There are certainly plenty of information security threats today, but you need to also think about the ones that are on the horizon. To help make sure you’re prepared for whatever the future holds, we’ve put together this article about problems that will be cropping up in the next two to five years – being forewarned means you are forearmed.
The more you’re prepared, the easier it’s going to be to defend yourself against the attacks.
Below, we have ten different upcoming information security threats we think you should know about:
1. Nation-State Espionage and Hacking
Remember Stuxnet? If not, look it up – it’s a taste of what’s to come in the future (and pretty interesting reading). When nation-states use their massive resources to attack computer systems, the sky is truly the limit. The sophistication of Stuxnet impressed many security people who examined the code after it was discovered. Unfortunately, Stuxnet was most likely only the first shot across the bow – we can expect a lot more of these types of targeted, state-funded attacks in the future.
2. The Iron Curtain Internet and the Splinternet
China, Iran and other countries already tightly control what their citizens can access on the internet, and more nations are going to face in the next two to five years. Expect this trend to continue – while this is more of an internal problem for citizens trying to access the outside world, some nations are already talking about having a separate, private network that would only operate within their borders. This would fracture the present internet into multiple separate entities – the “Splinternet“.
3. The NSA and Other Snoops
When the U.S. Department of Justice shut down Megaupload, they certainly stopped a lot of piracy – however, according to some reports online, they also blocked over ten million legitimate files on that file sharing service. Then look at the National Security Agency and all they’ve been caught doing over the past few years (especially the alleged engineering of backdoors into security protocols) and you how might affect businesses and citizens?
4. Exploitation of Service Providers and Certificate Authorities
In order to launch more sophisticated attacks, the bad guys are going to try hacking into service providers, certificate authorities and other central points of failure even more in the future. Not too long ago, a certificate authority was hacked, and expect this kind of targeted attack to happen more frequently as black hat hackers try to get around SSL encryption by compromising it at the source – by spoofing a certificate using a CA’s trusted root certificate, the world is theirs.
5. Attacks on Big Data
Big Data is very useful when you have information that is verified to be correct – but what happens if someone hacks into a database and changes some of the numbers? The ‘ripple effect’ for other companies or entities using that data could be radically affected. For example, if good data is hacked and replaced with bad data, what happens to the algorithyms using that data to make, say, automatic stock trades? Combine this with techniques that can extract personal information from supposedly ‘anonymyzed’ data and the 40 zetabytes of digital information the Earth will host by 2020 looks like an increasingly vulnerable target.
6. Mobile App Hacks and Malware
Smartphones and other mobile devices haven’t been immune to malware and hacks, but it has not been very common – yet. As more and more people use these devices, they are going to be a bigger target for the bad guys. Bet on mobile attacks and malware increasing dramatically over the next few years. Hopefully, developers will be able to keep up and increase mobile app security.
7. Failure of Encryption?
Just a few short years ago saying that encryption might no longer be useful would have had people looking at you like you were crazy. However, computing power is increasing so quickly these days that it may soon be possible for moderately expensive computers, networked together, to be able to crack existing encryption. Yes, it will require a LOT of computing power, and encryption will certainly evolve to meet new challenges, but the day is definitely coming when current solutions will no longer protect your information.
8. Shortage of Information Security Professionals?
Thanks to the Target hack (and many, many others) companies are finally starting to wake up to the fact that they need to spend money to keep their customers’ data safe and secure at all times. As big corporations begin to hire more security professionals (and as the number of networked items increases) there is a good chance that there may not be enough properly trained people with the experience to fill crucial positions. This is something to think about if you’re in college now or thinking about switching careers.
9. Social Engineering on the Rise
Whether it’s phishing attacks, pharming or even dumpster diving, this is going to be on the rise in coming years as networks attempt to increase their security. Social engineering goes way back to the phone phreaking days, but it’s still around and still useful for those people who can be charming (or pretend to be someone who is). Teaching your employees about the dangers of social engineering hacks is a very good idea in the 21st century.
10. DRM + Malware = Bad News
Digital Rights Management techniques and software haven’t been very popular with some people, but the technology is primed to be used in a devious way. Imagine a malware program that uses DRM software to make itself unique to your computer. (Actually, read about malware that took advantage of this a decade ago – thanks, Sony!) The cloak of DRM makes it extremely hard for anti-virus programs to use a generic sample of the code to scan systems for its presence. Malware is evolving like the rest of technology, and poised to become even more nasty in the next few years. Future exploitation of DRM by malware is something to watch closely.
What About YOU?
Think we missed something? Leave a comment below and add your opinion. When it comes to upcoming information security threats, the more information available, the easier it’s going to be to protect against attacks when they eventually happen.