By 2021, the world will be significantly digitized and connected. Competing in the digital marketplace will become increasingly difficult, as businesses develop new strategies which challenge existing regulatory frameworks and social norms, enabling threats to grow in speed and precision. Vulnerabilities in software and applications will be frequently disclosed online with ever-decreasing time to fix them.
Organizations will struggle when one or more of the big tech giants are broken up, plunging those reliant on their products and services into disarray. Organizations will rush to undertake overly ambitious digital transformations in a bid to stay relevant, leaving them less resilient and more vulnerable than ever.
Let’s take a quick look at a few of the threats on the horizon and what they mean for your organization:
Digital Vigilantes Weaponize Vulnerability Disclosure
Vulnerability disclosure will evolve from a predominantly altruistic endeavor to one that actively damages organizations. Attackers will search for, and publicly disclose, vulnerabilities to undercut competitors and destroy corporate reputations. Fraudsters will manipulate financial markets by releasing exploits at opportune moments. A lack of regulation will lead to a culture of digital vigilantism whereby vulnerability disclosure is weaponized for commercial advantage.
Organizations will be caught unaware as their vulnerabilities are disclosed at an accelerated pace, often without knowledge or consent. They will face unachievable timeframes to fix disclosed vulnerabilities, draining internal resources. The release of exploit code, the self-propagating nature of some malware and the interconnectivity of devices could see vulnerabilities exploited faster than ever before (accelerated by developments in AI) with major impacts to business.
Software providers and organizations that rely on their products will experience disruption from strategic vulnerability disclosure by rogue competitors, organized criminal groups and hacktivists. Given the global dependence on commercial software, the weaponization of vulnerabilities will have far-reaching consequences for businesses and their customers alike.
Dealing with zero-day vulnerabilities should be business as usual for organizations. However, as vulnerability disclosure becomes weaponized this will require re-evaluation of current approaches to patch management, threat intelligence and resilience.