If you could predict the future, would you want to live in it? Many people are amazed, if not bamboozled, by the current state of the digital environment. Change is inevitable. We must embrace it. If you see some of the amazing inventions that have been created over the past few years, you can almost look forward to the future with great anticipation and excitement. However, it would be a folly to imagine it will be all bliss.

Just as much as we look to the future, so do hackers and other cyber terrorists. Everyone is excited about new technology. As we explained in the fundamentals of cyber security, all technology is of dual use. It can be used for as much damage as it can be used for good deeds. What is important is what nations do with the technology, the resources they have at their disposal and their intentions.

The amount of cloud services, IT systems, and connected devices keeps increasing, which is a good thing, as the more connected a network is, the more value it possesses. All these systems process unimaginable volumes of data, commonly referred to as “Big Data”. We must do all we can to protect this information, lest it falls into the wrong hands. For a world that relies heavily on data analysis, bestowing the right data upon a powerful entity with the right resources and, at times, government backing can lead to disastrous results.

There is too much data online that can be exploited, digitized and even weaponized.

From individuals to organizations, a lot of people stand to gain a great amount by exploiting the vulnerabilities in your networks and devices. Given the rate at which technology is advancing, the perceived future threats relating to cyber security might fall into any of the categories noted below.

Espionage - Selling privileged information to an enemy is not just limited to inter-country spats; today, companies find themselves in a very tight spot, especially given the lengths at which competitors are willing to go to get an advantage in the market. Some of the information that is traded includes passwords, accounts, hospital records, and credit card details.

Other than that, espionage can also be used to access privileged information. In the scenario above, the goal is to get some money. The hacker obtains information and sells it. However, in this case, the hacker is looking for specific information. The end result might be bigger than the immediate financial benefit of having that information.

Kidnapping - Kidnapping in the digital sphere works in the same way traditional kidnapping works. The hackers intercept information that they deem important, encrypt it, and demand ransom from the owners or recipients to decrypt it for them. Organizations and businesses that handle critical information, such as hospitals, are some of the most common victims of these hacks.

Phishing - Phishing is almost the oldest trick in the book. Today, however, hackers who use this method have to go the extra mile to sell their agenda. Phishing emails are camouflaged to make you believe you are responding to an official email. However, the scam is to trap you into providing important information about yourself. Spear phishing is a directed phishing attack that is aimed at specific people, and their projected yield is very high for the hackers.

Intrusion - Intrusion can be performed for many reasons. Someone who has unwarranted access to your system might do a variety of things in the network. Intrusions can be geared towards specific and targeted damage or general damage. The hackers can also get inside the system and alter information, in the process making everyone else operate on disinformation.

DDoS – ddoS (distributed denial of service) attacks are very common these days. In such an attack, a wide network of computers are programmed to overload a specific service, server, host or website with traffic such that nobody else can access it. DDoS attacks are primarily meant to cripple a certain website, server, service or a specific individual indirectly.

The world did not just go digital; it also went mobile. There is an amazing list of things that you can do with the data at your disposal. The ease with which you can conduct businesses using your phone is amazing. However, this also calls for heightened caution. If someone gains access to and controls your mobile devices, they can nearly control your entire life. 

Think about everything they will have access to, from your social media accounts, your contact list, your messages, photos, videos, and any other information you might have on the device. Thus, you must take responsibility for your actions and try to protect your devices to the best of your abilities.

Most companies have information that is no longer only restricted to or accessible to system administrators, but also by an interconnected network, meaning that most people in the organization have access to that information. Companies are spending so much to safeguard their information. However, as an employee, you must also do your best to make sure you protect the information under your care.

Social engineering is one of the methods that hackers use to gain access to systems. The victims are unaware they are being targeted. Hackers take time to study their victims and understand the things they do, how they go about their lives, the things they like, and so forth. Social engineering hacks demand a lot of patience for the hacker to cultivate an approach that their victim will never suspect. By the time you are hacked or used to get into a privileged system, you will barely realize your role in the hack. If you do, it might be too late, since the hacker will have already disappeared, wiping all traces of their existence from your life. 

Experts in the industry are currently well aware of the methods they can use to protect conventional devices like computers, smartphones, and other mobile devices. However, since we are venturing into uncertain waters with the internet of things, is everyone ready for the risks that they present? Think about home automation devices, thermostats, refrigerators, self-driving cars, and all the other amazing devices that are shaping the prospect of the future. 

Security is mandatory to protect these devices. Hacking into any of these devices will definitely have extreme ramifications, not just for the user who was hacked, but also for the companies that build or maintain the devices. Effective controls must be built into such products, and they must also be passed through rigorous security testing to ensure they are ready and safe for deployment on a large scale.

More and more devices are joining the internet each day. Whenever you purchase a new device, you try to connect it to other devices or systems you own, so that you can enjoy a seamless experience whenever you need to. More devices on networks means more data, whether structured or not.

Mobile adoption has been the heartbeat of the growth of social media over the years. With time, third parties realized they can leverage their services on social networks. They realized people want to play games, date, learn, and do so much more on social networks. They also realized the insane potential that lies therein, with all the data social networks already collect about their users.

Data scientists currently work closely with project development teams to help them understand what data they are accessing and what they can do with it to influence user behavior when interacting with their apps online. One of the pitfalls of this trend is that, while the companies say they collect your data to understand you better and help them build products and applications that can serve you better, what they actually do is use the data to manipulate you into doing whatever it is they please. The end game for most of these companies is the balance sheet. How much money are they making from manipulating you to do something? And what if such companies are hacked? 

If they could manipulate you into decision making, imagine what a hacker could do with that information. Manipulation is not just a matter of clicking a few links online or swiping left and right on your phone. Manipulation is a science. Even the brain, independent of cyberspace, presents important data that researchers can analyze and use to understand human behavior. Some cyber criminals are part of an elaborate network that includes data scientists and researchers, and at times they operate with the backing of a foreign or local government. This is too much power to wield by a shady entity.

Big data is not just about presenting challenges in the form of cyber criminals. It is also a means through which security experts can protect the cyberspace. It takes a lot of planning to execute a cyberattack without leaving traces behind. Most of this is only possible in the movies. However, in the real world, it is still possible to do so, but the planning must be very intimate. Experts can use data patterns to understand their systems and networks better, and in the process, help them predict attacks before they are executed.

The sad bit is that it might take days for experts to comb through unstructured data, during which the hack might have been executed already. To mitigate this challenge, cognitive security is one feature that will be advanced into the future. Experts currently make use of machine learning to process data efficiently. This also gives them an accurate representation of data and the current security position. 

2018 was a significant year in cyber security. The number of data breaches that were reported were record-breaking. This was also the year the GDPR was implemented. There were many learning points from the events that transpired in 2018. 

Companies, for example, were aware of and had more than two years to prepare for the GDPR. However, some took it lightly, and when the resolution was passed, they faced dire consequences barely a year later. About a month after the GDPR resolutions were passed, thousands of complaints were reported, an increase of more than 150 percent compared to a similar period in the previous year.

Issues were raised about GDPR before and after it was implemented. Many wondered whether companies could actually be held accountable for breaches. According to the regulation, companies that are found guilty are liable to fines of more than £16 million, or 4 percent of their turnover worldwide. Companies like Uber have learned the hard way that the GDPR is a serious matter. 

Companies must be held accountable for managing and protecting the consumer data they receive. They must handle it carefully, or they’ll face hefty fines. Companies like Facebook and WhatsApp have also found themselves in hot water with the GDPR. Data protection and responsibility is no longer a laughing matter.

In the broadest sense, GDPR is giving power back to the end user, but at the same time holding companies accountable for any information they request or retrieve from their users. They must protect this data or face the consequences. Sadly, most businesses are only doing the bare minimum to protect the information they have. Companies must encrypt all the data and efficiently manage keys and access control services. Encrypted data is largely useless to anyone who has it unless they have decryption protocols.

Crypto-agility has been touted as the future of cyber security. Crypto-agility is a discussion you will come across often as the masses embrace it. The threat to present security protocols become greater with the increase in computing power.

Through crypto-agility, businesses can use algorithms that are flexible such that they can change them without necessarily having to interfere with the system infrastructure, especially if the original encryption fails. What this means is that businesses have the power to protect their interests from threats that are yet to be actualized, like criminals who have harnessed the power of quantum computing before its time. As such, you no longer have to redo the entire security system every year in response to growing computing power.

The use of artificial intelligence (AI) is rather limited at the moment. However, with increasing computing power, the possibilities of using AI are limitless. There are rumors of a potential AI powered attack with the ability to power down an FTSE 100 company. If this is true, hackers could easily breach a system undetected and obtain as much information as they desire. They will also have time to study the systems and behaviors, adapt to the environment and finally unleash catastrophic attacks that could bring down companies.

AI might soon be implemented in chatbots to engineer unsuspecting victims to click dangerous links, through which their personal files and information are stolen. Hackers might also crack down on websites and applications that are not properly protected, inserting chatbots where they were non-existent.

Until 2017, not many people were aware of ransomware. The WannaCry outbreak and several other attacks that targeted high net worth individuals was just the beginning (“North Korea blamed for WannaCry, PoS attacks and Bitcoin phishing,” 2018; Popli & Girdhar, 2017) . The FBI believes that more than $1 billion has been paid as ransom to the attackers[27] . The ransomware is still in play, though the attacks are relatively subtle. However, experts believe that attackers might come back with a bolder move in the coming years.

This ransomware attacked hundreds of thousands of computers in at least 150 countries. The hackers demand some money to unfreeze computers. Some of the key targets were hospitals, governments, and big companies. Russia, for example, was reported to be one of the hardest hit targets according to a report by Kaspersky Lab. Some of the victims included banks, railways, Russia’s second largest mobile phone operator, Megafon, and the interior ministry.

In Germany, electronic boards at different stations that announce departures and arrivals were affected. However, German representatives do not believe their train services were affected.

Learning institutions in China were victims, too. Students had ransom pop-ups in their laptops, disrupting learning activities in most of the universities. Most learning institutions either use pirated computer software or outdated software, and as a result, students who access their facilities are equally at risk. Students were asked to pay $300 to gain access to their devices and resume working on their projects, most of which having deadlines that were almost due.

The western city of Chongqing struggled to process card payments at petrol stations because the China National Petroleum Corp was infected. In China alone, more than 30,000 businesses, individuals, and institutions were victims.

CJ CGV, the largest cinema chain in South Korea, was also hacked. Their advertisement servers that project to around 50 cinemas were hacked. Japan Computer Emergency Response Team Coordination Center, Hitachi, Dharmais Cancer Hospital in Indonesia, India State Police, NHS in the UK, Telefonica in Spain, Renault in France, Nissan FedEx, and hospitals in Ireland were affected. This is how ransomware can cripple the world. Now imagine a situation where hackers target a country, crippling every important industry.

The interesting thing about the WannaCry ransomware attack is that it exploited a common Windows vulnerability that the NSA also exploits - EternalBlue. EternalBlue is an NSA exploit that was implemented on older Windows operating systems. Microsoft had created patches and released them earlier on to deal with this flaw. Most of those who were affected either ignored the patch or were using older Windows systems that were no longer supported. Through the Windows server message block protocol (SMB), harmful data packets can be sent to your device undetected. The hackers encrypted data in victims’ machines, demanding ransom in Bitcoin. 

Microsoft responded by releasing an emergency patch, helping them stop the attack within a few days. Further research also revealed a kill switch which stopped infected computers from echoing the infection to networks they were connected to. This attack was formally blamed on North Korea by Australia, the UK, and the US in December 2017.

Everyone talks about cloud computing or offering cloud services from time to time. Most companies and individuals are migrating their access to cloud service hosts. With most people migrating to the cloud, there is a need to carefully scrutinize the migration processes. Hackers understand that businesses are trying to cut down on operational costs and reduce or eliminate downtime. They could also take advantage of this and piggy-back the migration exercise, then attacking cloud providers and their customers from within.

Russia is notoriously culpable for targeted cyberattacks to achieve unknown larger objectives. A while back, the FBI revealed that more than half a million home office routers were infected by Sofacy group , a Russian threat actor. This breach also affected networks connected to storage devices all over the world, allowing the hackers enough room to control the systems remotely. Considering that most of the IoT devices are poorly protected, you can expect many other countries to jump on this bandwagon.

Did you know that your data and personal information can be used against you? This is a trend that has grown over the years and will only get worse as hackers become more sophisticated. Tech giants are doing their best to safeguard your information. However, are they really doing enough? Look at the case of Facebook, for example. They admitted to using private correspondence and personal data in their possession to generate profits to the tune of billions of dollars. When you like or follow certain brands on Facebook, you further volunteer some information about yourself. This allows Facebook an in-depth look into your life, knowledge that becomes a treasure chest for the advertisers.

Facebook has also been accused of manipulating the moods of their users through an emotional contagion[28] experiment. Facebook was at the center of Cambridge Analytica’s infamous election manipulation practices, as well. Imagine a social network so powerful it can use its data to influence elections in more than one sovereign country. Now, think about hackers wielding this much power; it might be chaotic.

Satellite communications have interested several hack groups in the past. Symantec reported one such successful hack that targeted telecommunication companies in Southeast Asia, especially imaging and geospatial mapping companies. Satellite communications that the military, planes, and ships use to access the internet also have some vulnerabilities that can be exploited.