Both the global pandemic and, more recently, the war between Russia and Ukraine have highlighted the threat of cyberattacks against individuals, businesses, and nations.
As more of our lives have moved online to deal with lockdowns and movement restrictions, fraudsters, hackers, and fraudsters have enjoyed greater opportunities to attack. And international tensions have shown us that today war is being waged just as fiercely in the digital domain as it is in the real world, as state-sponsored threat actors seek to spread disinformation and destabilize critical infrastructure.
Last month, Goldman Sachs economists said the infrastructure responsible for generating and distributing energy, financial services and the transportation sector in the US is particularly vulnerable to potential Russian cyberattacks that could cause thousands of dollars worth of damage. millions of dollars.
This means that the role of the chief information security officer (CISO) is becoming more important than ever when it comes to ensuring that organizations take every precaution to avoid becoming a victim.
This week I had a conversation with Equifax CISO Jamil Farshchi. As one of the largest credit bureaus in the world, Equifax has custody of the data of more than 800 million people and 88 million companies. And as a CISO, the onus is on you when it comes to keeping this information secure. Before joining Equifax, he was responsible for protecting the US space program during his time with NASA, as well as its nuclear arsenal when he was at Los Alamos National Laboratory.
Farshchi has just compiled his own list of what he considers to be The ten most serious cybersecurity threats facing the industry and society in 2022. He joined me to discuss this in more detail, as well as how he expects the cybersecurity industry to evolve to meet these challenges.
threat to trust
In addition to the potential for privacy breaches, money loss, and infrastructure disruption from cyberattacks, there is another real and pressing issue that is often overlooked: loss of trust in technology and data. Emerging technology and data have the potential to do real good in the world, including solving massive problems like ending the energy crisis, feeding the hungry, protecting the environment, and curing disease. However, for any of these things to eventually happen, it has to be reliable. Farshchi told me how one incident, the Capital One data breach discovered in 2017, caused many companies to delay their move to the cloud while they reassessed the security implications.
He tells me: “Yes [CISOs] let’s not do our job right… if the cyber crisis is left unchecked, it will affect our ability to innovate… those roadblocks and roadblocks affect our ability to succeed and take advantage of the latest technologies.
“But if we get the technology right, I think both economically and socially… I do the best I can and I want the industry as a whole to be able to focus on this so we can all be in a better place. “
2021 saw a record increase in the number of data breaches and ransomware attacks, and Farshchi says that, unfortunately, he just thinks this is a trend that will continue. As technology becomes more pervasive in our lives, there will simply be more opportunities for us to accidentally leave doors or windows open, giving malicious actors a chance to sneak in and cause damage.
Take the Internet of Things (IoT), for example… the vast, ever-growing network of online connected devices that encompasses everything from industrial machinery to connected cars and smart home appliances. It is foretold that there will be more than 27 billion of these devices by 2025, creating an unprecedented number of opportunities for cybercriminals.
These threats are well established and should clearly be on the radar of everyone responsible for cybersecurity. But what about more exotic threats, such as the dangers posed by the dawn of the age of quantum computing?
“This one really worries me,” says Farshchi.
“A lot of people think this is something we have to worry about in the future…the bottom line is that there are threat actors that are collecting encrypted data today…data that [using classical computing technology] It would take thousands of years to figure it out. And they are collecting it for a reason.”
The reason is that it is rapidly becoming apparent that quantum technology will be available in the not-too-distant future that will make many of the industry-standard encryption techniques used to protect data today quickly work.
“This data has a long shelf life… we’re racking up a bill that we’ll eventually have to pay.”
Farshchi believes bodies like the US National Institute of Technology Standards aren’t moving fast enough to adapt to these threats – guidelines on how government agencies should prepare for a time when all data will need to be securely protected quantum proof. they won’t even be published until 2024.
This is one of the reasons why “the threat of quantum computing is not decades away, it is here now”, and is one of the 10 key warnings in Farshchi’s report.
Others include the need for corporate boards to understand their responsibility for the data in their custody, “blind spots” in security strategy when it comes to supply chain threats, rising cases of identity theft and the increasing profitability for criminals of ransomware attacks.
The importance of preparation
The key to being prepared to deal with these threats, wherever they come from, is preparation, Farshchi tells me.
“If you’ve followed the steps to prepare, you can adapt in your muscle memory and respond,” he says.
“I grew up in Iowa, we have a lot of tornadoes there…and you practice and prepare for them. Then fast forward to the university, when I was there, and there were tornadoes everywhere. When you looked around you knew what [classmates] they had grown up in the Midwest and which ones didn’t… they knew what to do.
“He was in a different circumstance — he wasn’t in Iowa, but he knew how to respond, and I think the same applies here. If organizations follow the steps and practice with their board and executives, then when bad things happen…you can lean on and solve them very quickly.”
When I asked him what he expected the cybersecurity landscape to look like in the near future, he gave me an answer that at first seems counterintuitive: “I’d like to see more sophisticated threats.”
It turns out there’s a more realistic reason for this than simply wanting to test his skills against more challenging attacks; Farshchi reasons that most cyber attacks today, such as phishing and ransomware, while they may seem complex to a layman, are actually remarkably simple. And it is an indictment of much of the existing cybersecurity infrastructure that so many attacks are still successful.
“It means that organizations aren’t even doing the basic things… and if we fast-forward into the future and we have a situation where we’re getting hit by significant, sophisticated attacks, it means we’ve done the basic things… we’re doing at least the minimum level necessary to make it difficult for our opponents”.
You can watch my conversation with Jamil Farshchi, CISO at Equifax, where we also discussed the security threats posed by metaverse and more of the top threats identified by Farshchi in his new report. If you’d rather hear it then check me out podcast.