Emerging Technologies: Managing Elastic Attack Surfaces

NOV 19 2017

AUTHOR

Kumar Ritesh

Technology innovation drives economic growth, enhances our lives and supports behavioral change. But emerging technologies also have inherent risks: In the current cybersecurity climate of looming hacks and breaches, innovation can open new vulnerabilities for cybercriminals to exploit.

Emerging technologies are significantly increasing the cyberattack surface within organizations, and these technologies require protection. We are seeing a shift among cybercriminals from attacks on legacy applications, systems and infrastructure to these new technologies.

Digital proliferation is outpacing the speed with which defense mechanisms are invented and applied to protect these emerging technologies. On one side, organizations need to ensure that technologies continue to serve as business enablers, facilitating productivity and optimizing business processes; but they also must keep pace with the increasing complexity and variety of new attack surfaces exposed by emerging technologies such as:

Cryptocurrency/Blockchain: Many large financial services and investment firms and governments are exploring the use of Bitcoin and its underlying blockchain technology to replace existing financial systems; however, we should be cognizant that blockchain comes with its own set of cybersecurity challenges. There have been at least three dozen heists of cryptocurrency since 2011 and more than 980,000 Bitcoins have been stolen, translating into about $4 billion today.

Internet of Things (IoT): It is no longer news that IoT devices can be weaponized by threat actors to conduct cyberattacks, but many manufacturers and firms deploying IoTs still do not take security issues seriously. For example, in February 2017, details from 800,000 customers were exfiltrated from an Internet-connected toy company, including two million private recordings.

Intelligent cloud: Companies are racing to migrate to the cloud and as a result, cybersecurity for cloud infrastructure is in a state of transition as many companies assume that security is the responsibility of the cloud provider. Cloud enablement creates many blind spots for companies, paving the way to multiple intentional and unintentional data leaks.

Smart supply chain: Cyberattacks are becoming prevalent in smart supply chain systems – a result of the evolution from traditional supply chains to connected, smart and technology-driven ecosystems. From a hacker’s perspective, these systems host sensitive data about orders, pricing, logistics, contracts, raw materials and forecasting, all of which are coveted.

Artificial intelligence- and machine learning-enabled systems: Artificial intelligence (AI) and machine learning (ML) are the next big technology revolution that will re-shape the way we conduct business. Given the current pace of automation and digitalization, AI/ML will be able to take over most of the manual and repetitive or even cognitive jobs we do today.

It is important to be aware of the opportunities and threats related to AI/ML, which will make existing cyberattacks more powerful, efficient and easier to execute. AI/ML-enabled attacks will be self-learning and react faster when countermeasures are built against the attack, which means that AI/ML-enabled attacks may be able to exploit another vulnerability or scan for new ways into a system — without waiting for human instructions.

Augmented and virtual reality: Augmented reality (AR) and virtual reality (VR) will radically change how we work, learn, play, exercise, communicate, transact, socialize and consume content — and come with their own unique cybersecurity challenges. Potential attack vectors include:

  • Hackers record users’ behavior in their VR/AR environment and threaten to publicly release the recording unless a ransom is paid.
  • Interjection of information or data into VR/AR to mislead or entice users into selecting items that exfiltrate personal identifiable information.
  • Hijacking and taking control of VR/AR remotely to impersonate someone in a workplace social collaboration scenario.

Robotics and unmanned aerial/aquatic vehicles: There is a huge buzz around the robotics market, with projected global spending on robotics reaching $188 billion by 2020. Robots can take on any form and be used for a multitude of purposes, but the main goal is autonomous, unsupervised operations that achieve human-level outcomes. Some of the most popular industrial and consumer robots are dangerously easy to hack and could be turned into bugging devices or weapons.

What’s next?

Embedding emerging technologies into businesses is redefining and elasticizing the cyberattack surface, which grows with the adoption of every new technology. The only way to address the elastic attack surface is with a detailed cyberstrategy, and a complete assessment of the entire attack surface, possible attack scenarios, integrated monitoring controls, emerging technology threat models, potential risks and mitigating controls.