IoT security, neglected infrastructure, and a crisis of trust deemed major threats for 2022

The Information Security Forum predicts the coming threats with a very good track record so far. Get your company ready for these threats.

Armed with a “state of the industry” survey, most companies try to identify gaps to play catch up. In cybersecurity, that is too late. Companies need to stay a step ahead of malicious actors.

Some companies, like Shell Oil, are known for creating a variety of possible scenarios for the future and preparing for all of them. But with security, that is a nearly infinite task. The ideal choice would be to find someone who can predict future threats and to prepare for them in the present.

That’s not as far-fetched as it seems.

The Threat Horizon Report

The Information Security Forum’s (ISF) Threat Horizon Report, released annually, has actually predicted these risks:

• Threat Horizon 2019 (published in 2017) suggested that the blockchain would be under attack, subverted to commit fraud and money laundering
• Threat Horizon 2020 warned that the new biometric and facial recognition systems were more error-prone, and easier to trick, than anyone realized
• The 2021 Threat Horizon pointed out malicious drones as a risk for target attacks

All three of these events came to pass. Most core blockchain code is open-source, and criminal contributors to the blockchain did add back-door theft code into dependencies many blockchain systems were relying on. Facial recognition systems have been underwhelming, while airports have been shut down by drone interference.

The ISF’s 2022 Report

The 2022 report, which will be released on Thursday, breaks down the next threat into three categories.

ISF goes into much more detail about particular types of malicious actors, from robo-helpers (which they define as network-connected autonomous agents) crawling for data to “deep fakes” which is truthful digital content, manipulated by artificial intelligence to seem believable, the worst possible kind of “fake news.”

Steve Durbin, managing director of the ISF, explained how to leverage work this way: “The value lies in discussing upcoming scenarios, planning for those scenarios and, most importantly, engaging cross-organization teams in discussing the response playbook.  COVID-19 has shone an additional light on the need for scenario planning for business continuity, and many organizations are already reviewing their risk postures and assessing future responses not just to the pandemic but also to other emerging threats. The Threat Horizon and its associated scenarios have a key role to play in this discussion.”