The first year of the 2020s is barely halfway over, and it has already been one wild ride. If you’ve had more than a passing moment to catch your breath over the past six months, consider yourself fortunate.
Unfortunately, the world doesn’t stop for the weary. As we look with trepidation and perhaps a glimmer of hope at what the second half of the year could bring, we need to turn our gaze a bit higher on the horizon. That’s right: it’s time to begin thinking ahead to 2021.
The question on every CISO’s mind these days, of course, is whether the current cyber security toolkit is robust enough to deal with the emerging threat landscape — a landscape that grows darker and more complex by the month.
Many corporate leaders understand the multitude of threats that the coming year will bring. And that surely includes some at your peer and competitor organizations — organizations yours risks falling behind without proper preparation. Fortune favors the prepared, and if you don’t count yourself among them, your 2021 could make 2020 look like a walk in the park.
As you look ahead to January, it goes without saying that your organization needs to invest in a comprehensive cyber protection solution that keeps you one step ahead of those who’d do you harm. This cyber protection solution should have five key pillars:
Knowledge is power, as the saying goes. Let’s take an unsparing look at eight emerging threats your company could well contend with in 2021 and beyond, and the solutions you can begin preparing to implement today to lessen their impact on your operations.
The “poison,” injected by attackers at a key point in the learning process, feeds bad data to the program and throws its evolution into a cocked hat. The program learns the wrong lesson, literally, from the data set, with wildly unpredictable (and possibly dangerous) results.
The solution: Nextgov has a detailed overview of efforts to combat AI poisoning attacks. Because the science of AI poisoning (and, honestly, AI itself) remains in its infancy, there’s much we don’t know. But it’s in your interest to learn everything you can about what very well could be a major cyber threat in 2021 and beyond.
Aided by AI, the next generation of ransomware effortlessly evades malware detection programs and spreads within networks. Fortunately, while difficult to prevent, ransomware attacks are easy to mitigate.
The solution: Relentlessly back up your organization’s mission-critical data, systems, and applications so that you can walk away from an infected machine without paying the ransom. Your cyber protection solution can help.
Chances are, you’re correct: it’s not real. It’s a deepfake created by sophisticated algorithms that seamlessly splice audio and video to create new realities.
The implications are obvious and terrifying; your organization’s reputation can’t sustain a direct (if dishonest) assault on its leader’s integrity.
The solution: The bad news is that there’s no good defense against deepfakes — the best strategy is rapid response. The good news, for now, is that most deepfakes occupy the “uncanny valley” between obvious falsehood and indistinguishable reality. Get a response ready quickly — with true, verifiable audio and video to prove it, if possible — and your audience will most likely accept it.
The solution: Block and report. Block and report. Block and — you get the idea. Never hesitate to report fraudsters to social media platforms’ fraud departments; it’s their job to investigate and deactivate fraudulent accounts. And always activate two-factor authentication to keep your true accounts safe.
Recent history presents many more examples of nation state attacks that resulted in serious economic and reputational harm, like the 2014 Sony Pictures hack for which the North Korean government is widely believed to be responsible.
For organizations like yours, the nation state threat is likely to be both lower-key and more menacing. Small and midsize businesses don’t get much press when they’re compromised unless said compromise is part of a larger attack that sweeps up bigger companies or governments. Protection is paramount.
The solution: Let’s be perfectly clear: If a nation state actor wants to compromise your company’s network, it’ll find a way to do so. But it’s rarely the case that a nation state actor sets out to compromise a random company’s network (unless that network holds unusual value). More often, small and midsize businesses suffer collateral damage in nation state attacks; some of the most destructive global worm attacks were thought to originate with nation state actors. If your cyber protection solution is primed to detect emerging threats, you’ll stand a much better chance of parrying the next nation state attack that could otherwise lay you low.
Zero day exploits basically lurk in the shadows, undetected by the cybersecurity professionals tasked with keeping new hardware and software safe. The suspected existence of any given zero day exploit — which, again, may or may not be real — is the subject of a tense and shadowy battle between “black hat” and “white hat” hackers.
Both share a common objective: to root out zero day exploits. But their motives are very different. The black hats want to find and, well, exploit the zero day exploit, wreaking havoc among the compromised systems’ users. White hats want to find the exploit first and warn the manufacturer, giving it time to deploy a patch that prevents black hats from doing their thing.
The solution: Alway patch your systems. Yes, it feels like a drag on resources, but rest assured it’s one of the least intrusive and most effective measures you can take to shore up your cyber defenses. Even if you lack a dedicated IT team, assign a process owner with the responsibility of monitoring and deploying patches as soon as they become available.
That’s mostly because the information insiders can cull from vulnerable organizations is more valuable with each passing month. A well-respected study (reported here by IT Europa) found that cybercrime’s total economic production would make it the world’s third-largest economy were it a nation-state of its own. (Hey, give it time.) In other words: there are many places your disgruntled employees can offload information pilfered from your servers.
The solution: Vigilance is vital. Unfortunately, insider threats are notoriously difficult to defend against. While a comprehensive cyber protection solution can certainly prove decisive in dodgy situations, it’s not foolproof against a determined insider who knows precisely how your systems work and has the credentials needed to access the entire kingdom.
What can you do to protect against determined insiders? The best defense is to control permissions as tightly as possible. No matter how much you trust any given member of your team, you can’t give them an inch more than they need to do their job effectively.
Massive DDoS attacks can take major organizations offline and affect countless users. The GitHub attack of 2018 remains the biggest to date. Although GitHub survived, it was unusually well prepared to do so, and there’s no guarantee that your organization will find itself so lucky.
The solution: By the time you realize your organization is under attack, it may be too late. Monitor incoming traffic closely to ferret out evidence of low-volume “probing” attacks that discover your weaknesses and set the stage for more devastating violations. And coordinate closely with your cyber protection vendor to mitigate the fallout from a potential attack. It’s never too early to discuss mitigation, after all.
Laugh now. Ten years from now, half your team (or more) will be Gen Z.
Generations come and go, of course, and we shouldn’t get too worked up over what the kids are up to these days. The human comedy finds a way to keep on.
Unfortunately, the same rules don’t apply to the cyber threat landscape. We’re seeing the same generational shift in the world of digital security without the familiar human component that makes such change (mostly) bearable.
No — for organizations and individuals alike, the new crop of cyber threats represents nothing less than an existential peril. Those unwilling or unable to take measures to stay one step ahead of malicious actors and their increasingly autonomous malware could well find themselves pushed to the brink of extinction in the years to come.
That’s why it’s absolutely vital that you listen to the experts and add a comprehensive cyber protection solution to your security posture. It’s essential that you add knowledgeable cybersecurity experts to your team (or retain external cybersecurity professionals if you can’t afford to hire them directly). And it’s critical that you run a range of compromise scenarios, (including worst-case situations that make you queasy just to think about) to prepare for what could be on the horizon.
You’ve worked too hard to build what’s yours. Don’t let a preventable digital threat take it from you.
Unfortunately, the world doesn’t stop for the weary. As we look with trepidation and perhaps a glimmer of hope at what the second half of the year could bring, we need to turn our gaze a bit higher on the horizon. That’s right: it’s time to begin thinking ahead to 2021.
The question on every CISO’s mind these days, of course, is whether the current cyber security toolkit is robust enough to deal with the emerging threat landscape — a landscape that grows darker and more complex by the month.
Many corporate leaders understand the multitude of threats that the coming year will bring. And that surely includes some at your peer and competitor organizations — organizations yours risks falling behind without proper preparation. Fortune favors the prepared, and if you don’t count yourself among them, your 2021 could make 2020 look like a walk in the park.
As you look ahead to January, it goes without saying that your organization needs to invest in a comprehensive cyber protection solution that keeps you one step ahead of those who’d do you harm. This cyber protection solution should have five key pillars:
- Safety: Your solution must ensure that reliable copies of all mission-critical data, systems, and applications are available to your team at all times.
- Accessibility: Your entire technological footprint must be accessible from anywhere, at any time, with no tolerance for interruptions or corruption.
- Privacy: You must have complete and total control over who has access to your digital access and visibility into the same, with no compromises allowed.
- Authenticity: You must be able to create and demand verifiable and undeniable proof that a copy is a precise, faithful replica of the original.
- Security: You must be able to protect your entire technological apparatus against the fast-moving, ever-changing threat landscape that’s coming in 2021 and beyond.
Knowledge is power, as the saying goes. Let’s take an unsparing look at eight emerging threats your company could well contend with in 2021 and beyond, and the solutions you can begin preparing to implement today to lessen their impact on your operations.
1. AI Poisoning Attacks
The threat: It sounds like a concept ripped from a pulp science fiction book, but don’t roll your eyes: AI poisoning holds devastating potential for organizations that depend on machine learning programs.The “poison,” injected by attackers at a key point in the learning process, feeds bad data to the program and throws its evolution into a cocked hat. The program learns the wrong lesson, literally, from the data set, with wildly unpredictable (and possibly dangerous) results.
The solution: Nextgov has a detailed overview of efforts to combat AI poisoning attacks. Because the science of AI poisoning (and, honestly, AI itself) remains in its infancy, there’s much we don’t know. But it’s in your interest to learn everything you can about what very well could be a major cyber threat in 2021 and beyond.
2. Increasingly Sophisticated Ransomware
The threat: Ransomware is a big business for cybercriminals large and small. It’s only getting bigger, despite growing awareness of the threat and ever more sophisticated and aggressive means to combat it.Aided by AI, the next generation of ransomware effortlessly evades malware detection programs and spreads within networks. Fortunately, while difficult to prevent, ransomware attacks are easy to mitigate.
The solution: Relentlessly back up your organization’s mission-critical data, systems, and applications so that you can walk away from an infected machine without paying the ransom. Your cyber protection solution can help.
3. Deepfake Audio and Video
The threat: In the past year or two, you’ve probably seen a video that makes you stop and think, “Wow — that can’t possibly be real.”Chances are, you’re correct: it’s not real. It’s a deepfake created by sophisticated algorithms that seamlessly splice audio and video to create new realities.
The implications are obvious and terrifying; your organization’s reputation can’t sustain a direct (if dishonest) assault on its leader’s integrity.
The solution: The bad news is that there’s no good defense against deepfakes — the best strategy is rapid response. The good news, for now, is that most deepfakes occupy the “uncanny valley” between obvious falsehood and indistinguishable reality. Get a response ready quickly — with true, verifiable audio and video to prove it, if possible — and your audience will most likely accept it.
4. Spoof Accounts and Social Media Disinformation
The threat: This is another emergent “soft” threat that could present an existential threat to your organization. With off-the-shelf technology and a subtle character shift in the handle, creating spoof social media accounts is not difficult. Making said accounts believable for more than a few posts or tweets is another matter, but that’s not really the game — it’s the immediate, visceral hit to your reputation that should keep you up at night.The solution: Block and report. Block and report. Block and — you get the idea. Never hesitate to report fraudsters to social media platforms’ fraud departments; it’s their job to investigate and deactivate fraudulent accounts. And always activate two-factor authentication to keep your true accounts safe.
5. Nation State Attacks
The threat: This is by no means a new threat. We saw what a loosely organized nation-state attack did to the 2016 U.S. elections. That attack, executed on a shoestring budget, quite literally changed the course of history.Recent history presents many more examples of nation state attacks that resulted in serious economic and reputational harm, like the 2014 Sony Pictures hack for which the North Korean government is widely believed to be responsible.
For organizations like yours, the nation state threat is likely to be both lower-key and more menacing. Small and midsize businesses don’t get much press when they’re compromised unless said compromise is part of a larger attack that sweeps up bigger companies or governments. Protection is paramount.
The solution: Let’s be perfectly clear: If a nation state actor wants to compromise your company’s network, it’ll find a way to do so. But it’s rarely the case that a nation state actor sets out to compromise a random company’s network (unless that network holds unusual value). More often, small and midsize businesses suffer collateral damage in nation state attacks; some of the most destructive global worm attacks were thought to originate with nation state actors. If your cyber protection solution is primed to detect emerging threats, you’ll stand a much better chance of parrying the next nation state attack that could otherwise lay you low.
6. Zero Day Exploits
The threat: Zero day exploits aren’t new either. At least, the concept of the zero day exploit isn’t new or novel. But the specific threats change constantly — that’s what makes them so dangerous.Zero day exploits basically lurk in the shadows, undetected by the cybersecurity professionals tasked with keeping new hardware and software safe. The suspected existence of any given zero day exploit — which, again, may or may not be real — is the subject of a tense and shadowy battle between “black hat” and “white hat” hackers.
Both share a common objective: to root out zero day exploits. But their motives are very different. The black hats want to find and, well, exploit the zero day exploit, wreaking havoc among the compromised systems’ users. White hats want to find the exploit first and warn the manufacturer, giving it time to deploy a patch that prevents black hats from doing their thing.
The solution: Alway patch your systems. Yes, it feels like a drag on resources, but rest assured it’s one of the least intrusive and most effective measures you can take to shore up your cyber defenses. Even if you lack a dedicated IT team, assign a process owner with the responsibility of monitoring and deploying patches as soon as they become available.
7. Insider Threats
The threat: At the risk of sounding like a broken record, the insider threat is yet another not-new threat for 2021. However, and this is a big however, insider threats are growing more sophisticated and aggressive all the time.That’s mostly because the information insiders can cull from vulnerable organizations is more valuable with each passing month. A well-respected study (reported here by IT Europa) found that cybercrime’s total economic production would make it the world’s third-largest economy were it a nation-state of its own. (Hey, give it time.) In other words: there are many places your disgruntled employees can offload information pilfered from your servers.
The solution: Vigilance is vital. Unfortunately, insider threats are notoriously difficult to defend against. While a comprehensive cyber protection solution can certainly prove decisive in dodgy situations, it’s not foolproof against a determined insider who knows precisely how your systems work and has the credentials needed to access the entire kingdom.
What can you do to protect against determined insiders? The best defense is to control permissions as tightly as possible. No matter how much you trust any given member of your team, you can’t give them an inch more than they need to do their job effectively.
8. DDoS Attacks
The threat: To use an outdated metaphor, a DDoS attack (full name: dedicated denial of service attack) is designed to overload your organization’s circuits. While the actual execution is complicated, the basic concept is easy enough to understand: DDoS attackers route more traffic through your servers than they can handle, causing the whole system to crash offline temporarily.Massive DDoS attacks can take major organizations offline and affect countless users. The GitHub attack of 2018 remains the biggest to date. Although GitHub survived, it was unusually well prepared to do so, and there’s no guarantee that your organization will find itself so lucky.
The solution: By the time you realize your organization is under attack, it may be too late. Monitor incoming traffic closely to ferret out evidence of low-volume “probing” attacks that discover your weaknesses and set the stage for more devastating violations. And coordinate closely with your cyber protection vendor to mitigate the fallout from a potential attack. It’s never too early to discuss mitigation, after all.
Are You Ready for the Next Generation of Threats?
You’ve heard plenty about the generational changing of the guard on our hands. No need to go into the details, but suffice to say that Gen Z is fast overtaking Gen Y — the millennials — as the tastemaking generation everyone loves to hate.Laugh now. Ten years from now, half your team (or more) will be Gen Z.
Generations come and go, of course, and we shouldn’t get too worked up over what the kids are up to these days. The human comedy finds a way to keep on.
Unfortunately, the same rules don’t apply to the cyber threat landscape. We’re seeing the same generational shift in the world of digital security without the familiar human component that makes such change (mostly) bearable.
No — for organizations and individuals alike, the new crop of cyber threats represents nothing less than an existential peril. Those unwilling or unable to take measures to stay one step ahead of malicious actors and their increasingly autonomous malware could well find themselves pushed to the brink of extinction in the years to come.
That’s why it’s absolutely vital that you listen to the experts and add a comprehensive cyber protection solution to your security posture. It’s essential that you add knowledgeable cybersecurity experts to your team (or retain external cybersecurity professionals if you can’t afford to hire them directly). And it’s critical that you run a range of compromise scenarios, (including worst-case situations that make you queasy just to think about) to prepare for what could be on the horizon.
You’ve worked too hard to build what’s yours. Don’t let a preventable digital threat take it from you.
