March 3, 2023 By George Platsis 4 min read

The year is 2030. The world is full of smart mega cities, digital surveillance is openly ubiquitous, cash transactions no longer exist, wired connections remain for only the most demanding data flows, the “Internet of Things” age is over and the “Everything is Internet” age is here, and we churn out data with every heartbeat – literally – contributing to the Yottabyte Era.

It all sounds daunting or even dystopian. But such a future is not unrealistic at all; therefore, we must consider the cybersecurity risks that come with that future.

Attack surface, what attack surface?

The digital age of the near future will undoubtedly retain one characteristic of today’s networks and systems: it will remain inherently insecure. You see, decisions made long ago had downstream consequences. Namely, the free exchange of information was prioritized over the secure exchange of information.

To be clear, the issue at hand is not about suppression, censorship or restriction of information; rather, the issue is how we exchange that information.

Consider the postcard versus the letter in an envelope. Both have a stamp, and an address from sender to receiver and travel over the same infrastructure. But anybody with access to the infrastructure can read a postcard, whereas opening the envelope requires some tampering.

The future inherits that problem: the mail system is still the same. That means:

  • Postcards can — and will — still be mailed (think little gadgets and insecure devices)
  • Some letters will be in envelopes (e.g., encryption), but the envelope security is challenged
  • Some will opt for special handlers (think private couriers as proprietary technology), but not everybody can use or afford these options.

Short of a “new internet” built with secure transfer prioritized — one can hope for a space-based communications system that does that — we are stuck with the Internet we have and will continue to build on that weak foundation.

The result is a “postcard nirvana” for malicious actors unless you employ the joint power of the two letters “n” and “o” in your decisions. Otherwise, your attack surface is everywhere. CISOs, CIOs, risk officers and executive officers appreciate that as you balance your business operations, risk tolerance levels and security programs, the most important decision you make may be saying, “no, we will not implement that technology because it generates too much exposure.”

So, against that backdrop, what could the future of cyberattacks look like?

Unleash the machines

The use of a graphic user interface to conduct hacking operations was a type of super leap for both offensive and defensive hackers. The GUI made life easier and more accessible. Artificial intelligence may likely be the next super leap, particularly as solutions become commoditized. Soon, an attacker may give the AI a target, program in some type of training method, supervised or unsupervised, and just let the machines run wild. And the defender will return with AI in kind.

Obfuscate, confuse and drain

For the more sinister who seek to bleed instead of kill, whatever the tools of the future are, defense against hacking may generate a feeling of futility if data sets are no longer reliable. The challenge is big data. If the threat actors of tomorrow can undermine data integrity, poor decision-making is the result. How can you operate with any level of efficiency and accuracy if your source data is wrong? Now, apply this thinking to the operations of a smart city or your auto-drive car. Not a pretty picture, and a means to shut down large swaths of operations in one shot.

Steal now, decrypt later

Sticking to big data, data transfer speeds are becoming so fast — even at the consumer level — that hackers may just start hoarding. Even without the ability to decrypt containers today, encryption obsolescence is nearing as we cross the quantum barrier. Do not be surprised if hackers, especially at the nation-state level, simply steal something now with the intent of using it later when technology permits easier decryption. Cloud and third-party service providers become lucrative targets here. Consider it wholesale theft.

Battle of the titans: Encryption and quantum

Something to think about today, quantum-proofing your encrypted data sets buys time. Even if quantum technology cannot reach the commercial or consumer markets in the near future, you can be sure threat actors at the nation-state level are game to play. Quantum computing takes smash-and-grab to industrial levels.

Hybrid hacking

What does this obscure and relatively unheard term mean? A yours truly definition: hacks are multi-vectored between technical and non-technical means. For example, threat actors use AI to conduct a social engineering attack based on your behavioral characteristics. The AI learns your traits through different data trails you leave behind and devises tailored attacks.

Targeted micro attacks

If we go down the dystopian route, malicious actors will conduct highly individualized attacks. We all possess unique DNA, just like any device ID. The only remaining question is whether we plug into the network. Stay off; good chance you stay protected. Connect once, and you are there for the world. Now, imagine your PII and PHI out in the wild — today’s breaches may have already done that — and hackers for hire can take contracts for a specific internet-connected medical device used by a specific individual. Your nightmares can finish this thought.

More hackers

As more people are “born into” technology, their technical proficiency could very well increase compared to us today. Those in the infosec world today are there by choice and desire; future generations will just be in it. Survival will depend on their ability to navigate it, and “how to hack” may be a kindergarten lesson.

What is the future outlook?

In closing, the key to protection is designing an inherently secure network. Until such time, the future of hacking will likely become more impactful until it falls off a cliff. Why is that?

Tools and data will become unmanageable, causing the constant fire drill. But then, how does it drop off entirely? Our attitude towards data. There will come a time when we decide either:

  1. Not to care and let data run free, making it effectively worthless; or
  2. Begin to focus on privacy, move critical data off systems, destroy unnecessary information and voluntarily restrict data generation.

The choice is yours.

More from Risk Management

How will the Merck settlement affect the insurance industry?

3 min read - A major shift in how cyber insurance works started with an attack on the pharmaceutical giant Merck. Or did it start somewhere else?In June 2017, the NotPetya incident hit some 40,000 Merck computers, destroying data and forcing a months-long recovery process. The attack affected thousands of multinational companies, including Mondelēz and Maersk. In total, the malware caused roughly $10 billion in damage.NotPetya malware exploited two Windows vulnerabilities: EternalBlue, a digital skeleton key leaked from the NSA, and Mimikatz, an exploit…

ICS CERT predictions for 2024: What you need to know

4 min read - As we work through the first quarter of 2024, various sectors are continuously adapting to increasingly complex cybersecurity threats. Sectors like healthcare, finance, energy and transportation are all regularly widening their digital infrastructure, resulting in larger attack surfaces and greater risk exposure.Kaspersky just released their ICS CERT Predictions for this year, outlining the key cybersecurity challenges industrial enterprises will face in the year ahead. The forecasts emphasize the persistent nature of ransomware threats, the increasing prevalence of cosmopolitical hacktivism, insights…

How I got started: Ransomware negotiator

4 min read - Specialized roles in cybersecurity are proliferating, which isn’t surprising given the evolving threat landscape and the devastating impact of ransomware on many businesses.Among these roles, ransomware negotiators are becoming more and more crucial. These negotiators operate on the front lines of cyber defense, engaging directly with cyber criminals to mitigate the impact of ransomware attacks on organizations.Ransomware negotiators possess a unique blend of technical expertise, psychological insight and negotiation skills that allow them to navigate the high-stakes environment of ransomware…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today