The past few years have seen major trends shift both the threat landscape and the protection-side of things: IoT, artificial intelligence, machine learning… Attackers are employing increasingly sophisticated tactics, while even the most standard modern security products are equipped with tech that seemed like a pipe dream just a short while ago.
Naturally, the question arises: where will we go next? To answer that question, or at least provide educated predictions, we interviewed a whole bunch of our experts. Here’s what they had to say about the future of cyber security.
The internet of things has arrived, and it’s here to stay. F-Secure’s Principal Security Consultant Tuomo Makkonen predicts that the IoT and cloud megatrends will force businesses to adopt new behavioral patterns, on both the service provider and consumer sides. As more and more things get connected to the internet, the amount of incidents dealing with these devices will also grow. Will providers listen to the warnings of the wider security community and implement proper safeguards in their products? Our Service Lead Christine’s advice:
“Hope for the best, but prepare for the worst.”
F-Secure’s red teaming expert Tom Van de Wiele highlights another worrying aspect of growing IoT: personal data. As different devices get closer to us, they’ll be able to collect increasingly valuable (and private) information. Likes, dislikes, activities – medical info, financial data and business intel.
The continuing improvements in processing power, and the emergence of AI and machine learning technologies, will also allow companies to process information faster and cheaper than ever before. Are all IoT companies protected against cyber attacks? Your personal secrets or business-critical intellectual property leaking because of a seemingly innocent smart device is not an enticing prospect.
Still, it’s not all bad. Despite the negative side-effects of IoT, the net positives might be worth it, as long as you’ve organized your protection. Our Sales Engineer Rüdiger sees a lot of potential in the internet-laden future.
“The whole smart device / IoT world thinks in silos at the moment, but they will grow together to make our lives easier. I mean, if my flight will be delayed, why can’t my iPhone alarm clock just wake me up later?”
AI, the Cloud and the Future of Computing
Although developments in artificial intelligence and cloud computing allow security companies to create more and more advanced products, it also has a flip side: we’re not the only ones able to leverage exciting new technologies. As AI-based attack platforms become increasingly known to the general public (and all the black-hat hackers out there), we’ll see an increase in the amount of attacks utilizing cutting-edge tech.
The growing power and availability of processing power will give attacker’s all sorts of new possibilities, allowing them to brute-force their way into target systems, and analyze massive amounts of data in extremely short periods. F-Secure’s Security Advisor Sean Sullivan sees the looming arrival of “quantum computers” – devices transcending binary computing, and capable of processing information and solving problems much faster – as both a possibility, and a threat. Although nation states are the only ones who currently have the resources to play around with the phenomenon, nothing happens in isolation for very long.
“Quantum computing, when it emerges, will not remain contained. And even the pursuit of it will have consequences during the next few years.”
Overall, our experts expect to see a noticeable shift in the attack landscape within the foreseeable future.
Regulations and Compliance
Regulations and different security compliance needs are pushing companies to be more aware and enact greater control over their data. Large-scale changes in the regulatory landscape, such as the GDPR, are placing tighter requirements on firms to manage their customers’ information more responsibly and transparently. This is tricky in its own right, but becomes drastically more difficult once you take into account the growing complexity of modern IT environments.
“Technological evolution is forcing organizations to move towards more fragmented ‘hybrid-model’ IT environments, with complex structures comprised of multiple clouds and on-premise systems”, our Senior Security Consultant Antti Laatikainen explains. “Data is bouncing back and forth: stored there, processed here, analyzed there… Physical locations get mixed, administration loses visibility, and developers lose roadmap vision.”
Companies will have the invest a sizeable amount of resources in mapping out and breach-proofing their current system infrastructure, and finding suitable technologies to ensure both efficient operations and regulatory compliance.
Need something more to worry about? Don’t forget your supply chain. The trend of breaching targets via partners, providers, suppliers and customers is only expected to grow. How do you organize visibility into your whole operating structure, and protect key assets which are not housed on your own network? The shared responsibility models associated with the cloud, SaaS and modern interconnected business are not cut-and-dry.
Your service provider and/or partner gets breached? You just might pay the price. If your business has a complex IT structure or utilizes many external partners, it might be a good idea to start looking into proper vulnerability management software and/or consultancy services.
The Bottom Line
It’s looking bleak, but it always does. With proper investments in the right technologies, people and processes you will be able to not only withstand the wave of evolving threats and challenges, but thrive in spite of them. Get ready for 2018!