Grave new world: three potentially terrible future scenarios for cybersecurity
When it comes to the future of the internet and our society there are plenty of reasons to be positive. We’re becoming increasingly connected with people all over the world, innovations are coming faster than ever, small businesses and start-ups are booming, the average person now has a platform, social and political change is being spurred by hashtags, and new technology is routinely improving quality of lives, not to mention saving them.
If you’re thinking to yourself here comes the but, well…here comes the but. Our ever-increasing connectivity and reliance on online services and technologies comes with an ever-growing list of cybersecurity vulnerabilities. The future will be here faster than we think, and right now it’s looking scarily insecure. Here are three major looming cybersecurity issues that could be coming up in a future that will be here sooner rather than later.
To think that governments aren’t already heavily involved in cyberattacks and intrusions is to be very naïve indeed. Whether it’s the North Korean government-linked Lazarus Group allegedly launching DDoS attacks at the South Korean government, hacking Sony Pictures or causing the global WannaCry ransomware epidemic, Russian hackers allegedly hacking White House computers and the US State Department as well as interfering with the Brexit vote, the Chinese government DDoSing the websites of the democratic movement in Hong Kong, or any of the other myriad attacks tied to a nation, the situation is crystal clear. Nation-states are using cyberattacks to take aim at other nations and organizations, and as attack capabilities become more sophisticated, the damage has the potential to become truly devastating.
In February of 2016 Russia’s top cyber official announced at the Russian National Security Conference that Russia was developing new strategies for the so-called information arena that he equated to testing a nuclear bomb, and which he claimed would allow Russia to talk to the Americans as equals. Going beyond data theft, September of 2016 saw a series of attacks on power grids in the United States and Europe that could have allowed attackers to induce blackouts. Just recently, in July of 2017, a country-wide attack on the Ukraine that came to be called a Massive Coordinated Cyber Invasion – a term that had to be invented to reflect the scale of the attack – hit the country’s power grid, postal service, banks, government ministries, mobile providers and media organizations in addition to the Kiev airport and Chernobyl power plant, grinding nearly an entire nation to a halt while officials struggled to get the attack under control.
This is what’s already occurring. Future state-sponsored cyberattacks will likely continue to be motivated by financial or informational gain, but could soon devolve into even more attacks on critical infrastructure that would not only cause widespread chaos but could potentially result in the loss of human life. A week-long attack on an east coast power grid in the winter, for instance, could very well be deadly. This could bring about the beginning of the cyber warfare many already fear.
Emerging technologies increase attacker opportunities
The emergence of technologies like the Internet of Things and artificial intelligence have been much ballyhooed, but while each represents a massive step forward, they are all accompanied by tremendous cybersecurity risks to institutions as well as individuals.
The Internet of Things and its billions of poorly secured devices have already given cybercriminals an easy way to assemble massive DDoS botnets. It’s also already given cybercriminals easy access points to the institutions and households using them, and the data and other sensitive imagery and information contained within. As IoT devices get more impressive and, it must be said, more pervasive, the risks are only going to increase. Security researchers have already hacked a smart car and run it off the road, and medical companies like Johnson & Johnson and St. Jude have had to issue dire security warnings about insulin pumps and cardiac devices, respectively. As our lives become smarter, IoT cybersecurity needs to find a way to keep pace, otherwise we could find ourselves in a world where lives are lost due to incidents like DDoS attacks on pacemakers or sudden hacker-induced accelerations of a smart car.
And while killer robots being a reality may still be a ways off (hopefully), 62% of security experts do believe AI will be weaponized for cyberattacks at some point in the next 12 months – unwelcome news for an already beleaguered internet.
A stark divide between the cybersechaves and have-nots
There’s already a significant cybersecurity workforce shortage – one million people worldwide in 2016. This means that in the face of mounting data breach, ransomware, malware, hacking, phishing, DDoS and all other cyber threats, many organizations are already struggling to hire and retain the cybersecurity staff they need.
The threats are set to get worse, the shortage is set to get bigger, and it stands to reason that there will come to be a major advantage for the organizations that can successfully staff a security operations center, and a major disadvantage for the ones that can’t. This could make it much harder for new businesses to succeed, and make it almost impossible for organizations in developing nations to gain any sort of foothold in our online world. This could lead to a reality in which powerhouse enterprises in powerhouse nations essentially rule the economy while anyone else struggles to keep their heads above water in a tsunami of cyberattacks.
While unique, these three impending scenarios have one overarching theme, and it isn’t just something wicked this way comes. The issue underpinning each of these dystopian future scenarios is an overwhelmed and understaffed cybersecurity industry. In order to survive governments on the attack and the vulnerabilities of new technologies and to eliminate the impending disparity, it’s going to take a lot more cybersecurity personnel than we currently have, and a lot more cooperation between the public sector, private sector and individual internet users.