March 3, 2023 By George Platsis 4 min read

The year is 2030. The world is full of smart mega cities, digital surveillance is openly ubiquitous, cash transactions no longer exist, wired connections remain for only the most demanding data flows, the “Internet of Things” age is over and the “Everything is Internet” age is here, and we churn out data with every heartbeat – literally – contributing to the Yottabyte Era.

It all sounds daunting or even dystopian. But such a future is not unrealistic at all; therefore, we must consider the cybersecurity risks that come with that future.

Attack surface, what attack surface?

The digital age of the near future will undoubtedly retain one characteristic of today’s networks and systems: it will remain inherently insecure. You see, decisions made long ago had downstream consequences. Namely, the free exchange of information was prioritized over the secure exchange of information.

To be clear, the issue at hand is not about suppression, censorship or restriction of information; rather, the issue is how we exchange that information.

Consider the postcard versus the letter in an envelope. Both have a stamp, and an address from sender to receiver and travel over the same infrastructure. But anybody with access to the infrastructure can read a postcard, whereas opening the envelope requires some tampering.

The future inherits that problem: the mail system is still the same. That means:

  • Postcards can — and will — still be mailed (think little gadgets and insecure devices)
  • Some letters will be in envelopes (e.g., encryption), but the envelope security is challenged
  • Some will opt for special handlers (think private couriers as proprietary technology), but not everybody can use or afford these options.

Short of a “new internet” built with secure transfer prioritized — one can hope for a space-based communications system that does that — we are stuck with the Internet we have and will continue to build on that weak foundation.

The result is a “postcard nirvana” for malicious actors unless you employ the joint power of the two letters “n” and “o” in your decisions. Otherwise, your attack surface is everywhere. CISOs, CIOs, risk officers and executive officers appreciate that as you balance your business operations, risk tolerance levels and security programs, the most important decision you make may be saying, “no, we will not implement that technology because it generates too much exposure.”

So, against that backdrop, what could the future of cyberattacks look like?

Unleash the machines

The use of a graphic user interface to conduct hacking operations was a type of super leap for both offensive and defensive hackers. The GUI made life easier and more accessible. Artificial intelligence may likely be the next super leap, particularly as solutions become commoditized. Soon, an attacker may give the AI a target, program in some type of training method, supervised or unsupervised, and just let the machines run wild. And the defender will return with AI in kind.

Obfuscate, confuse and drain

For the more sinister who seek to bleed instead of kill, whatever the tools of the future are, defense against hacking may generate a feeling of futility if data sets are no longer reliable. The challenge is big data. If the threat actors of tomorrow can undermine data integrity, poor decision-making is the result. How can you operate with any level of efficiency and accuracy if your source data is wrong? Now, apply this thinking to the operations of a smart city or your auto-drive car. Not a pretty picture, and a means to shut down large swaths of operations in one shot.

Steal now, decrypt later

Sticking to big data, data transfer speeds are becoming so fast — even at the consumer level — that hackers may just start hoarding. Even without the ability to decrypt containers today, encryption obsolescence is nearing as we cross the quantum barrier. Do not be surprised if hackers, especially at the nation-state level, simply steal something now with the intent of using it later when technology permits easier decryption. Cloud and third-party service providers become lucrative targets here. Consider it wholesale theft.

Battle of the titans: Encryption and quantum

Something to think about today, quantum-proofing your encrypted data sets buys time. Even if quantum technology cannot reach the commercial or consumer markets in the near future, you can be sure threat actors at the nation-state level are game to play. Quantum computing takes smash-and-grab to industrial levels.

Hybrid hacking

What does this obscure and relatively unheard term mean? A yours truly definition: hacks are multi-vectored between technical and non-technical means. For example, threat actors use AI to conduct a social engineering attack based on your behavioral characteristics. The AI learns your traits through different data trails you leave behind and devises tailored attacks.

Targeted micro attacks

If we go down the dystopian route, malicious actors will conduct highly individualized attacks. We all possess unique DNA, just like any device ID. The only remaining question is whether we plug into the network. Stay off; good chance you stay protected. Connect once, and you are there for the world. Now, imagine your PII and PHI out in the wild — today’s breaches may have already done that — and hackers for hire can take contracts for a specific internet-connected medical device used by a specific individual. Your nightmares can finish this thought.

More hackers

As more people are “born into” technology, their technical proficiency could very well increase compared to us today. Those in the infosec world today are there by choice and desire; future generations will just be in it. Survival will depend on their ability to navigate it, and “how to hack” may be a kindergarten lesson.

What is the future outlook?

In closing, the key to protection is designing an inherently secure network. Until such time, the future of hacking will likely become more impactful until it falls off a cliff. Why is that?

Tools and data will become unmanageable, causing the constant fire drill. But then, how does it drop off entirely? Our attitude towards data. There will come a time when we decide either:

  1. Not to care and let data run free, making it effectively worthless; or
  2. Begin to focus on privacy, move critical data off systems, destroy unnecessary information and voluntarily restrict data generation.

The choice is yours.

More from Risk Management

What’s behind unchecked CVE proliferation, and what to do about it

4 min read - The volume of Common Vulnerabilities and Exposures (CVEs) has reached staggering levels, placing immense pressure on organizations' cyber defenses. According to SecurityScorecard, there were 29,000 vulnerabilities recorded in 2023, and by mid-2024, nearly 27,500 had already been identified.Meanwhile, Coalition's 2024 Cyber Threat Index forecasts that the total number of CVEs for 2024 will hit 34,888—a 25% increase compared to the previous year. This upward trend presents a significant challenge for organizations trying to manage vulnerabilities and mitigate potential exploits.What’s behind…

Addressing growing concerns about cybersecurity in manufacturing

4 min read - Manufacturing has become increasingly reliant on modern technology, including industrial control systems (ICS), Internet of Things (IoT) devices and operational technology (OT). While these innovations boost productivity and streamline operations, they’ve vastly expanded the cyberattack surface.According to the 2024 IBM Cost of a Data Breach report, the average total cost of a data breach in the industrial sector was $5.56 million. This reflects an 18% increase for the sector compared to 2023.Apparently, the data being stored in industrial control systems is…

Cybersecurity Awareness Month: Horror stories

4 min read - When it comes to cybersecurity, the question is when, not if, an organization will suffer a cyber incident. Even the most sophisticated security tools can’t withstand the biggest threat: human behavior.October is Cybersecurity Awareness Month, the time of year when we celebrate all things scary. So it seemed appropriate to ask cybersecurity professionals to share some of their most memorable and haunting cyber incidents. (Names and companies are anonymous to avoid any negative impact. Suffering a cyber incident is bad…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today