More than 7 out of 10 companies in the United States have suffered a data breach over the past few years, according to Thales.
With seemingly more stories of data breaches popping up, business leaders must decide whether to adopt new technology and risk things going wrong or wait while competitors potentially get ahead.
To help businesses, Security Forum has developed its Threat Horizon 2019 report. It looks at nine threats caused by technology change that organizations may face over the next three years and how to address them.
The threats are grouped into three categories: Disruption, Distortion, and Deterioration.
First, let’s take a look at threats in the Disruption category. These threats are the result of an over-reliance on fragile technology.
- The Internet becomes a target. As tempers flare internationally, Security Forum warns that nation states and terrorist groups will target the Internet to “inflict widespread economic damage on their adversaries.” Companies can thwart potential attacks by looking beyond existing business continuity plans. They must also plan for alternative methods of communication, such as telex, satellite, and microwave.
- Ransomware will evolve. Bad actors could target and exploit connected smart physical devices. Security Forum suggests working with industry associations to lobby for and influence the regulation of minimum security standards to protect Internet of Things devices.
- Insiders will be coerced. “Soft human targets,” after suffering through old-fashioned criminal techniques, will give up mission-critical information. You should identify what the “crown jewels” of your organization are, as well as the people who own and access them.
Next are the Distortion threats, which arise as information integrity dwindles.
- Misinformation becomes credible. Artificially intelligent personas will deliberately spread misinformation that targets commercial organizations. Those organizations must plan for this type of attack in addition to other potential incidents.
- Beware of falsified information. A company’s internal information is more likely to be falsified. These attacks are expected to increase in number, scale, and complexity. To combat this, monitor access and changes to made to sensitive information. Security Forum suggests that federated identity tools and content management systems can mitigate risk.
- Blockchains will be subverted. Blockchain is generally considered secure because of its high levels of encryption. However, Security Forum warns of the possibility that blockchain could be subverted to commit fraud or launder money. “This could result in abandoning the affected blockchain,” they write, “along with the loss of process efficiencies.” They suggest appointing a sponsor or team to consider all the possibilities of adopting blockchain.
Finally, the Deterioration category looks at when regulations and technology erode.
- Corporate secrets exposed. Attackers will exploit the massive reservoirs of data collected by communications providers. Companies must perform a risk assessment to determine the impact of data being lost by a provider.
- Insider threats cannot be accurately monitored. Earlier, Security Forum suggested monitoring insider threats. However, doing so presents a conundrum. Either defy privacy regulations to monitor those people, or stop monitoring them. Seek legal counsel regarding individual profiling.
- AI will have unexpected outcomes. New vulnerabilities will be the result of heading into the unknown with artificial intelligence. Train, recruit, and develop talent in this area to understand and manage these systems.
As we wind down 2018 and head into 2019, keep these nine threats in mind as your business maps out your cybersecurity plan.