2025-30: Geopolitical influence on cyber and the convergence of threat
From Covid-19 to war in Ukraine, SolarWinds Sunburst, Kaseya, Log4j, MOVEit and more, the past five years brought cyber to mainstream attention, but what comes next? The Computer Weekly Security Think Tank looks ahead to the second half of the 2020s
The early 2020’s saw multiple threads of the cyber threat landscape evolve. This was mostly as individual strands, rather than symbiotically. However, as we move into the latter part of the decade, we will see the big convergence of these. Over the last five years, we have been resigned to the fact that the supply chain has become one of our biggest threats, geopolitics and conflicts have driven real world affects in the cyber domain, technology providers still don’t deliver secure products, governments fail to recognise the digital environment as the new critical national infrastructure (CNI) and artificial intelligence (AI) is creeping into offensive tools used by threat actors.
As we approach the end of the decade and the early 2030s, we will still have failed to address these individual threats, and they will come together, causing significant disruption and harm.
For the past couple of years, it has become more evident that technology providers are focused on pushing products to market, with little care for their security. Recently we have even seen the FBI and CISA demand providers start to properly adopt secure-by-design. This laissez-faire approach has already led to huge numbers of unnecessary compromises and entities having to invest significantly in EASM (External Attack Surface Management) and vulnerability intelligence programmes.
For many of my clients, the majority of the ‘breaches’ they suffer, emanate from their supply chain. Traditionally the supply chain was targeted by sophisticated nation-state actors as they fully understood and could leverage the ‘one to many’ attack. However, as criminal actors became more aware and capable, they began to adopt this technique as well. And more recently we have also seen hacktivists, aligned to social and geopolitical issues, take this approach.
As they, and we, move away from ‘old media’ to newer, social and open platforms, where both mis- and disinformation are rampant, we will also see a broader set of entities being targeted, increasing the need for entities to monitor a wider set of platforms for negative comments and sentiment. We have already started to see centralised functions that have been outsourced being targeted by these types of actors following disinformation campaigns on these platforms.
The Computer Weekly Security Think Tank looks ahead
- Mike Gillespie and Ellie Hurst, Advent IM: CISOs will face growing challenges in 2025 and beyond.
- Elliot Rose, PA Consulting: The most pressing challenges for CISOs and cyber security teams.
- Pierre-Martin Tardif, ISACA: Six trends that will define cyber through to 2030.
- Stephen McDermid, Okta: In 2025: Identities conquer, and hopefully unite.
- Deepti Gopal, Gartner: CISOs: Don't rely solely on technical defences in 2025.
- Paul Lewis, Nominet: Decoding the end of the decade: What CISOs should watch out for.
These and future successful attacks will be down to the fact that most governments, and even regulators, do not fully understand or, even if they do, can not properly map these critical suppliers and central functions to the digital environment. As such, they have not rolled out the required legislation or regulation to properly protect it, or the society that relies upon them.
Finally, we get to AI; not the Hollywood type, but the Narrow AI, we are starting to leverage now, and likely to be using into the end of the decade, albeit becoming slightly more capable and advanced. While AI will be great for cyber defence, it will of course by used by nefarious actors. Some of the likely uses of AI in offensive operations are already being seen; enhanced social engineering (such as better phishing emails and the adoption of AI-supported deepfake videos and voice notes) to the development of supporting attack infrastructure and the development and deployment of malware. This is not an article on AI and all of its uses by bad actors, but one significant area of concern is the use of AI to identify vulnerabilities (and variants) and rapidly and automatically develop and deploy exploit code, reducing n-day exploitation times down to minutes … or worse.
So, as we move into the end of the decade, what do I see in my magical mystical ball, also known as an intelligence assessment? It’s the convergence of all of this. Software will still be like Swiss cheese, more actors will have more capabilities due to AI, supply chain compromise will be commonplace, digital CNI will not have been protected and single point of failure attacks against the supply chain will constituently take critical services offline. As more nations with developing economies acquire offensive capabilities, geopolitics becomes more fractured. The digital environment will simply be a more dangerous place to do business and, though unlikely, some nations may even be taken offline for days at a time.
Originally published at ECT News