You can’t discuss the future of cybersecurity without considering emerging trends in technology and threat landscapes. As organizations develop and adopt technologies related to big data, cognitive computing and the Internet of Things (IoT), cyberthreats are growing in both volume and complexity.

The race is on to secure these systems and devices before fraudsters figure out how to exploit them. Let’s take a look at some of the most important themes and innovations shaping our increasingly interconnected world.

The Power of Big Data

Massive amounts of data are produced by a rapidly growing number of devices. The equation is very simple: More devices means more data, both structured and unstructured.

Widespread mobile adoption has led to the rise of social networks, which generate even more data. Unsurprisingly, data scientists have developed ways to leverage this information in advertising and marketing campaigns. But what happens if cybercriminals get their hands on this data? With such power to influence the public’s behavior, the consequences could be dire.

Even the human brain itself can produce data for researchers to analyze. Scientists use sensors to understand how the brain reacts to certain stimulants and emotions in the interest of medical advancement. Needless to say, the data produced by these experiments is highly valuable to researchers and malicious actors alike.

But while big data certainly represents a juicy target for fraudsters, it can also help security professionals fight cyberthreats. In the cyber world, criminal activity always leaves a digital trail. Security analysts can use this data to predict attacks and identify malicious actors before they strike. The process of analyzing millions of unstructured records, however, can take days.

That’s where cognitive security comes in. With machine learning, IT professionals can process threat data more efficiently, and more accurately predict criminal activity. This is just one of the many ways in which cognitive computing will shape the future of cybersecurity.

While many institutions and government agencies have implemented regulations to protect data, the increasingly sophisticated threat landscape demands a sweeping culture change when it comes to security. Users should be careful not to publish sensitive information on social media and adopt fundamental security solutions such as password protection, firewalls and antivirus software. Enterprises must implement security controls and train employees to use them.

Securing the Internet of Things

Security professionals are well-versed in protecting servers and traditional mobile devices such as smartphones, but what about cars, refrigerators, thermostats and other home automation gadgets? Even more importantly, can they secure medical equipment in increasingly connected hospitals?

Cybercriminals commonly hijack connected devices to form botnets in larger efforts to commit distributed denial-of-service (DDoS) attacks against high-profile websites. It is becoming even more important for users and enterprises to properly secure their devices. Device manufacturers should build effective security controls into their products, and organizations should conduct exhaustive application security testing.

Looking Ahead for Industries

In the past, SCADA was secure by nature, inaccessible to outside parties using proprietary protocols. Reductions in cost and productivity, however, have driven the market to use standard protocols and interfaces that render SCADA systems vulnerable. For this reason, identity and password management are critical.

It is clear, however, that organizations are struggling to manage and monitor so many user identities. An identity governance and intelligence solution can help in that area today, but the technology will have to evolve in coming years to accommodate the death of the password and the rise of advanced authentication techniques such as biometrics.

All the aforementioned threats related to big data and IoT apply to the health care industry as well — but many IT professionals in this sector are too preoccupied with today’s security issues to worry about the threats of tomorrow. Ransomware operators are particularly drawn to health care data because it is critical, difficult to secure and highly personal. Leaders in the security space should pay close attention to this highly targeted industry.

Shaping the Future of Cybersecurity

While these threats certainly pose a significant challenge to IT professionals across all sectors, the urgency will only increase as technologies such as cognitive computing, big data analytics and the IoT further develop and influence our increasingly connected world in unprecedented ways.

Enterprises can do their part by sharing threat data and investing in solutions and infrastructures that are secure by design. As always, users should exhibit good password hygiene and avoid opening suspicious or unsolicited emails and attachments.

Listen to the podcast: The Cognitive Transformation is Coming

More from Application Security

X-Force Identifies Vulnerability in IoT Platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

4 min read

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

12 min read - ‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

12 min read

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

4 min read - Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

4 min read

Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers

17 min read - Overview In this post, IBM Security X-Force Red offensive hackers analyze how attackers, with elevated privileges, can use their access to stage Windows Kernel post-exploitation capabilities. Over the last few years, public accounts have increasingly shown that less sophisticated attackers are using this technique to achieve their objectives. It is therefore important that we put a spotlight on this capability and learn more about its potential impact. Specifically, in this post, we will evaluate how Kernel post-exploitation can be used…

17 min read