By Steve Durbin
We’re already seeing commercials flaunting 5G coverage as the new wave of mainstream operational speed as we know it. This paired with organizations flaunting their machine learning capabilities to more accurately dictate a human’s preference is becoming the next-generation whether we’re ready for it or not.
Vast webs of intelligent devices, combined with increased speeds, automation and digitization will create possibilities for businesses and consumers that were previously out of reach. The Internet of Things (IoT) will continue to develop at an astonishing rate, with sensors and cameras embedded into a range of devices across critical infrastructure. The resulting nexus of complex digital connectivity will prove to be a weakness as modern life becomes entirely dependent on connected technologies, amplifying existing dangers and creating new ones.
Let’s take a quick look at a few of the threats on the horizon and what they mean for your organization:
5G Technologies Broaden Attack Surfaces
The arrival of 5G, with significantly faster speeds, increased capacity and lower latency, will change existing operating environments, but at the expense of an exponential growth of attack surfaces. The 5G-enabled devices and networks that underpin society will be compromised by new and traditional attacks, causing chaos and plunging business into disarray.
The impacts of attacks on 5G technologies and infrastructure will be felt across a range of industries who leverage 5G to become more operationally efficient or to automate and speed up processes. There will be countless opportunities to attack 5G infrastructure, including billions of previously unconnected IoT devices and new private networks. Millions of new 5G-enabled masts, built and operated by a plethora of companies and governments to varying levels of assurance, will have new vulnerabilities exposed and create new ingress points for attackers to exploit. The step change in available bandwidth will act as an accelerator to existing attacks and amplify new ones, stretching organizational resilience to its maximum.
Critical national infrastructure (CNI), IoT manufacturers, businesses and citizens will all be heavily or totally dependent on 5G to operate, offering ripe targets for a range of attackers. From nation states aiming to cripple CNI – to hackers spying on private networks – 5G technologies and infrastructure will become a key target.
Organizations must prepare for the arrival of 5G by understanding how 5G will be used in their own product offerings and how they might be dependent on 5G networks to operate. Organizations that successfully prepare will gain a significant competitive advantage from the technologies. Those who get it wrong will find themselves compromised, their operations disrupted and reputations damaged.
Manipulated Machine Learning Sows Confusion
A range of industries will increasingly adopt machine learning systems and neural networks over the coming years in order to help make faster, smarter decisions. They will be embedded into a series of business operations such as marketing, medicine, retail, automated vehicles, and military applications. The explosion of data from connected sensors, IoT devices, and social media outputs will drive companies to use machine learning to automate processes, with minimal human oversight. As these technologies begin to underpin business models, they will become a prime target. Attackers will exploit vulnerabilities and flaws in machine learning systems by confusing and deceiving algorithms in order to manipulate outcomes for nefarious purposes.
Impacts will be felt across a range of industries. Malicious attacks may result in automated vehicles changing direction unexpectedly, high-frequency trading applications making poor financial decisions and airport facial recognition software failing to recognize terrorists. Organizations will face significant financial, regulatory and reputational damage and lives will be put at risk if machine learning systems are compromised.
Nation states, terrorists, hacking groups, hacktivists, and even rogue competitors will turn their attention to manipulating machine learning systems that underpin products and services. Attacks that are undetectable by humans will target the integrity of information – widespread chaos will ensue for those dependent on services powered primarily by machine learning.
The damage a compromised machine learning system may bring could be life-threatening. Organizations should assess their offerings and dependency on machine learning systems before attackers exploit related vulnerabilities.
Parasitic Malware Feasts on Critical Infrastructure
Parasitic malware – which seeks to steal processing power – has traditionally targeted computers and mobile devices. This type of malware will evolve to target more powerful, industrial sources of processing power such as Industrial Control Systems (ICS), cloud infrastructures, CNI, and the IoT. The malware’s primary goal will be to feast on processing power, remaining undetected for as long as possible. Services will be significantly disrupted, becoming entirely unresponsive as they have the life sucked out of them.
Unprepared organizations will have a wide (and often unmonitored) attack surface that can be targeted by parasitic malware. They will see infected devices constantly running at full capacity, raising electricity costs and compromising functionality. Systems will degrade, in some cases leading to unexpected failure that halts critical services.
Every organization will be susceptible to parasitic malware. However, environments with high power consumption (e.g. power stations, water and waste treatment plants and data centers) and those reliant on industrial IoT (e.g. computerized warehouses, automated factories and smart cities) will become enticing targets for malicious attackers as high-power consumption tends to mask the energy usage of parasitic malware.
Organizations should start implementing suitable controls to protect against parasitic malware holistically across the business, including areas that have ICS, IoT and cloud deployments.
Preparation Must Begin Now
Information security professionals are facing increasingly complex threats—some new, others familiar but evolving. Their primary challenge remains unchanged; to help their organizations navigate mazes of uncertainty where, at any moment, they could turn a corner and encounter information security threats that inflict severe business impact.
In the face of mounting global threats, the organization must make methodical and extensive commitments to ensure that practical plans are in place to adapt to major changes in the near future. Employees at all levels of the organization will need to be involved, from board members to managers in non-technical roles.
The threats listed above could impact businesses operating in cyberspace at break-neck speeds, particularly as the use of the Internet and connected devices spreads. Many organizations will struggle to cope as the pace of change intensifies. These threats should stay on the radar of every organization, both small and large, even if they seem distant. The future arrives suddenly, especially when you aren’t prepared.
About the Author
Steve Durbin is Managing Director of the Information Security Forum (ISF). His main areas of focus include strategy, information technology, cybersecurity, digitalization and the emerging security threat landscape across both the corporate and personal environments. Previously, he was a senior vice president at Gartner.