THREAT HORIZON 2017Dangers accelerateChapter Meeting, Oslo4-5 March, 2015Steve ThorneInformation Security ForumThreat Horizon 2017: Dangers accelerate Copyright 2015 ISF Ltd. Annual report Identifies information security threat trends over next 2 years Links threat trends to business impactWHAT IS THREAT HORIZON?Intended to provoke thought and discussion, and to engage with senior business managersThreat Horizon 2017: Dangers accelerate Copyright 2015 ISF Ltd.METHODOLOGYThreat Horizon 2017: Dangers accelerate Copyright 2015 ISF Ltd.THE THREATSThreat Horizon 2017: Dangers accelerate Copyright 2015 ISF Ltd.Regular and increasingly large disruptions will impact the social, political andeconomic foundations of the internet, all underpinned by faster connectivityand new users.THEME 1DISRUPTION DIVIDES AND CONQUERSThreat Horizon 2017: Dangers accelerate Copyright 2015 ISF Ltd.Gigabit connectivity will offer new possibilities for everyone including criminals.Impact: Increased exposure to attacks and disruption to critical businesssystems.Threat 1.1Supercharged connectivity overwhelms defencesThreat Horizon 2017: Dangers accelerate Copyright 2015 ISF Ltd.Organised crime will migrate online, developing complex internal hierarchiesand commoditising their activities at a global level. Impact: Law enforcementand infosec struggle to keep pace, resulting in business disruption and increasedsecurity budgets.Threat 1.2Crime syndicates take a quantum leapThreat Horizon 2017: Dangers accelerate Copyright 2015 ISF Ltd.Civil unrest will emerge in response to relentless technology advances thatincrease socio-economic inequality. Impact: Disruption, including negativepublicity and brand damage, to organisations caught in the unrest.Threat 1.3Tech rejectionists cause chaosThreat Horizon 2017: Dangers accelerate Copyright 2015 ISF Ltd.Society is increasingly dependent on digital systems that are highly complex andoften based on trust. This will prove to be an unreliable method of operatingsystems that are integral to the global economy.THEME 2COMPLEXITY CONCEALS FRAGILITYThreat Horizon 2017: Dangers accelerate Copyright 2015 ISF Ltd.Following several large cascading failures (e.g. to energy grid or GPS) hiddendependencies on digitally connected critical infrastructure will becometransparent. Impact: Delayed production and deliveries. Reputational damageand loss of customers.Threat 2.1Dependence on critical infrastructure becomes dangerousThreat Horizon 2017: Dangers accelerate Copyright 2015 ISF Ltd.Targeted exploitation of widely distributed and homogenous technologies willoccur frequently and have implications for the normal functioning of theInternet and wider global economy. Impact: Loss of business-criticalinformation. Reduced or unavailable customer service.Threat 2.2Systemic vulnerabilities are weaponisedThreat Horizon 2017: Dangers accelerate Copyright 2015 ISF Ltd.Digital connectivity inside and between organisations grows, exposing legacytechnology to attackers and a greater likelihood of accidents. Impact: Inability tomaintain consistent service delivery. Steep costs for maintenance expertise andtechnology transformation programmes.Threat 2.3Legacy technology crumblesThreat Horizon 2017: Dangers accelerate Copyright 2015 ISF Ltd.Disruption to cyber-physical systems (i.e. systems that have direct physicalimpact) will lead to verifiable human deaths. Impact: Loss of life. Loss ofcustomer trust. Legal liabilities increase dramatically. Safety regulations bringnew costs.Threat 2.4Death from disruption to digital systemsThreat Horizon 2017: Dangers accelerate Copyright 2015 ISF Ltd.Large information providers will continue to expand into emerging markets,solidifying their global ambitions and frustrating government attempts atregulation. Companies will become complacent about dealing with databreaches, and poorly conceived regulations will be enforced selectively.THEME 3COMPLACENCY BITES BACKThreat Horizon 2017: Dangers accelerate Copyright 2015 ISF Ltd.Major information companies such as Google, Amazon, Facebook and Apple willgrow their global market share, raising concerns about competition and anti-trust law. Impact: Lack of commercial competition. Regulators struggle to keeppace, neither enforcing fair competition nor delivering optimal prices toconsumers.Threat 3.1Global consolidation endangers competition and securityThreat Horizon 2017: Dangers accelerate Copyright 2015 ISF Ltd.The number of data breaches will grow along with the volume of compromisedrecords, becoming far more expensive for organisations of all sizes. Impact:Customer impact and delay as liabilities are unravelled in court. Reputationaldamage. Unforeseen costs from expensive and lengthy remediation.Threat 3.2Impact of data breaches increases dramaticallyThreat Horizon 2017: Dangers accelerate Copyright 2015 ISF Ltd.1. Disruption divides and conquers1.1. Supercharged connectivity overwhelms defences1.2. Crime syndicates take a quantum leap1.3. Tech rejectionists cause chaos2. Complexity conceals fragility2.1. Dependence on critical infrastructure becomes dangerous2.2. Systemic vulnerabilities are weaponised2.3. Legacy technology crumbles2.4. Death from disruption to digital services3. Complacency bites back3.1. Global consolidation endangers competition and security3.2. Impact of data breaches increases dramaticallyThreat Horizon 2017: Dangers accelerate Copyright 2015 ISF Ltd.1. There is no call for a range of radically new practices: therequirement is to focus on anticipation and preparation2. There is no need to go it alone. Resources are widelyavailable to assist.3. Begin preparations now dont be a victim.Next stepsThreat Horizon 2017: Dangers accelerate Copyright 2015 ISF Ltd.1. Download Threat Horizon 20172. Review other material available (eg 2014 assessment)3. Join Threat Horizon group on ISF Live to continue discussion4. Give us feedback on how to improve the reportSo.Systemic vulnerabilities are weaponised 5Dependence on critical infrastructure becomes dangerous4Global consolidation endangers competition and security8Death from disruption to digital services 7Legacy technology crumbles63Tech rejectionists cause chaosCrime syndicates take a quantum leap2Impact of data breaches increases dramatically9Supercharged connectivity overwhelms defences 1Copyright 2015 Information Security Forum LimitedTHANK YOUhttps://www.isflive.org/community/risk/threat-horizonsteve.thorne@securityforum.org