Public scrutiny of business leaders is at an all-time high, in part due to massive hacks and data breaches. It’s become progressively clear that hacked organizations will be blamed and held responsible for such events.
Historically, the CFO hasn’t always been viewed as an integral member of the security team at most global organizations. However, given the risks that cybersecurity threats pose in a technology-driven, global economy, today’s CFO must ensure that adequate steps are taken to protect the company’s reputation, stock price, and mission-critical assets.
Accordingly, finance chiefs must understand at all times where information is stored; how it is secured; who might want to steal it; and how they might gain access to it. Additionally, many would argue that CFOs have a duty to disclose to the board of directors the potential impact of cyber-attacks on the company’s financial standing.
Security in the Next Two Years
By 2021, the world will be significantly digitized and connected. The race to develop the next generation of super-intelligent machines will be in full swing, and technology will be even more intertwined with everyday life.
Coupled with heightened global mistrust and rising geopolitical tensions, this will lead to a cyber threat that is relentless, targeted, and disruptive. The operating environment for business will become increasingly volatile.
Vast webs of intelligent devices, combined with increased speeds, automation, and digitization, will create possibilities for businesses and consumers that were previously out of reach.
The Internet of Things (IoT) will continue to develop at an astonishing rate, with sensors and cameras embedded into a range of devices across critical infrastructure. The resulting nexus of complex digital connectivity will prove to be a weakness as modern life becomes entirely dependent on connected technologies. This will amplify existing dangers and create new ones.
Let’s take a look at some of the threats on the horizon and what they mean for companies.
5G Broadens Attack Surfaces
The arrival of 5G, with significantly faster speeds, increased capacity, and lower latency, will change existing operating environments. However, those benefits will come at the expense of an exponential growth of attack surfaces.
5G-enabled devices and networks will be compromised by both new and traditional attacks, causing chaos and plunging businesses into disarray. The impacts from attacks on 5G technologies and infrastructure will be felt across a range of industries that leverage 5G to become more operationally efficient or to automate and speed up processes.
There will be countless opportunities to attack 5G infrastructure, including billions of previously unconnected IoT devices and new private networks. Millions of new 5G-enabled masts, built and operated by a plethora of companies and governments to varying levels of assurance, will have new vulnerabilities exposed and create new ingress points for attackers to exploit.
Critical national infrastructure (CNI), IoT manufacturers, businesses, and citizens will all be heavily or totally dependent on 5G to operate, offering ripe targets for a range of attackers. From nation states aiming to cripple CNI to hackers spying on private networks, 5G technologies and infrastructure will become a key target.
Companies must prepare for the arrival of 5G by understanding how it will be used in their own product offerings and how they might be dependent on 5G networks to operate. Those that successfully prepare will gain significant competitive advantage. Those who get it wrong will find themselves compromised, their operations disrupted and reputations damaged.
Manipulated Machine Learning Sows Confusion
A range of industries will increasingly adopt machine learning systems and neural networks over the coming years in order to help make faster, smarter decisions. They will be embedded into a series of business operations such as marketing, medicine, retail, automated vehicles, and military applications.
The explosion of data from connected sensors, IoT devices, and social media outputs will drive companies to use machine learning to automate processes, with minimal human oversight.
As these technologies begin to underpin business models, they will become a prime target. Attackers will exploit vulnerabilities and flaws in machine learning systems by confusing and deceiving algorithms in order to manipulate outcomes for nefarious purposes.
Impacts will be felt across a range of industries. Malicious attacks may result in automated vehicles changing direction unexpectedly, high-frequency trading applications making poor financial decisions, and airport facial recognition software failing to recognize terrorists. Where machine learning systems are compromised, organizations will face significant financial, regulatory, and reputational damage, and lives will be put at risk.
Nation states, terrorists, hacking groups, hacktivists, and even rogue competitors will turn their attention to manipulating machine learning systems that underpin products and services. Attacks that are undetectable by humans will target the integrity of information. Widespread chaos will ensue for those dependent on services powered primarily by machine learning.
Companies should assess their offerings and dependency on machine learning systems before attackers exploit related vulnerabilities.
Parasitic Malware Feasts on Critical Infrastructure
Parasitic malware — which seeks to steal processing power — has traditionally targeted computers and mobile devices. This type of malware will evolve to target more powerful, industrial sources of processing power. Such sources include industrial control systems (ICS), cloud infrastructures, CNI, and the IoT.
Services will be significantly disrupted and may become entirely unresponsive as the life is sucked out of them.
Unprepared organizations will have a wide (and often unmonitored) attack surface that parasitic malware can target. They will see infected devices constantly running at full capacity, raising electricity costs and compromising functionality. Systems will degrade, in some cases leading to unexpected failure that halts critical services.
Every organization will be susceptible to parasitic malware. However, environments with high power consumption (e.g., power stations, water and waste treatment plants, and data centers) and those reliant on industrial IoT (e.g., computerized warehouses, automated factories, and smart cities) will become enticing targets for malicious attackers, as high-power consumption tends to mask the energy usage of parasitic malware.
Companies should start implementing suitable controls to protect against parasitic malware holistically across the business, including areas that have ICS, IoT, and cloud deployments.
Preparation Begins Now
In the face of mounting global threats, companies must make methodical and extensive commitments to ensure that practical plans are in place to adapt to major changes in the near future. Employees at all levels will need to be involved, from board members to managers in non-technical roles.
The threats listed above could impact businesses operating in cyberspace at break-neck speeds, particularly as the use of the Internet and connected devices spreads. Many organizations will struggle to cope as the pace of change intensifies.
These threats should stay on the radar of all organizations, both small and large, even if they seem distant. The future arrives suddenly, especially when you aren’t prepared.
Steve Durbin is managing director of the Information Security Forum. Previously, he was a senior vice president at Gartner.