Unfortunately, the cyber threat landscape continues to intensify. The last half of 2023 saw increases in volume and sophistication of cyber-attacks. I foresee that novel attack pathways will develop; and I also predict that socially engineered intrusions will increase in number.
The most significant threats are those that are linked to the location of the victim. Often these attacks will originate from nearby countries with political tensions towards the victim’s nation, exploiting the digital realm to further their national and military objectives.
There has been a tremendous rise in highly organised, well-funded, cyber gangs that launched successful attacks across a wide variety of victims. Although the attack signature of each cyber gang may be different, the motivations are either, to steal money; or, to operate as hacktivists promoting political or philosophical views.
More specific examples may include the desire to generate finances and money for the gang operation, to undermine authority, or to conduct mercenary operations in cyber space.
We will see greater collaboration among more autocratic nations, enabling them to increase the sophistication and volume of attacks. We will also see the increased targeting of developing nations. These nations will accept the trade-off of cost-effective, advanced technology for communications like 5G and ports infrastructure with the high risk of future control of those systems by autocracies that strive to strictly control their citizens.
But, while the threat actors are becoming more organised, sophisticated, and better funded, we are also seeing the good actors improving their skills when it comes to cyber resiliency, covering defence, response, and recovery.
In the future, there will be increased collaboration between countries but also between businesses and governments, enabling a much more robust defence against cyber threats. This will require organisations to be more open and communicative – whether they operate in the public or private domain – to improve cyber security.
In any way that AI can be used for good, it can also be used to create harm. One risk we can expect to see more of is threat actors feeding disinformation into AI and machine learning technologies causing such tools to misbehave, mislead, and become disruptive through misinformation.
This is an area that needs great thought into how to provide protection. We also need to adapt our own human behaviours to the vagaries of AI. For now, every output need human verification – we must ask ourselves, ‘does this look right?’, until we get to the point when we know the output is accurate and can be trusted.
Threat actors are also exploiting AI to create more sophisticated forms of attack. Given AI’s dual nature as a force for both good and bad, the question going forward will be whether organisations’ AI protection can outpace hackers’ AI attacks.
Cybersecurity is a great equalizer in the world of work. The best professionals in cybersecurity come from a diverse range of backgrounds. It’s this diversity that enables them to think more creatively and solve the most complex security threats, at pace.
On-the-job experience and certification, as well as paid internships or apprenticeships, can often be more important than a classic university background, making cyber careers much more accessible to those from less affluent backgrounds who can’t afford university or college fees.
Women are still hugely under-represented at senior levels within the cybersecurity industry. Organisational leaders must address the gap at the middle layer of management, giving women the opportunities to learn, solve problems, and achieve visible results to help them move up career ladder.