I Predict a Cyberattack

The world is changing. If anything, the global coronavirus pandemic is accelerating the arrival of the future. Offices lay empty, replaced by cyberpunk-esque video calls (complete with pajamas and accidental mic slip-ups). Technologies once flouted as merely ‘possible’ are becoming necessities overnight. Writing for Forbes, contributor Heather McGowan states that this pandemic is accelerating us “towards digital transformation.”

It’s really no wonder, if anything, the ‘possible’ has for some time been far ahead of the ‘practical.’ There are many things we could be doing today that we simply aren’t. Usually for reasons of pragmatism; start-up costs too high, hard to get adoption by the general public, etc. For an example, look back at Google Glass. We could all be walking around today with computers attached to our heads. But we’re not.

The Threat

We’ve known for a long time that a major cyberattack is coming. It’s been described for years as a near certainty. A “cyber 9-11” could shake our world as much or more than the current pandemic. While the cost in lives from a major cyberattack may be lower, that it would necessarily be carried out by a human adversary, to purposely damage or disrupt global infrastructure would radically alter the global order.

We’ve known that this attack is coming for a few reasons. Just like predicting the start of a wildfire, you can look for the necessary signs. Just like how a fire requires: fuel, oxygen, and a source of heat, a cyberattack happens when: vulnerability, motive, and technical sophistication meet. Of course, it can be hard to figure exactly where this ‘fire’ will start, but we know the conditions are ripe. Let’s take a look at the facts..

Vulnerability

There are more enticing and vulnerable targets today than there ever has been in the history of the world. This is a combination of two independent factors.

  • As a world, we do more work online today than ever before
  • The coronavirus pandemic just opened every company’s front door

You’re probably aware of the increasing interconnectedness of the world today. Every day, more functions move online permanently. The pandemic has caused an acceleration of this trend.

Even more importantly than this however, the coronavirus pandemic just opened most all companies around the globe up to the world. With millions to billions of workers migrating from office environments, to disparate networks across the globe, nearly every company in the world just lost its network perimeter.

You know the network perimeter. The place where most companies seem to think cybersecurity starts and ends. They’ll buy expensive firewall technologies, implement logging tech, and build outlandish operations centers in the name of guarding the perimeter.

For years, cybersecurity experts have been working to explain concepts such as “defense in depth” to companies around the world. Some have listened. But for those which did not, their entire operation is now an open book. Employees can access their internal networks from anywhere in the world, on any network. Hackers can potentially access their employees. This is a recipe for disaster.

Note: Please keep in mind, this is in addition to all of the risk that companies were under in 'business as usual' prior to the pandemic.  And it was from that previous amount of risk that many experts had already called out the inevitability of a mass scale cyberattack.  Everything just accelerated.

Motive

As far as human history goes, the last couple of decades have been incredibly peaceful. All of that may be about to change. The world today feels like a box of tinder, just waiting for a spark. A showdown between Russia and the United States, or between China and the West may be just around the corner.

On top of all this, the instability that the pandemic is likely to bring to the global economy may plunge hundreds of millions of talented people into poverty. Those people may be hungry, both literally and figuratively – and looking for a way out.

Technical Sophistication

If a cold war, or a shooting war breaks out in the pacific region between China and the western world, we can expect to see large scale cyberattacks on both sides. I think this is the second most likely scenario today. We know that the Chinese military has many talented hackers, ready and willing to go to war for their country, and they will be targeting the soft underbelly of America’s online presence.

The most likely scenario I think, comes from criminal syndicates, newly motivated to fill power vacuums created by strife in second/third world countries. There exist many talented, intelligent individuals and groups across the world today far outside of the ‘usual suspects’ (ex. Russian hackers, Chinese hackers). If the pandemic destabilizes the right country or community at the right time, we’re very likely to see talent gathering together in the global shadows, looking for a way out.

Conclusion

We’ve been talking for years about a massive cyberattack. One that we are not prepared for. One that will change our world, alter the global balance of power, and change how we act, play, and live together online, forever.

If it’s coming, it’s coming now.

About the author

Professional hacker & security engineer. Currently at Google, opinions all my own. On Twitter as @zaeyx. Skydiver, snowboarder, writer, weightlifter, runner, energetic to the point of being a bit crazy.

Comments

  1. how are you preparing yourself and you personal network and computer security for this coming cyber assault

Leave a Reply to P Cancel reply

Your email address will not be published. Required fields are marked *