By 2021, the world will be significantly digitized and connected. Competing in the digital marketplace will become increasingly difficult, as businesses develop new strategies which challenge existing regulatory frameworks and social norms, enabling threats to grow in speed and precision. Vulnerabilities in software and applications will be frequently disclosed online with ever-decreasing time to fix them.
Organizations will struggle when one or more of the big tech giants are broken up, plunging those reliant on their products and services into disarray. Organizations will rush to undertake overly ambitious digital transformations in a bid to stay relevant, leaving them less resilient and more vulnerable than ever.
Let’s take a quick look at a few of the threats on the horizon and what they mean for your organization:
Digital Vigilantes Weaponize Vulnerability Disclosure
Vulnerability disclosure will evolve from a predominantly altruistic endeavor to one that actively damages organizations. Attackers will search for, and publicly disclose, vulnerabilities to undercut competitors and destroy corporate reputations. Fraudsters will manipulate financial markets by releasing exploits at opportune moments. A lack of regulation will lead to a culture of digital vigilantism whereby vulnerability disclosure is weaponized for commercial advantage.
Organizations will be caught unaware as their vulnerabilities are disclosed at an accelerated pace, often without knowledge or consent. They will face unachievable timeframes to fix disclosed vulnerabilities, draining internal resources. The release of exploit code, the self-propagating nature of some malware and the interconnectivity of devices could see vulnerabilities exploited faster than ever before (accelerated by developments in AI) with major impacts to business.
Software providers and organizations that rely on their products will experience disruption from strategic vulnerability disclosure by rogue competitors, organized criminal groups and hacktivists. Given the global dependence on commercial software, the weaponization of vulnerabilities will have far-reaching consequences for businesses and their customers alike.
Dealing with zero-day vulnerabilities should be business as usual for organizations. However, as vulnerability disclosure becomes weaponized this will require re-evaluation of current approaches to patch management, threat intelligence and resilience.
Big Tech Break Up Fractures Business Models
The big tech giants are currently at a crossroads. Both the public and regulators will continue to demonstrate concern that the dominance of a few big players is not healthy for either society or business. This will result in the forced break up of one or more of the big tech giants, significantly disrupting organizations that are dependent on them. Product and service offerings will be fractured and organizations will scramble to sustain operating models.
If big tech giants are forced to change, so will business. Organizations will need to find new vendors for a range of products and services, potentially having to use the services of unproven companies located in areas of the world with divergent regulatory approaches. There will be a period of significant turbulence in IT operations. Hundreds of systems will need to be replaced, with terabytes of data repatriated and thousands of contracts renegotiated, fracturing long-term IT strategies.
During this time of intense change, information security will be stretched to its limit. New and existing services will need to be assessed, as business continuity and recovery processes need to be revised and data needs to be transferred in a timely, secure manner. Meanwhile, amid this period of turbulence, malicious actors will seek out and prey on vulnerable, transitioning organizations.
Organizations should evaluate overall dependencies on the big tech giants to ensure that if one of them is broken up risk can be mitigated.
Rushed Digital Transformations Destroy Trust
Organizations will rush to conduct digital transformation programs in order to stay relevant in the marketplace – winners will dominate industries, losers will be left behind. However, as organizations race to adopt cutting-edge technology to digitize and automate, hurried and weak integration with underlying, legacy systems will lead to disastrous outcomes.
Organizations will create new applications, deploy AI and other tools (using different protocols and technology) which are expected to work seamlessly with existing and legacy systems. Consumers and dependent supply chains will lose trust in organizations that do not integrate systems and services effectively. Digital transformations will attract the attention of opportunistic attackers, who will target transitioning organizations that hold sensitive information, such as credit cards or personal details, exploiting new vulnerabilities as they are introduced.
Organizations that have built digital transformation programs on top of legacy systems will find that they have introduced new attack vectors and exposed previously hidden vulnerabilities. They will also experience availability and supportability issues, leading to service disruption as older technologies struggle to deal with step changes in performance requirements that newer technologies demand.
Organizations that undertake a digital transformation of any kind must carefully consider the risks that new technologies may bring, as well as how they are going to effectively integrate with legacy or underlying systems.
The Future is Here. Are You Prepared?
In the face of mounting global threats, organization must make methodical and extensive commitments to ensure that practical plans are in place to adapt to major changes in the near future. Employees at all levels of the organization will need to be involved, from board members to managers in non-technical roles.
The threats listed above could impact businesses operating in cyberspace at break-neck speeds, particularly as the use of the Internet and connected devices spreads. Many organizations will struggle to cope as the pace of change intensifies. These threats should stay on the radar of every organization, both small and large, even if they seem distant. The future arrives suddenly, especially when you aren’t prepared.
About the AuthorSteve Durbin is Managing Director of the Information Security Forum (ISF).