutions that can make our lives easier. New age technologies like artificial intelligence (AI), machine learning, big data and internet of things (IoT) are disrupting the pace and nature of technological evolution.
While individuals, businesses and nature –yes, nature too- are all benefitting from the rapid technological advancements, there are also downsides to these advancements. Data proliferation, increasingly growing network of complex technology, stringent regulations and standards, and shortage of skilled personnel who can better understand the new-age technologies and work with them are some of the concerns that are connected with the rapid evolution of technology. Digital and IT systems and solutions become outdated overnight, and companies with extremely ambitious digital transformation plans switch to newest versions or latest tech to stay relevant, up-to-date and in the race amidst cut-throat competition, but emerge more vulnerable and less resilient than ever as new and technologies in their infancy state come with new vulnerabilities.
It’s next to impossible to make our security defences immutable but we can try to learn from our past experiences and use the new-age technologies to our advantage to estimate and understand the nature of looming and emerging threats to be better prepared.
Let’s see some of the potential threats that are likely to surface on the horizon or become more sophisticated as time passes by.
- Manipulation of new-age technologies
New-age technologies like Blockchain, Artificial Intelligence, Internet of Things, Quantum Computing and Machine Learning among others are often touted for their performance and significant benefits. Several companies are not only exploring these technologies for improving their business performance and efficiency but also to strengthen their security defence infrastructure. Blockchain’s inherent audit capabilities and decentralised nature are driving several companies to consider the importance of the technology and deploy it for a strong and secure network. Meanwhile, companies are leveraging machine learning and AI to evaluate their past and existing business operations as well as concerns, including any past security breach instances or business failure to learn from them, improve the processes, resolve the issues and also proactively predict potential vulnerabilities or issues to prevent them effectively.
As effective as these technologies could seem for offering better protection against threats including cyberattacks, their use is not restricted to only the good guys. Attackers are exploiting these technologies too to launch highly sophisticated attacks. Cybercriminals can use AI to create fake audio and video messages, which are extremely difficult to be differentiated from the real content and could be used to spread false news to stoke geopolitical, financial, economic and social tensions. These deepfakes could also be used to extract confidential information by impersonating an influential executive or authority through emails or other mediums.
Cybercriminals can also use generative adversarial networks (GANs), which pitch two neural networks against each other, to understand the algorithms being used in the AI models by the defenders, and then manipulate the same to turn against the defence mechanism of the company or the network to launch an invasion.
Cloud computing, which is widely adopted by so many companies these days, is also a lucrative target for the hackers to invade into the systems of a company and extract confidential data or corrupt the processes. The attacks could have far reaching consequences if the cybercriminals attack a major cloud company that hosts services and information of many companies- big and small. Such instances have already started to occur like the recent revelation by the US government, which accused Chinese hackers of breaching into a company’s network, which managed IT for other firms. The breach, dubbed ‘Cloudhopper’, allegedly allowed the hackers to access computers of 45 companies worldwide across sectors ranging from oil and gas exploration to aviation.
- Drone attacks
Drones or unmanned aerial vehicles (UAVs) are gaining traction as they find applications in the military and commercial sectors. Drones can help with rescue and reconnaissance missions as well as for surveillance, while they can also be used for delivery of food or other small parcels, for delivery of medicines and other important medical supplies to emergency sites and remote areas, for farming and agriculture activities, for construction and land management and many more purposes.
According to a report by Markets and Markets, the global market for drones is anticipated to grow at a CAGR of 14.15% between 2018 and 2025 and reach 52.30 Billion by 2025.
Rules and regulations around drone operations and management are becoming clearer and more structured thereby reducing ambiguity and driving the market for drones further.
But with all the other technologies, drones can also serve as a lethal weapon when in the hands of bad guys. Attackers can hijack drones used for military or commercial purposes to acquire sensitive data of the company or the military organisation operating the drone. Moreover, drones could also be used for conducting more targeted attacks. In mid-May 2019, armed drones attacked two oil giant Aramco-owned oil-pumping stations in Saudi Arabia. The attacks were allegedly carried out by Yemeni rebels.
US government has also been carrying out drone strikes in Northwest Pakistan since 2004, targeting militants in the area; however, these attacks also threaten civilians despite the government claiming that civilian deaths from such attacks are minimal. This highlights how the technology can be used and abused at the same time.
- Breaking encryption with quantum computers
Quantum computing is the new fad that is slowly generating its share of excitement for the companies that are eager to leverage this powerful computing technology. Quantum computers utilise some of the almost-occult laws of quantum mechanics to demonstrably improve the processing power, and have the potential to surpass the power of latest supercomputers. It promises significant advances in the fields of pharmaceuticals research, materials science and data analytics among others.
However, the super processing power of quantum computers could also be a threat as this technology could crack encryption easily thereby exposing sensitive and confidential data and jeopardising the integrity of several operations and businesses that have encrypted their data. In today’s world, encryption is considered as one of the mainstream cybersecurity methods for protecting everything ranging from health records to e-commerce transactions.
While quantum computing is still in its nascent stage, its potential benefits and risks are emerging on the horizons and one has to be well prepared to tackle the potential threats from this computing technology.
A group of quantum experts from the US has already requested the organisations to start adopting latest and more advanced encryption algorithms that are capable of tackling a quantum attack.
Furthermore, the US Defense Information Systems Agency (DISA) is also employing its Other Transaction Authority contracting capability to invite whitepapers on a potential encryption model that can’t be breached by quantum computing.
- Digital cold wars
While companies and nations have their hands on most advanced technologies, they are simultaneously reeling under extreme competition and economic and geo-political situations. To win, organisations and countries are ready to employ as many resources as they can, and new-age technologies like AI, IoT, machine learning among others are already at their disposal. Not only are they investing in these technologies to improve the overall performance, but they are also exploiting these technologies to spy on their competitors to extract confidential information. Nation state-backed espionage cases have already started surfacing and the volume of such illegal actions will only grow as these new technologies advance.
Such technology-backed and company/government-driven espionage will put a lot of confidential and business critical data including intellectual property (IP) at risk and might trigger a digital cold war if the practice of espionage goes rampant.
Cloud services, drones and IoT networks are some of the main targets that the adversaries might target to not only enter into a network and spy but to also sabotage the processes and operations.
Companies/departments involved in the development of new and innovative technologies and solutions could be assumed to be the main targets of the attackers.
- Digital Connectivity
Emergence of the fifth generation (5G) of mobile network and the intensive efforts to roll out the network rapidly could be seen all around the world. IDG forecasts that the market for 5G and 5G-related network infrastructure will grow at a CAGR of 118% between 2018 and 2022 and reach USD 26 billion in 2022. This means that the telecom spectrum will have a new range of available radio frequencies that can connect the previously unconnected devices and will have a significantly high network speed with minimal latency. While deployment of 5G cellular network will increase the digital connectivity considerably, it will also expand the attack surface as more and more devices join the network. With the passage of time, more 5G IoT devices will also connect with the 5G network instead of a Wi-Fi router and expand the endpoints, thereby opening the network to more potential vulnerabilities and threats.
The huge interconnected, high-speed network of the future can be targeted by the adversaries for waging large scale attacks by ingesting parasitic malware into the network that can steal the processing power of the connected systems, deteriorating the performance and even causing a potential shutdown of critical services.
Which side will win?
The quest to develop more advanced, next-generation of sophisticated technologies, coupled with a race to outdo the rivals and the ever-increasing geopolitical tensions and mistrust is giving rise to two sects of people: One, who are trying to harness the capabilities of these technologies to do good and improve our lives and the others, who are trying to exploit the potential of these technologies for their own greed and benefits and in the process causing destruction and mayhem.
Technology in itself is good but it’s the nature of the user that defines the final outcome/consequence of the technology and its future.
There will always be a gap in our security preparedness and the nature and severity of the looming threat, as both defenders and attackers find new ways to harness the power of technologies.