Last week, we talked about how cyber security is like Chess. In order to be effective, you have to prepare and anticipate your opponent’s moves and styles of attack before they happen. Today we will look at the other side of the cyber coin: attackers. What future capabilities do we think they will have, and what can we do to start preparing for them?
There are about three major capabilities that future Advanced Persistent Threats (APT) and attackers will have:
I think it’s safe to say that one advantage that future hackers will have is a set of modern tools not commonly available to them today. Some examples of this future capability include the ability to use high-performance computing when orchestrating attacks. For example, they will be able to more universally leverage fiber for faster data speeds, meaning they can make their opening moves more quickly.
This one isn’t so much a tool as it is an evolving vulnerability. At the most simplistic level, cyber criminals will become more savvy in understanding how interconnected all the pieces are within the cyber ecosystem. Take oil and gas, for example. In the future, all the parts with this industry will require a stronger relationship with the other. In the near future this could translate to a hacker’s ability to access an off-shore oil rig belonging to one company through a vulnerability found in a drone searching for new sources of gas that belongs to a different company.
In healthcare and medicine, this scenario gets even more alarming. This is especially true as our diagnostic systems and medical components get more complicated and complex. In the near future, we may even find the need to secure medical implant devices the same way we defend commercial airspace today.
It’s pretty safe to assume that in ten to 20 years my new smartphone will have the same or greater computing power as a top-of-the-line gaming machine today. The expanded use of mobile technology could potentially create havoc in the right hands, especially when acquiring passwords and sensitive information for espionage.
If we can make any final assumptions about the future of cyber security, it’s not that any one of these particular scenarios is worthy of our preemptive defense. Rather the orchestration of all three scenarios is what we have to prepare for by continuing to monitor our network faster, learn as much from our intruders as possible, and protect the individual IP itself, no matter where it travels. After all, the old cliché still plays true today, and will in the future: those who don't study the past are doomed to repeat it.