The digital technologies and systems created today are introducing both far-reaching opportunities and challenges alike for security professionals and business leaders.
Disruptive technologies, geopolitical competition and increasingly demanding regulatory requirements are impacting the cyber and physical threat landscapes. This therefore makes it more and more crucial to adopt a holistic view of how the intertwined global digital ecosystem of tomorrow may impact your organisation and its security. Fine tuning risk management strategies to navigate these shifting tides in the global digital threat landscape is essential.
Digital nationalism, global interdependence and digital conflict raise systemic cyber threats
Ubiquitous connectivity through 5G and satellite communications, as well as increased productivity and scale through artificial intelligence (AI), quantum computing and cloud infrastructure, present significant opportunities for businesses. However, the growing complexity, pace and scale of global interconnectivity and the architecture on which it relies will present organisations with increasing systemic digital threats, some of which are challenging to mitigate.
Such transformative technologies increasingly present macro-level threats that are agnostic of end users and organisations. Organisations across sectors will therefore have to develop a strategic understanding of the specific risk profiles of each of these technologies in the jurisdictions in which they operate.
Competition among states for technological supremacy and the global rise of digital nationalism is putting global companies in the crossfire. Businesses will have to increasingly weigh macro-level political and national security considerations when engaging in a jurisdiction or with a specific supply chain partner about which their host government has a negative view. Kaspersky, Huawei, TikTok, WeChat, Facebook and Google are just the most prominent examples of how the global technological ecosystem is fragmenting, but this technological decoupling will affect a growing number of organisations across sectors.
Systemic threats also emerge from social media networks. State actors use such platforms to disseminate complex disinformation campaigns to target adversary states and, increasingly, companies associated with their adversaries. The most significant disinformation operations remain closely linked to states’ intelligence services as well as broader espionage and computer network exploitation activities. Organisations and defenders who understand how local, regional and global developments drive such computer network operations will be better placed to detect, respond to and mitigate against such disinformation campaigns in higher-risk locations.
Emerging technologies will also enable devices, networks and services to become hyperconnected and interdependent and to operate on sophisticated shared infrastructures. This can therefore make it more difficult to identify threats across entangled supply chains. Equally, the impact of an attack against one component of such complex supply chains will be increasingly severe. As such, this interconnectedness means all companies will have to amend their risk mitigation strategies. Such strategies should focus on understanding how and to what extent critical suppliers that are involved in national-level infrastructure, as well as other key service providers, may have access to or oversight of the company’s networks, data and systems. They should also seek to assess whether this may subsequently expose the company to disruptive sanctions, software or hardware bans by other states.
Conflict and competition between states increasingly play out in cyberspace. Companies must therefore also examine how their connectivity is exposing them to systemic cyber threats to critical national infrastructure and how these threats can inadvertently impact them – increasingly by affecting the cyber-physical safety of operations – in each geography.
From cyber-enabled power outages in India, to attacks against maritime, financial and transport and logistics targets in the Middle East and to probing of critical infrastructure in Europe and the US, the past 12 months have offered a glimpse into states’ increasing willingness to leverage cyber capabilities to disrupt and sabotage their rivals. Businesses will have to consider the likelihood and impact of how relations between states are driving these disruptive and potentially cascading cyber threats when operating in geopolitical hotspots. A high-impact cyber attack that disrupted much of the US East Coast’s fuel supply in early May – though linked to Russia-based cybercriminals – reinforces these concerns, even for seemingly more secure locations.
Transformative technologies enable new attacks
Interconnectivity, the emergence of first-generation AI-enabled offensive tools and the significant disruptive effect that quantum computing will have on existing cryptographic infrastructures presage a powerful evolution in the attacker’s toolkit of the future. For example, threat actors may leverage AI-powered tools to automate malware, analyse all possible attack vectors against a target, select the best option, execute successfully and adapt to avoid being detected on the targeted network.
The good news is that many of these technologies also offer real opportunities for defenders to enhance the speed, precision and impact of operational defence and support organisational resilience. Security professionals will need to enhance their situational awareness today, boost their understanding of technologies and work closely with business leaders to carefully consider how to mitigate these emerging threats in the face of increasingly complex technology environments.
Unlike when confronted with the cyber effects of geopolitical competition, security teams retain significant control over the implementation of software and hardware on the enterprise IT estate. Businesses today are migrating from on-premises IT infrastructure to cloud-based technologies and shared service providers, automating and connecting manufacturing lines through the industrial internet of things (IIoT) and adopting next-generation digital identity systems. The effects of COVID-19 are further driving the implementation of these technologies and have highlighted the urgency of adopting cloud solutions as IT enterprises and infrastructure now need to adapt to business requirements, remain resilient in the face of business disruptions and be effectively scalable for the future.
Organisations must remain aware that these technologies are already and will likely be even more heavily targeted by threat actors in the near future. In 2020, nation-state and criminal attackers homed in on poorly secured and implemented cloud services to steal, corrupt, modify or destroy data and files, to carry out distributed denial of service (DDoS) attacks or to hijack accounts for further network compromise. As more data migrates to the cloud, attackers will follow. Cloud computing will also play a substantial role in the successful formation of Industry 4.0, in which modern networked control systems will enable new ways of industrial production, value creation and real-time optimisation.
The internet-connected cyber-physical systems that form the basis of Industry 4.0 will become a key focus of criminal actors who will seek to disrupt operational processes to extort significant ransoms. For some time now, state actors have sought to identify and target systems that facilitate automation and data exchange in critical manufacturing technologies for disruptive effects during political crises and at times of heightened military tensions. High-value digital identity systems, including those that store and process personal information and facilitate transactions across services in the global market, will likely also become a key focus of insider, criminal and state-linked threat actors seeking to take over accounts, subvert transactions and harvest sensitive data.
The emergence of quantum computing marks a key moment in the evolution of computational performance. It will highly likely equip governments and companies across all sectors with new capabilities to process big data, supporting developments that will benefit scientific and medical research and create new opportunities for financial modelling. However, it will almost certainly also present significant cybersecurity challenges, create new attack vectors and enable capable threat actors to break current encryption protocols to gain access to organisations’ most sensitive data for financial and strategic gain.
Sustainable defences and holistic risk management remain key to navigating the new digital landscape
Emerging AI and machine learning-enabled defences, as well as powerful threat intelligence and information-sharing frameworks, can help network defenders to automate security policies, detect threats and support mitigation more broadly. Technology will be a crucial catalyst in responding to emerging technology threats. However, it must be complemented by business leaders’ commitment to adopting a holistic risk management approach, making strategic decisions when developing transformation roadmaps, managing IT and suppliers through governance and controls and investing in skills and the broader organisational security culture.
It is now also commonly accepted that it is no longer a matter of ‘if’ but ‘when’ an organisation will suffer a cyber attack. This means businesses will have to ensure that operations are safeguarded even when a breach occurs. Organisations with a holistic resilience strategy and business continuity plan will be able to maintain or rapidly resume business functions in the event of a major disruptive event, whether this disruption directly stems from a cyber attack or physical disruption linked to it. Regularly testing such plans and ensuring they evolve alongside technologies, business needs and risks are critical to guaranteeing your organisation is prepared in the event of a crisis.
The emerging digital ecosystem will no longer represent just a security or technology challenge, it is an existential risk and opportunity for all. Companies that treat it as such will be better equipped to successfully navigate the complexities of the evolving threat landscape. This approach will prove the most effective and sustainable in building secure, compliant and resilient businesses in the information age.