This year’s top six cyber risks for businesses, according to The Chertoff Group principal Adam Isles, include: increase in destructive attacks targeting industrial control systems, expansion of IoT as a threat vector, evolution in nation-state activity tradecraft, advances in identity subversion as a tactic, increased use of software subversion to bypass security controls and increase in third-party risk.
Every five years, the U.S. intelligence community releases a Global Trends Report, and the one released in January 2017 cited destruction of important civilian infrastructure as an increasingly likely form of emerging warfare. The rise in attacks targeting industrial control systems (ICS) can be attributed to factors including the relative ease at brute forcing default or weak passwords on ICS equipment, an increase of the number of ICS accessible to the public and an uptick in motivation by malicious actors to control ICS for political influence or monetary gain.
“Threat is a function of motivation, capability and opportunity,” said Isles. “2018 is expected to bring additional advances particularly regarding autonomous/artificial intelligence-enabled systems and their use in both private and professional settings. As this trend advances, so too does the opportunity to exploit such devices for malicious purposes.”