Mukul Chopra, Director - Digital
Transformation Center, COMPAREX
While we are still reeling from the aftermath of the “Wannacry“ ransomware exploit and the global impact of the cyber threat and the extreme vulnerability of key industries, it might not be too early to start considering the next set of threats that we need to be concerned about. Security vectors evolve rapidly because the “bad actors“ (those that want to exploit us) are constantly innovating. Many cyber operations have organization charts similar to legitimate businesses and use best-practices for management, marketing, pricing and operations etc.; just like we do.
The next iteration of ransomware that we fear is where the data of a company is not encrypted and held hostage as in CryptoLocker or Wannacry. Rather, the key data of the company is changed and affects real-time information, e-commerce etc., and creating chaos in the bargain. Cyber criminals will now demand that you pay a ransom for your original data. The intelligence agencies of many countries, including the USA, believe that this is a real and present danger and is only a matter of time.
2. Leaking Intellectual Property
As we have already witnessed with the threat, and now the release of the latest Disney movie or a Netflix series like “Orange is the new Black“, the next iteration of ransomware is likely to be the release of IP (Intellectual Property). Millions of companies across the globe do not have their systems secured adequately and commonly do not patch known vulnerabilities. This is the equivalent of leaving keys openly and allowing anyone to enter and exploit IP storage.
Intel estimates that by 2020, connected devices in the Internet of Things (IoT) will increase from their current levels of 15 billion to 200 billion. These include everything from pacemakers to electric meters; refrigerators to light bulbs; and connected cars to clothes and shoes etc. The platforms that these are built on, have low/no security, and little oversight. Most operate off a self-regulation model and as a result are very vulnerable to hacking. Watch out for IoT comprises that have the capacity to make or break prominent companies.
4. AI/Machine Learning applied to benefit cybercriminal ecosystems
Artificial Intelligence (AI) and machine learning are increasingly being used to combat cyber threats. Access to such tools and platforms is still expensive and not ubiquitous. But this will change. The cost of acquisition of such tools for the benefit of the criminal’s activities is a forgone conclusion. When that happens, attacks will be automated and have the ability to morph and change on their own to continue to spread and create widespread destruction in short periods of time. The spread of Wannacry will look like the work of kindergarten kids. These exploits will be more lethal, faster and much more dangerous.
This may be the single biggest threat to cyber-security that no one is paying attention to. What is quantum computing? This is the bizarre world of quantum mechanics where atoms can have multiple simultaneous states. This is different from the way our digital computers work today, which is represented by bits as 0s and 1s. Because quantum computers can occupy multiple coordinates thanks to the quantum phenomenon of superposition, tunnelling and entanglement – they can compute vast quantities of information and massively accelerate computation. Using quantum computers, criminals could crack virtually any encryption mechanisms that is currently used by us for most of our most sensitive online tasks including financial transactions, health care information, personally identifiable information etc.