Three Cyber Threats Resulting from Today’s Technology Choices to Hit Businesses by 2024
Companies need to consider the cost of to disengage from the cloud along with proactive risk management that looks at governance issues resulting from heavy use of low – and no – code tools.
Nearly 59% of businesses have accelerated their journey to digitalisation while public cloud spending is seeing record growth and adoption in organisations worldwide. There is also a seismic shift in customer expectations when it comes to digital. Yet the business environment continues to remain fluid and uncertain. Decisions made for short-term gains are bound to inflict longer-term pain because such choices, made at speed, often tend to bite back. According to recent research, almost three-quarters of cyberattacks in the last 12 months can be attributed to technologies adopted during the pandemic.
The Information Security Forum (ISF) now believes that the technologies to manage customer and employee expectations that organizations have rapidly adopted to accelerate their digital transformation could slowly result in a dead end. By 2024, businesses will encounter three major cyber threats resulting from today’s hasty technology decisions.
Threat 1: The Cloud Risk Bubble Bursts
The benefits bestowed by moving more and more operational and business infrastructure to the cloud will be seen to have a hidden and rising cost as this strategy begins to stifle the flexibility that organisations need to innovate and respond to incidents.
Organisations will find that their technology choices are stunted and their options for switching suppliers are limited by their reliance on particular cloud platforms and their partners. Further, several unforeseen issues surrounding trust such as governance, compliance, security, predictable pricing, performance, and resiliency might emerge.
As privacy regulations tighten around the world, data sovereignty is a major topic of concern. Businesses that fail to comply with local regulations will face lawsuits, investigations, penalties, and risk losing competitive edge, reputation, customer trust and confidence. Additionally, cloud mismanagement and misconfigurations (probably due to a widening cloud talent shortage) will continue to be a huge threat to organisations — an estimated 63% of security incidents are said to be caused by cloud misconfigurations.
Threat 2: Activists Pivot to Cyberspace
While social movements sparked from social media aren’t new, ISF predicts that in the coming years traditional activists will increasingly leverage established cybercriminal attack patterns to score political points and halt what they regard as unethical or unnecessary corporate or government behaviour. The Ukraine-Russia crisis is a great example of this where global hacktivists are coming to Ukraine’s aid by collaborating on online forums and targeting Russian infrastructure, websites and key individuals with malicious software and crippling cyberattacks.
Activists can be motivated by moral, religious, or political beliefs; they can also serve as puppets of rogue nations or political regimes trying to gain competitive advantage or influence over foreign policy. As factories, plants, and other industrial installations leverage the power of edge computing, 5G, and IoT, online activism will enter a new era where these so-called “hacktivists” will increasingly target and sabotage critical infrastructure.
Threat 3: Misplaced Confidence Disguises Low-Code Risks
Resource constraints and the shortage in supply of software developers is giving rise to no-code, low-code technologies — platforms that nondevelopers use to create or modify applications. Per Gartner, 70% of new applications will be developed using low-code and no-code technologies by 2025.
However, low-code/no-code technologies present some serious risks. As these tools permeate organisations, the challenging work of ensuring that developers follow secure guidelines when creating apps and code will be undermined. Enthusiastic users keen to get their projects running will turn to these tools beyond the oversight of the IT teams, creating shadow development communities that are ignorant of compliance demands, security standards, and data-protection requirements. According to recent research, governance, trust, application security, visibility, and knowledge/awareness are some of the major concerns cited by security experts surrounding low-code/no-code tools.
Read the full article for advice on how organisations can protect themselves…
SUPPORTING CONTENTVIEW ALL NEWS ARTICLES
Technology Choices Limit Control
Steve continues to break down the three major themes in the recently released Threat Horizon 2024: The disintegration of trust report.
The Future CISO: Securing the digital organisation of the future
Former CISO Paul Watts reflects on where CISOs find themselves today, and how they can ensure their role continues to add value.