The Information Security Forum (ISF), trusted resource for executives and board members on cyber security and risk management, has announced the organization’s outlook for the top global security threats that businesses will face in 2020. Key threats for the coming year include:
• The Race for Technology Dominance
• Third Parties, Internet of Things (IoT) and the Cloud
In 2020, the pace and scale of change, particularly in terms of technology, will continue to accelerate substantially. People will find themselves caught in a vortex of economic volatility and political uncertainly far beyond the levels experienced in the past. As for organizations, some will prosper, and many will struggle – the key separating component will be the degree to which organizations are able to meet the challenges.
“In today’s hyperconnected world, attack surfaces and interdependencies grow rapidly. As our dependence on technology increases, so does the need for sound risk management, assessment and mitigation increase in line with complexity. By understanding and evaluating how new technology will be rolled out, we can focus on the necessary controls to protect our data,” said Steve Durbin, Managing Director, ISF. “We all have a role to play, from individuals to nation states, if we are to avoid creating or indeed perpetuating new technology development as a domain for confrontation.”
The top threats identified by the ISF for 2020 are not mutually exclusive and can combine to create even greater threat profiles. The most prevalent threats include:
The Race for Technology Dominance – Trade and Government
Technology has changed the world in which we live. Old norms are changing, and the next industrial revolution will be entirely technology driven and technology dependent. In short, technology will enable innovative digital business models and society will be critically dependent on technology to function. Intellectual property will be targeted as the battle for dominance rages. Evidence of fracturing geopolitical relationships started to emerge in 2018 demonstrated by the US and China trade war and the UK Brexit. In 2020, the US and China will increase restrictions and protectionist measures in pursuit of technology leadership leading to a heightened digital cold war in which data is the prize. This race to develop strategically important next generation technology will drive an intense nation-state backed increase in espionage. The ensuing knee jerk reaction of a global retreat into protectionism, increased trade tariffs and embargos will dramatically reduce the opportunity to collaborate on the development of new technologies. The UK’s exclusion from the EU Galileo satellite system, as a result of the anticipated Brexit, is one example. New regulations and international agreements will not be able to fully address the issues powered by advances in technology and their impact on society. Regulatory tit for tat battles will manifest across nation states and, rather than encourage innovation, is likely to stifle and constrain new developments, pushing up costs and increasing the complexity of trade for multinational businesses.
Third Parties, IoT and the Cloud – The Emerging Threat Landscape
A complex interconnection of digitally connected devices and superfast networks will prove to be a security concern as modern life becomes entirely dependent on technology. Highly sophisticated and extended supply chains present new risks to corporate data as it is necessarily shared with third party providers. IoT devices are often part of a wider implementation that is key to the overall functionality of any business. Few devices exist in isolation, and it is the internet component of the IoT that reflects that dependency. For a home or commercial office to be truly ’smart’, multiple devices need to work in cooperation. For a factory to be ’smart’, multiple devices need to operate and function as an intelligent whole. However, this interconnectivity presents several security challenges, not least in the overlap of consumer and operational/industrial technology. Finally, since so much of our critical data is now held in the cloud, opening an opportunity for cyber criminals and nation states to sabotage the cloud, aiming to disrupt economies and take down critical infrastructure through physical attacks and operating vulnerabilities across the supply chain.
Cybercrime – Criminals, Nation States and the Insider
Criminal organizations have a massive resource pool available to them and there is evidence that nation states are outsourcing as a means of establishing deniability. Nation states have fought for supremacy throughout history, and more recently, this has involved targeted espionage on nuclear, space, information and now smart technology. Industrial espionage is not new and commercial organizations developing strategically important technologies will be systematically targeted as national and commercial interests blur. Targeted organizations should expect to see sustained and well-funded attacks involving a range of techniques such as zero-day exploits, DDoS attacks and advanced persistent threats. Additionally, the insider threat is one of the greatest drivers of security risks that organizations face as a malicious insider utilizes credentials to gain access to a given organization’s critical assets. Many organizations are challenged to detect internal nefarious acts, often due to limited access controls and the ability to detect unusual activity once someone is already inside their network. The threat from malicious insider activity is an increasing concern, especially for financial institutions, and will continue to be so in 2020.
“As with any technological era, new threats will develop, and old threats will evolve. Organizations must be fully aware of the risks the new digital world will bring before jumping headfirst into adopting new technologies. A dependency on digital products and services is unavoidable, however, mitigations and preparations can, and must, be made,” continued Durbin. “The coming year will be volatile, but targets will be predictable. Establishing security by design and re-examining cyber resilience will prepare organizations against disruption. Digitization promises much, and development of the next generation of technologies will bring significant benefits to business and society. To survive in the new digital world, organizations will have to adapt. To thrive they must evolve.”
ISF Threat Horizon Reports
Each year, the ISF releases their latest ISF Threat Horizon series of reports, aimed at both senior business executives and information security professionals. These reports are designed to help organizations take a proactive stance to security risks by highlighting challenges in the threat landscape and identifying how the confidentiality, integrity and availability of information may be compromised in the future.