As a CISO and cyber specialist, I am often asked what I see as the major cyber threats of the future. While I’m not a fan of the crystal ball looking into itself, it can still be helpful to think about what can happen – and what we can do about it.
So here are my four big threats – or what we might more colorfully call the four “horsemen of the apocalypse” – along with some thoughts on how we can prepare for them so they don’t turn into the end of the world!
1. Virtual humans
With the advent of AI, especially natural language algorithms like ChatGPT, and their access to everything on the internet, combined with the ability to essentially create AI plug-ins for speech synthesis and imaging, we will very soon have more virtual humans online than real ones.
Today, we have botnets: networks of robots that have been surreptitiously installed through malware on computer systems around the world to meet the bidding of cybercriminals. With the power of millions of computers at their disposal, industrious hackers can do everything from crypto mining to offering ransomware as a service to other criminals.
In the future, cybercriminals and even nation states will have the ability to mobilize huge swathes of digital people operating seemingly independently but aligned with a larger mission. We see tiny examples of this today with virtual interviews resulting in the unwitting hiring of a hacker or spy.
Real humans are and will remain victims of fraud and trust schemes. Even to this day, email attacks, such as phishing, are very effective. Imagine a world where parents make interactive video calls with their children asking for money. But what if that child is actually a digital fake? Given the amount of information available about you as an individual, through data breaches and social media posts, virtual replicas will emerge very quickly. Versions of you designed to leverage you for greater gain by crossing ethical boundaries you are not willing to cross.
2. Super Computing
Quantum computing has moved from the pages of science fiction to reality and has been actively processing data for not just a few years now, but for decades. Many companies have developed quantum computers, but the reason we haven’t seen anything dramatic yet is, in many ways, because they all use a different architecture. It’s like Apple and Microsoft in 1986, separated and completely incompatible. Additionally, thanks to the nuances of quantum mechanics, networking quantum computers has proven difficult.
Nevertheless, these two barriers are rapidly diminishing. Soon, the race to process the most qubits will be shortened and accelerated as scientists solve the networking challenge. Overnight, the global human race will have access to thousands, if not tens of thousands, of qubits.
From a cybersecurity perspective, most encryption will instantly be rendered useless. As a result, your secure transaction with your bank or all the data transmitted over your VPN is no longer protected. In fact, every secure interaction you’ve made is likely to have been logged, allowing adversaries to go back and decrypt all those communications. The underlying foundation of the blockchain is collapsing, allowing financial history to be rewritten.
3. The expanding ecosystem
As we dive into the world of digital transformation and Web 3.0, the technology ecosystem is becoming increasingly complex and layered. In the beginning, computers existed in a single room. Soon individual computers were able to communicate. As networks grew, along with processing speeds and the availability of cheap storage, computing applications began to interoperate, requiring less and less standardization across platforms. With this evolution came more interaction points and the ability to leverage specific capabilities from a wider range of technologies and at different compute layers.
Today, cybersecurity is just tackling the challenges of third-party and supply chain risk in IT. Businesses currently undergoing digital transformation will likely not have just three or four tiers of suppliers, but rather nearly twenty.
Moving forward, the combined demand for pace, growth, and innovation will place increasing demands on the IT ecosystem. These pressures will lead to greater specialization in the supply chain, leading to its rapid expansion. As such, it will be a prime target for cybercriminals because manipulating it can undermine trust in surface computing, allowing hackers to take control of any system undetected.
4 smart systems
The role of technology and its importance in the physical world is increasing exponentially and will soon reach a point where IT issues, including everything from errors to hackers, will have a tangible impact in the real world.
Today we explore autonomous vehicles, intelligent power distribution, and automation in industrial control systems, all of which have direct physical interactions with people and places.
As we evolve, increasingly sophisticated technology will not only be integrated into everything from the mundane toaster to the most complex infrastructure, but will also be interconnected and operated across an array of automated systems. For example, smart medical devices will become increasingly commonplace and rapidly shift from tactical control to automated delivery of off-the-shelf medications, emergency service prioritization, and even access control to various facilities.
While these capabilities will dramatically improve human services, improve healthcare and reduce accidents, cyber threats will target these systems to perform everything from theft to terrorism. Instead of your data being held for ransom, hackers can hold your car for ransom, block access to your home for money, or deny you medicine or emergency services without payment.
Getting ahead of the future
Faced with these seemingly insurmountable challenges, is there any light at the end of the tunnel? Fortunately, I believe there are.
For example, many companies are currently developing quantum-resistant technologies, such as encryption algorithms, blockchain technology, and communication networks. These can help negate some of the cyber risks of quantum computing – the challenge will be to build the strength of defenses in proportion to the magnitude of the risks as quantum computing takes off.
As for the expanding ecosystem, although the supply chain is growing beyond comprehension, efforts such as software bill of materials (SBOM), improved software update and patch standards, and even IoT product labeling are under consideration. Active expert thinking is applied to the question.
When it comes to the future related to smart devices and now with ChatGPT and its ilk, smart AI, I think we need to change our perspective on how we co-exist as businesses and individuals with technology. It’s less about being a hard target with strong defenses, and quickly becoming a resilient a target rather than a victim. With solid planning and preparation, resilience is possible. Be aware of the risks and anticipate them. Focus on alternatives, out-of-band options, and most importantly, awareness of potential threats so that your plan B and even your plan C aren’t rendered useless.
The future of cyber may look ominous – but at the same time, human ingenuity will also find ways to create new protections and mitigations.