When we have a reactive attitude we become extremely vulnerable to digital threats, which puts our businesses and our societies at risk of attackers who are always evolving and looking for ways to gain access. Ransomware, for example, continues to adapt with different enhancements and tactics, and we must always be dynamic and flexible to change.
Yet, while some things change others stay constant. Data privacy and security continue to be a top priority. In the new working environment, our homes are becoming an extension of the office. And with continuing cloud adoption, there is a massive expansion of the threatscape.
A year ago I made several predictions about topics including Cyberwars, Ransomware, Hacker Esports, Privileged Identity and Zero Trust. Several of them turned out to be fairly accurate, with lessons to be learned moving forward.
So, let’s take a look at what the coming year may have in store for us, with five predictions humbly submitted by an ethical hacker and cybersecurity scientist.
Deep Fakes Replicate Digital Humans
This year, Deep Fakes will become so authentic that not only will we see our digital identities being stolen, but also digital versions of our DNA. Exposing our Digital DNA on the internet will enable Deep Fakes to replicate and create Digital Humans.
If you have ever seen the movie “The 6th Day,” we are on the same path for replicas of our digital selves. People are already syncing their physical lives with their profiles on social media with constant uploads of photos, videos, audio and personal preferences.
With enough data points and some enhanced algorithms it is only a matter of time before attackers can create lifelike digital avatars of anyone, and it will be incredibly difficult to identify the difference without technology to analyse the source data.
Bring Your Own Office (BYOO)
Employees’ homes will become extensions of company offices. Just as cloud transformation dominated the pandemic period, we have now started the Bring Your Own Office transformation, where employees’ home networks have become cloud droplets or mini clouds.
The big challenge today is knowing where the organisation’s security starts and stops, and if it should attempt to secure employees’ homes as an extension of the corporate office.
What would that mean for the employees’ data privacy? Do we all become always-on employees when we are no longer nine to five employees?
In the past, personal life and corporate life had a clear separation. With Bring Your Own Device that dynamic changed, and now with Bring Your Own Office it will evolve further and the boundaries will become even blurrier.
Cyber Basics Mandated for Insurance
The need to become a cybersecurity-conscious society will see increased attention to getting the basics right. This means that cyber hygiene and awareness will be a top priority this year.
With more organisations looking to obtain cyber insurance as a safety net to protect their businesses from serious financial exposure caused by data breaches and ransomware attacks, the need to get a solid cyber strategy in place will be mandated to get cover.
The days of “cheap and easy” are over and this year, companies will have to get back to the basics to level up their cybersecurity baselines. Ongoing remote work and cloud transformation means that a strong access management strategy will be needed – supported by multifactor authentication, password management and continuous verification – to reduce the risks.
In addition to implementing better access security controls, employers will need to empower workers with better cybersecurity awareness by creating ongoing training and education initiatives to ensure that as threats evolve, employees are informed and ready to be strong cyber defenders.
Cyber Armies – The Offensive Gets Real
Over the past few years, we have seen many countries explore capabilities to go on the cyber offensive. As a result, this will see the introduction of cyber armies.
Many countries have already adopted some variation of a cyber force, whether to support existing armed forces or to defend the country when targeted by cyberattacks, such as what Estonia did as a result of the 2007 cyberattack. In 2010 Estonia established the Estonian Defence League Cyber Unit which continues to prepare and simulate cyberattacks targeting the country so they are ready to defend against them.
Many other countries have since established similar units. With threats on the rise, the need to go on the offensive has now become a reality. The reason is that while many countries may have limited supplies of traditional weapons, all countries can easily build cyber weapons – and use them.
The Cyber Workforce Quest
Each year the cyber talent gap is increasing. As an industry we must do more to get new and diverse talent to join the cybersecurity workforce.
In the coming year the workforce gap will continue to grow, further increasing the urgency to explore new ways to attract more people to choose cybersecurity as their career. The old ways of accelerating talent development must evolve.
It is no longer just about having core technical skills but rather a diverse set of skills that also include communication, marketing, design, and psychology. Cybersecurity is now a challenge for all societies and, as Mikko Hypponen said, “we are no longer just protecting systems, but we are now protecting society.”
About the author
Joseph Carson is the Chief Security Scientist & Advisory CISO for Delinea, a leading provider of privileged access management (PAM) solutions for seamless security. Carson has over 25 years’ experience in enterprise security, is the author of “Privileged Access Management for Dummies” and “Cybersecurity for Dummies”, and is a cybersecurity professional and ethical hacker. He is a cybersecurity advisor to several governments and the critical infrastructure, financial and transportation industries.