March 3, 2023 By George Platsis 4 min read

The year is 2030. The world is full of smart mega cities, digital surveillance is openly ubiquitous, cash transactions no longer exist, wired connections remain for only the most demanding data flows, the “Internet of Things” age is over and the “Everything is Internet” age is here, and we churn out data with every heartbeat – literally – contributing to the Yottabyte Era.

It all sounds daunting or even dystopian. But such a future is not unrealistic at all; therefore, we must consider the cybersecurity risks that come with that future.

Attack surface, what attack surface?

The digital age of the near future will undoubtedly retain one characteristic of today’s networks and systems: it will remain inherently insecure. You see, decisions made long ago had downstream consequences. Namely, the free exchange of information was prioritized over the secure exchange of information.

To be clear, the issue at hand is not about suppression, censorship or restriction of information; rather, the issue is how we exchange that information.

Consider the postcard versus the letter in an envelope. Both have a stamp, and an address from sender to receiver and travel over the same infrastructure. But anybody with access to the infrastructure can read a postcard, whereas opening the envelope requires some tampering.

The future inherits that problem: the mail system is still the same. That means:

  • Postcards can — and will — still be mailed (think little gadgets and insecure devices)
  • Some letters will be in envelopes (e.g., encryption), but the envelope security is challenged
  • Some will opt for special handlers (think private couriers as proprietary technology), but not everybody can use or afford these options.

Short of a “new internet” built with secure transfer prioritized — one can hope for a space-based communications system that does that — we are stuck with the Internet we have and will continue to build on that weak foundation.

The result is a “postcard nirvana” for malicious actors unless you employ the joint power of the two letters “n” and “o” in your decisions. Otherwise, your attack surface is everywhere. CISOs, CIOs, risk officers and executive officers appreciate that as you balance your business operations, risk tolerance levels and security programs, the most important decision you make may be saying, “no, we will not implement that technology because it generates too much exposure.”

So, against that backdrop, what could the future of cyberattacks look like?

Unleash the machines

The use of a graphic user interface to conduct hacking operations was a type of super leap for both offensive and defensive hackers. The GUI made life easier and more accessible. Artificial intelligence may likely be the next super leap, particularly as solutions become commoditized. Soon, an attacker may give the AI a target, program in some type of training method, supervised or unsupervised, and just let the machines run wild. And the defender will return with AI in kind.

Obfuscate, confuse and drain

For the more sinister who seek to bleed instead of kill, whatever the tools of the future are, defense against hacking may generate a feeling of futility if data sets are no longer reliable. The challenge is big data. If the threat actors of tomorrow can undermine data integrity, poor decision-making is the result. How can you operate with any level of efficiency and accuracy if your source data is wrong? Now, apply this thinking to the operations of a smart city or your auto-drive car. Not a pretty picture, and a means to shut down large swaths of operations in one shot.

Steal now, decrypt later

Sticking to big data, data transfer speeds are becoming so fast — even at the consumer level — that hackers may just start hoarding. Even without the ability to decrypt containers today, encryption obsolescence is nearing as we cross the quantum barrier. Do not be surprised if hackers, especially at the nation-state level, simply steal something now with the intent of using it later when technology permits easier decryption. Cloud and third-party service providers become lucrative targets here. Consider it wholesale theft.

Battle of the titans: Encryption and quantum

Something to think about today, quantum-proofing your encrypted data sets buys time. Even if quantum technology cannot reach the commercial or consumer markets in the near future, you can be sure threat actors at the nation-state level are game to play. Quantum computing takes smash-and-grab to industrial levels.

Hybrid hacking

What does this obscure and relatively unheard term mean? A yours truly definition: hacks are multi-vectored between technical and non-technical means. For example, threat actors use AI to conduct a social engineering attack based on your behavioral characteristics. The AI learns your traits through different data trails you leave behind and devises tailored attacks.

Targeted micro attacks

If we go down the dystopian route, malicious actors will conduct highly individualized attacks. We all possess unique DNA, just like any device ID. The only remaining question is whether we plug into the network. Stay off; good chance you stay protected. Connect once, and you are there for the world. Now, imagine your PII and PHI out in the wild — today’s breaches may have already done that — and hackers for hire can take contracts for a specific internet-connected medical device used by a specific individual. Your nightmares can finish this thought.

More hackers

As more people are “born into” technology, their technical proficiency could very well increase compared to us today. Those in the infosec world today are there by choice and desire; future generations will just be in it. Survival will depend on their ability to navigate it, and “how to hack” may be a kindergarten lesson.

What is the future outlook?

In closing, the key to protection is designing an inherently secure network. Until such time, the future of hacking will likely become more impactful until it falls off a cliff. Why is that?

Tools and data will become unmanageable, causing the constant fire drill. But then, how does it drop off entirely? Our attitude towards data. There will come a time when we decide either:

  1. Not to care and let data run free, making it effectively worthless; or
  2. Begin to focus on privacy, move critical data off systems, destroy unnecessary information and voluntarily restrict data generation.

The choice is yours.

More from Risk Management

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

How TikTok is reframing cybersecurity efforts

4 min read - You might think of TikTok as the place to go to find out new recipes and laugh at silly videos. And as a cybersecurity professional, TikTok’s potential data security issues are also likely to come to mind. However, in recent years, TikTok has worked to promote cybersecurity through its channels and programs. To highlight its efforts, TikTok celebrated Cybersecurity Month by promoting its cybersecurity focus and sharing cybersecurity TikTok creators.Global Bug Bounty program with HackerOneDuring Cybersecurity Month, the social media…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today