Well, here we are on New Year’s Eve of 2022. So what will the Cyber world look one day from
now? Here are some thoughts:
1)
Automation will become more popular:
I’ve written numerous whitepapers
this past year on automation. For right
now, this is popularly used in the manufacturing industry, such as cars, where
Robotics are used quite a bit. But how
about Cyber? It has made its start as
well here, but to of limiting degrees.
For example, it is being used quite heavily in AI, in order to help
optimize and clean out large datasets.
It is also being used in both Pen Testing and Theat Hunting. But will we see more of in 2023? I think we possibly could, especially when it
comes to getting a much more accurate picture of the Cyber threat landscape.
2)
Scary ML:
While AI has its good side, it does
possess its dark side as well. Probably
the worst-case usage of it are the Deepfakes.
This is when a fake video of a real person is created, in order to make
them look like the real thing. Luckily,
we did not see too much of it in the midterm elections of this year, but it is
expected that starting next year and forwards, the malicious use of Deepfakes
is only going to get worse. This is
especially true when it comes Social Engineering, and launching Synthetic ID
Fraud attacks (this is where bits and pieces about a real person are used to
create an entirely fake persona).
3)
Malicious uses of Chatbots:
Remember those pesky things that
appear on the lower right-hand side of a website? That is what I am talking about. It seems like that just about every website
now has them, and when then they do appear at first, they have a horrible sound
to them. But anyways, Chatbots are
supposed to be of help when you can’t get through to someone on the customer
service line. But I have never found
them to be useful because all I get are canned answers. But the truth of the matter is that these so
called Chatbots are getting much more advanced all the time. Now it has come to the point where even the
Cyberattacker have hijacked Chatbots for malicious purposes. One such case was the “ChatGPT”. This is where various languages were used in various
Chatbots. Nothing wrong with that, but
the problem was that the language was so perfect the end user did not realize
that they were communicating with a malicious third party that could barely
even speak English. More details about this
can be seen at the link below:
https://venturebeat.com/security/chatgpt-ransomware-malware/
Worst yet, the chatbot can also be
used for a supply chain attacks. For
example, all a Cyberattacker has to do is infect one machine with some nefarious
malware, and from there, that will spread like wildfire to hundreds, if not
thousands of other unsuspecting victims.
4)
Critical Infrastructure:
We have seen attacks here already
happen, but the fear is that it could get a lot worse, especially with the geopolitical
tensions right now with the Ukraine and Russia.
What we have seen so far have been much smaller scale attacks (except for
maybe the Colonial Gas Pipeline attack), but this could magnify greatly next
year and beyond. For instance, what is
feared is that there could be a simultaneous hits in major cities on our own
soil. It could impact everything from the
water supply to the national power grid.
Just imagine not having either one for weeks at a time? Well, that is what could very well
happen. The problem with our Critical
Infrastructure (as I have written about before) is that it is built upon
technology way back in the 1970s. So it
cannot be ripped out and replaced with a new one, nor can you simply apply
patches and upgrades. This only means that
we will simply be a sitting duck in this regard for a long time to come.
5)
Attacks on other targets, with the IoT:
The IoT is blossoming and will one
day come into full growth. This is where
all devices that we have contact with in both the physical and virtual worlds are
all interconnected together. This has given
to novel items such as smart cars, smart homes, etc. But the problem with all of this interconnectivity
is that if a Cyberattacker found just one weakness to penetrate into, they
could get all over into the place, and even launch an attack on Critical
Infrastructure from this angle. For
example, it is quite conceivable a Cyberattacker could commandeer a commercial
airplane or even a boat, and steer it purposely in the wrong direction in order
to cause the greatest amount of damage that is possible. Yes, in a way it can be advantageous to have all
of this interconnectivity, but at what price to society will it come at? That is the question yet to be answered, and
unfortunately, the answer will be quite depressing.
6)
Mergers and Acquisitions:
Although there have been a number
of tech layoffs recently, it is still expected that the Cybersecurity industry
will grow, just for the sheer fact that we need it. Therefore, it is expected that there will be more
buyouts and transactions that will happen in 2023. In fact, I have seen this already happen in
2022, as I peruse through the news headlines on a daily basis. There is at least one headline per day where some
VC is giving out money to a startup, or one Cyber company is buying out another
one. There will always be innovation and
growth here, so expect this kind of activity to happen for the long term.
7)
More tabs on the workforce:
The COVID-19 pandemic changed the
shape of this world, both for the good and bad.
But one thing for sure is that the Remote Workforce will now be a permanent
fixture here at least in Corporate America for a long time to come. Because of this, employers will need better
ways in order to keep tabs on their employees.
Unfortunately though, these will be much more covert and stealthier, and
in some cases, even scarier in the eyes of the Remote Worker. This can be likened to the fear of Big
Brother watching. But this a tradeoff
proposition: If employees want to WFH,
then they need to accept the fact that there will be a need for their employer
to keep closer tabs on them. Will the Hybrid
Workforce model alleviate this? Let’s
find out as 2023 starts soon.
My Thoughts On This:
Well, there you have it, a list of what could possibly happen
next year on the Cyber front. In reality
it is hard to say if they will happen, but we will know one year from now, as
we await for the start of 2024. But one
thing is for sure: The oldest threat
vector, Phishing, will still continue in full force even going into 2023.
No comments:
Post a Comment