By 2021, the world will be significantly digitized and connected.
Competing in the digital marketplace will become increasingly difficult, as businesses
develop new strategies which challenge existing regulatory frameworks and
social norms, enabling threats to grow in speed and precision. Vulnerabilities
in software and applications will be frequently disclosed online with
ever-decreasing time to fix them.Organizations will struggle when one or more of the big tech
giants are broken up, plunging those reliant on their products and services
into disarray. Organizations will rush to undertake overly ambitious digital
transformations in a bid to stay relevant, leaving them less resilient and more
vulnerable than ever.Let’s take a quick look at a few of the threats on the horizon and
what they mean for your organization:
Digital Vigilantes Weaponize
Vulnerability DisclosureVulnerability disclosure will evolve from a predominantly
altruistic endeavor to one that actively damages organizations. Attackers will
search for, and publicly disclose, vulnerabilities to undercut competitors and
destroy corporate reputations. Fraudsters will manipulate financial markets by
releasing exploits at opportune moments. A lack of regulation will lead to a
culture of digital vigilantism whereby vulnerability disclosure is weaponized
for commercial advantage.Organizations will be caught unaware as their vulnerabilities are
disclosed at an accelerated pace, often without knowledge or consent. They will
face unachievable timeframes to fix disclosed vulnerabilities, draining internal
resources. The release of exploit code, the self-propagating nature of some
malware and the interconnectivity of devices could see vulnerabilities
exploited faster than ever before (accelerated by developments in AI) with
major impacts to business.Software providers and organizations that rely on their products
will experience disruption from strategic vulnerability disclosure by rogue
competitors, organized criminal groups and hacktivists. Given the global
dependence on commercial software, the weaponization of vulnerabilities will
have far-reaching consequences for businesses and their customers alike.Dealing with zero-day vulnerabilities should be business as usual
for organizations. However, as vulnerability disclosure becomes weaponized this
will require re-evaluation of current approaches to patch management, threat
intelligence and resilience.Big Tech Break Up Fractures Business
ModelsThe big tech giants are currently at a crossroads. Both the public
and regulators will continue to demonstrate concern that the dominance of a few
big players is not healthy for either society or business. This will result in
the forced break up of one or more of the big tech giants, significantly
disrupting organizations that are dependent on them. Product and service
offerings will be fractured and organizations will scramble to sustain
operating models.If big tech giants are forced to change, so will business. Organizations
will need to find new vendors for a range of products and services, potentially
having to use the services of unproven companies located in areas of the world
with divergent regulatory approaches. There will be a period of significant
turbulence in IT operations. Hundreds of systems will need to be replaced, with
terabytes of data repatriated and thousands of contracts renegotiated,
fracturing long-term IT strategies.During this time of intense change, information security will be
stretched to its limit. New and existing services will need to be assessed, as
business continuity and recovery processes need to be revised and data needs to
be transferred in a timely, secure manner. Meanwhile, amid this period of
turbulence, malicious actors will seek out and prey on vulnerable,
transitioning organizations.Organizations should evaluate overall dependencies on the big tech
giants to ensure that if one of them is broken up risk can be mitigated.Rushed Digital Transformations
Destroy TrustOrganizations will rush to conduct digital transformation programs
in order to stay relevant in the marketplace – winners will dominate
industries, losers will be left behind. However, as organizations race to adopt
cutting-edge technology to digitize and automate, hurried and weak integration
with underlying, legacy systems will lead to disastrous outcomes.Organizations will create new applications, deploy AI and other
tools (using different protocols and technology) which are expected to work
seamlessly with existing and legacy systems. Consumers and dependent supply
chains will lose trust in organizations that do not integrate systems and
services effectively. Digital transformations will attract the attention of
opportunistic attackers, who will target transitioning organizations that hold
sensitive information, such as credit cards or personal details, exploiting new
vulnerabilities as they are introduced.Organizations that have built digital transformation programs on
top of legacy systems will find that they have introduced new attack vectors
and exposed previously hidden vulnerabilities. They will also experience
availability and supportability issues, leading to service disruption as older
technologies struggle to deal with step changes in performance requirements
that newer technologies demand.Organizations that undertake a digital transformation of any kind
must carefully consider the risks that new technologies may bring, as well as
how they are going to effectively integrate with legacy or underlying systems.The Future is Here. Are You Prepared?In the face of mounting global threats, organization must make
methodical and extensive commitments to ensure that practical plans are in
place to adapt to major changes in the near future. Employees at all levels of
the organization will need to be involved, from board members to managers in
non-technical roles.The threats listed
above could impact businesses operating in cyberspace at break-neck speeds,
particularly as the use of the Internet and connected devices spreads. Many
organizations will struggle to cope as the pace of change intensifies. These
threats should stay on the radar of every organization, both small and large,
even if they seem distant. The future arrives suddenly, especially when you
aren’t prepared.About the AuthorSteve Durbin is Managing Director of the Information Security Forum (ISF).
There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]
It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
