As the cyber world is progressing , so are the threats around it. In the late 80’s and early 90’s, the threats were simple as compared to today’s standards. The viruses got transferred through infected floppies, but they were easy to detect and stop. Today, however, the cyber threat picture has changed completely. From Phishing attacks to DDoS and Script injections, the technical capability and sophistication of hackers have increased many folds. They have not limited themselves only to technical ‘solutions’ but have become experts at social engineering to target vulnerable employees and extract critical information to help them penetrate the organization’s defenses.
With their sophistication, they need a few seconds or even milliseconds of access to cause enormous damage. At the same time, organizations have responded by creating stronger policies and tools. This has worked on and off till date, as evidenced by multi million-dollar breaches. But what does the future hold? It is hard to see into cyber threat crystal ball and tell where will the future threats come from. However, based on the advances in technology it is possible to predict what the threat landscape might look like.
Key Paradigms That Will Impact Cyber Security in Future:
Big Data – Companies are collecting an enormous amount of data about every aspect of the customer. His every move is getting recorded and analyzed to understand his likes, dislikes, and other behavioral attributes. It is not only the data and storage that are getting large, but the computing power is also evolving at the same pace. There is now much more data that needs protection and at much greater breadth. The same tools and technologies are also available to cyber criminals to devise their attacks. Big data will be used to create extensive lookups, hash tables for brute force attacks and use the enormous computing power to create much more sophisticated attacks which will require much lesser time to damage the target.
IoT – Connected Devices – Internet of Things is already here, but it is yet to spread in a big way. A large number of connected devices will mean that there are as many end points that are vulnerable to an attack. In Industrial Internet of things (IIoT), the situation will get more complicated. Many industrial sensors will be placed at remote locations (such as along the gas or oil pipelines) which may not be guarded. They may be located along the pipeline that typically runs across international borders. These end points can be used by cyber criminals to hack into the organization’s infrastructure or create a social or political turmoil. On the domestic front, one can imagine what will happen if the self-driven cars get infected with a virus..
Smart Devices – We are only at the beginning of the era of smart devices, but it won’t be long when almost everything will be embedded with a microchip and network connectivity. Each smart device will be a network endpoint which can be utilized for a hack or can be hacked itself. Since most of these devices will be interconnected, the impact of a single device being compromised will spread across the whole network. For example, in a smart home scenario, a smart refrigerator which may not have the latest security update patch will be a weak endpoint to infect all devices (including computers and smart phones) in the home network. It will be difficult to manage the security holes and updates for so many devices. Cyber criminals will scavenge the network for such vulnerable devices.
Artificial Intelligence – Artificial Intelligence (AI) is developing at a rapid pace leading to, both, positive and negative consequences. The effort is already on to implement AI in cyber security. For example, AI can learn the usual traffic pattern and investigate any unusual pattern (for e.g. hundreds of failed login attempts from same IP address) to block the IP and raise the alarm. Today administrators need to look at logs and reports to analyze the traffic pattern and detect anomalies. Going forward, AI can monitor programs, endpoints and learn the patterns of their usage to identify anomalies and breaches. It can enable preventive and corrective action. On the flip side, however, the cyber criminals will also use AI to devise ever more complex and forceful attacks. It seems that the future will be a game of chess where AI based attack and defense technologies will be the pawns fighting each other in cyber space, at the direction of their human masters.
The future of computing is bright. We are expecting humanoid robots, automatic cars, and smart homes but each comes with its own set of vulnerabilities. The cyber criminals will be a lot more sophisticated and have much more computing power at their disposal. The impact of system breaches will also be on a much larger scale. It will take a combination of people, processes, and technologies to combat the cyber threats of tomorrow.