“The integration of the digital and physical realms has reached a tipping point. We see the world transforming itself, blending both the digital and physical into a new and emerging world. From a cyber security perspective, convergence acknowledges the digital transformation process that is already well underway, how it affects us and how we, in turn, affect it,” the report explains.
“We believe that security professionals are best served by viewing the digital and physical worlds as two halves of an integrating whole: although they both may remain different, they are no longer separate,” it concluded.
In presenting the result, the report divided the predictions based from two factors that drive the incidents to happen. The first one would be macro events driven by larger forces such as new developments in foreign policy, demographics, trade law, corporate policies and market forces. The second one would be incidents that are positioned primarily in the digital realm itself.
The following are key highlights from the report:
Millennials entering the workforce
Condescending as it sounds, the generational employment shift caused by millennials graduating from higher education and entering the workforce does possess a unique form of cyber security threat.
“Having grown up with the internet and as early adopters of new technology, millennials bring an inherent openness to and trust of technology to the workplace that the retiring baby boomers never did,” the report explains.
While this may sound like a positive trait, millennials’ elevated trust on technology also mean they tend to overshare on their various social media platforms. They might also use their own personal devices on work, and easily jump towards new connected devices with insufficient security to protect data and information. Accidental data breaches may become more common when you have millennials on the team.
So what can businesses do?
“The key is for organisations to get ahead of the millennial security curve by adopting technology that puts context around employee behavior to distinguish between harmless or accidental behaviour and risky or malicious employee activity,” the report answers.
Corporate-incentivised insider threat
Not only that your millennial employees may possess a cyber security threat, in general, 2017 will see the rise of corporate-incentivised insider threat.
The report pointed out a recent case where over 5,300 employees of a large bank –most likely Wells Fargo in the US— used customers’ personally identifiable information (PII) to open more than two million bogus accounts.
“This is the result of the convergence of economic need for corporations to maximise profits and the opportunity for employees to meet sales quotas and keep their jobs, by easy access to customer data and disguising their activities,” it says.
Also Read: This founder went from cybersecurity to beauty e-commerce – this is what he learned
Driven by the employees’ need to meet sales quota and performance indicator, the report also stressed that such case will not just happen to banks or financial institutions.
“Like the GDPR’s new oversight, protections and access protocols may be proposed at the federal or even international level to further restrict both corporate and personal access to digital information, with far reaching legal and civil implications. Such proposals may follow in the wake of the internet’s transfer from American control to international governance,” it states.
Ladies and gentlemen, consolidation is going to happen in the market in 2017, and it may also impact security.
“Cybersecurity corporations are now buying smaller security vendors, driving M&A consolidations,” the report begins.
“As a result of vendor consolidation, those that are not a part of industry convergence or that aren’t receiving additional venture capital will be more likely to exit the industry,” it concludes, thus marking the beginning of Dotbomb 2.0.
The report warned that we will be seeing more of “orphaned technologies” where owners stop supporting and upgrading their products, essentially abandoning them and opening a window of opportunity for attacks. Temporary slowing of security technology innovation may also happen as the industry ride the waves of consolidation.
Securing the cloud
As migration to the cloud rises, so is the risk of hypervisor hacking.
“With governments moving to the cloud, the underlying foundation that runs virtual machines there may be increasingly subject to attack. If a hypervisor gets compromised attackers will have full control of any and all systems running there,” the report says.
“Denial of Service attacks may rise against cloud providers. This will impact business against clients in an untargeted fashion, creating threats against businesses,” it adds.
Voice-first platforms and command sharing
This is what the report dubbed as a “new level of human and technology convergence” as machines will become “more a part of human beings and the human experience.”
Though this might sound a lot like science fiction movies, the report highlights that AI assistants will alter user behaviour and expectations from their web experience, and ultimately diminish the users’ autonomy.
“The creators of AI interfaces will become powerful influencers of not just how we interact with machines, but also the slant of the information toward which the machines will be programmed to steer us. For example, which news channel will your AI interface, by default, send you to: CNN, BBC, RT or FNC?” it point out.
Risks possessed by this technology particularly lies in access control.
“New interface-based security risks will also accompany this app proliferation, allowing hackers to bypass existing security protection, leading to an increase in AI app-associated data breaches,” the report says.
And finally, the one we have been waiting for: the rise of criminal machines.
Elon Musk was kind of right. There is indeed a possible threat possesses by AI, though it may not look like your favourite sci-fi movies.
“Automated—and autonomous—hacking machines designed to rapidly seek out vulnerabilities and potential breaches in networks are here. The capabilities of AI cyber defense machines to search, surface, interpret and remediate attacks and potential breaches far outpaces human Security Operations (SecOps) teams’ abilities,” the report says.
The report reveals the likelihood of the rise of self-directed hacking machines launched by rogue hackers or state actors to anonymise attacks, target and overwhelm rival national cyber defenses, or to trigger a response that may quickly evolve into geopolitical and economic crises.
Particularly if we consider the current political situation in the West.
“Under NATO Article 5, the new ‘Enhanced NATO Policy on Cyber Defense’ allows for triggering a kinetic war in response to a hacking incident. The policy underscores that the continuing convergence of the cyber world with the real world has reached a precipitous level,” the report explains.
“In fact, the bridge between hacking and kinetic response has already been built and, at least to some degree, crossed,” it adds.
Now that is something to worry about. Thanks, Elon Musk.
Image Credit: logo3in1 / 123RF Stock Photo