If you thought cybersecurity was a challenging and often weird part of the tech industry, be prepared for it to get even odder.
The next couple of years will bring a new range of threats that will take tech security far beyond its traditional boundaries and will require a whole new set of skills and alliances.
One example: tech analyst Forrester predicts that deep fakes could end up costing businesses a lot of money next year: as much as $250m.
That might happen in a couple of ways. There’s the risk to your share price if someone creates a deep fake of your CEO apparently resigning from the company.
Alternatively, a convincing deep fake of a celebrity well known for using your products seemingly being rude about your brand could easily hurt sales if it spreads widely.
But there’s also the risk that deep fakes could be added to the toolkits used by phishing gangs.
There have already been a few cases of crooks using AI tools to fake the voices of CEOs to trick workers into transferring money to their accounts. The next step would be to create a convincing video of an executive asking for an emergency funds transfer.
If employees are regularly tricked into handing money over to fraudsters on the strength of a bogus email (and they still are), imagine how easy it would be to be fooled by a deepfaked video chat with the CEO instead?
The continued expansion of the Internet of Things will greatly increase the number of devices and applications that security teams will have to protect. That’s hard for teams that have been used to protecting just PCs and servers and now have to worry about everything from smart air-conditioning units or vending machines in the canteen, right through to power plants and industrial machinery.
Half the battle for tech is likely to be just finding the stuff other parts of the business have accidentally connected to the web without realizing it. The gradual rise of 5G, which also brings a new set of threats, is going to make this a bigger problem because these devices might be spread across a vast geography.
As a result, tech teams may well find themselves spending less time at their desks and more time up ladders and poking around and playing find-the-unsecured-device than they are used to.
Ransomware is likely to get odder, too. This year has shown just how much effort criminal gangs are willing to put into catching out large organizations. The aim now is to score a huge payday by encrypting whole networks, not just a few PCs.
But we’re already seeing the emergence of a new trend. Rather than just pocketing the ransom, crooks may now start copying sensitive corporate data to sell it or extort even more money from companies that don’t want their secrets exposed on the internet.
The security threats are weird and getting weirder: phony CEOs, mysterious gadgets that you can’t see but could be giving hackers easy access to your networks, and crooks looking to extort you for access to your own data.
That’s not even including the random threat of state-backed hackers who might want to attack your organization as part of a bigger project that you’ve got little chance of comprehending.
However, it’s also important to remember that most security risks are still far more mundane: the weak password that the CFO hasn’t changed; the software patch that should have been deployed months ago; and that badly configured cloud database. These are the things that need to be brought under control.
But then it’s wise to think about these more esoteric risks and to discuss them across the organization. Understand the risks better and add them to your crisis response plan. Have a scenario for how to respond to a ransomware crisis and at least an idea about what to do when that problematic deepfake goes viral.
That strategy will go beyond tech to marketing or public relations and even HR. Having that written down will save you hours or days that you don’t have when responding to a crisis. You can’t build a firewall against all future threats, but if you’ve thought about them and planned in advance, you’ll have a much better chance of coping with them.