The massive SolarWinds breach made it crystal clear that the cybersecurity threat only gets worse with time because the tools are more sophisticated, and the stakes are higher.
NOTE! According to Forrester, businesses are taking cybersecurity more seriously as enterprises are predicted to spend $12.6B on cloud security tools only, by 2023, up from $5.6B in 2018. The global cybersecurity market is estimated to grow to $270B by 2026, up from $173B in 2020.
Here is what to expect for the future of cybersecurity in the next 3-5 years.
Deep Fakes & CEO Frauds
We already know that complex voice generators can trick security software used to verify identity. A slow but steady rise in audio deep fakes that are being used in subversive activities (like CEO frauds) have also been reported. Given enough material, AI programs can learn and generate convincing fake pictures and videos that can be used to compromise organizations or individuals.
Over the next three to five years, we can expect for this to expand to video deep fakes. These tampered videos can be extremely disruptive to organizations especially from a PR angle. For instance, imagine your CEO saying something controversial that might impact how your organization is perceived.
By the time you make public that the video is fake, the damage done to your company’s reputation could be irreversible.
Protection from these fraudulent attempts will require security software to embrace AI and Machine Learning to help analyze and identify what is real and prevent leaking what is fake before it becomes an external threat.
Supply Chain Attacks
In the SolarWinds breach, the attackers were able to compromise the update process of a widely used piece of software: the Orion Platform. This was a supply chain attack – a devastating type of cyber aggression. Basically, by compromising the vendor, hackers may get access to all the vendor’s customers.
Any software company is a potential target. When it comes to hackers, especially state actors, they have the resources and skill sets necessary to orchestrate supply chain attacks, being able to penetrate even the most resourceful organizations.
Cybersecurity vendors can fall victim to such complex attacks too. In the SolarWinds case, beside about 100 organizations and 9 government agencies, another targeted company was FireEye, one of the most popular cybersecurity vendors in the industry. FireEye representatives said the attackers did not get into customer-facing systems, as they only got access to penetration tools used for security testing. But the fact that a company like FireEye got hit is disturbing because if these vendors are potentially vulnerable, most likely every vendor is.
In November 2020, another leading cyber security company, Sophos, suffered a data breach that exposed private customer information.
NOTE! Last year, security vendor ImmuniWeb revealed that 97% of the world’s top 400 cybersecurity companies had data leaks or other security incidents exposed on the dark web – and that 91 companies had exploitable website security vulnerabilities.
Supply chain attacks do not represent a new method. In 2011, RSA Security admitted that its SecurID tokens were hacked, exposing some of their customers including aerospace, arms, defense, security, and advanced technologies company – Lockheed Martin.
5G networks will take connectivity to the next level by increasing workforce mobility, enabling more robust automation, improving existing applications and unlocking others.
However, 5G technology will introduce advances throughout the network architecture, allowing new capabilities, but also expanding the threat surface opening the door to cyber criminals attempting to infiltrate the network. It also challenges cybersecurity teams with the issue of having to quickly learn how to identify and mitigate threats faster and without impacting the latency or user experience.
More Regulatory Complexity
As businesses are becoming increasingly digitized and more innovations come to market, regulators are going to have to respond and try to understand the impact of these technology innovations on both customer and business sides, and this will likely be expressed as laws.
Preparing for these types of trends is therefore crucial to gaining an advantage over hackers.
While 2020 has proved that we cannot predict the future, there are, however, strategic areas where organizations need to start looking at and preparing defenses. Use these trends as starting point to create a cybersecurity plan to best protect your organization. If you are not sure where to start, contact us today for professional IT security services.