Emerging cyber threats: How businesses can bolster their defenses

Enterprises leveraging our rapidly digitizing world must also have a robust understanding of how cyber threats are evolving.

AI deepfakes are already becoming too convincing to be easily spotted by common sense approaches. Malicious actors are using AI to find vulnerabilities and to make their attacks harder to detect. And AI systems themselves pose security risks. Research by Foundry shows that security and privacy are the most pressing ethical issues around generative AI deployments.

Down the road, quantum computing promises immense power and capabilities for businesses, but it will also be used by adversaries, especially to break encryption.

And further out, technologies still in the labs, such as DNA-based data storage, cybernetics and bio-hacking present their own challenges to security and data protection.

These are just some of the ways future technologies put enterprise security at risk.

shutterstock/Gorgev

Over the horizon

According to Martin Krumböck, CTO for cybersecurity at T-Systems, security teams can form a clearer view of emerging threats, by dividing them into three timescales, or “horizons”. “There’s always something changing in security,” he says.

Classical infrastructure security is in the “here and now”, and an immediate priority. And too many enterprises still have gaps in cloud security and are not yet ready for AI.

“We are seeing very quick business adoption of AI,” Krumböck explains. “At the same time, people are ignoring the risks. But the risks are already here.”

Deep fakes, used for CEO and CFO fraud, are one example. “In the past, we could mitigate that with good training,” Krumböck says. “Now, the deep fakes are getting so good that all that training is thrown out of the window.”

Other AI threats include attacks on training data for large language models (LLMs), prompt injections and direct attacks on models themselves. “But it is not at the forefront of thinking yet,” he warns.

CISOs and CSOs, then, need to be aware of the risks of AI. But they need to juggle this with monitoring longer-term threats.

“Further over the horizon, there are issues that will become important in security,” says Krumböck. “The shift to post-quantum cryptography isn’t about responding to a threat today, but about preparing for tomorrow. Particularly against long-term risks like ‘harvest-now, decrypt-later’ attacks.” Threats to blockchain technology are another medium-term risk.

It’s worth at least being aware of longer term risks posed by emerging disciplines like  DNA-based computing technology, where the DNA molecules themselves perform computational processes.

“DNA storage becomes a huge information security risk because it’s so small and can be easily implanted somewhere or used to smuggle data out,” says Krumböck. “It sounds like sci-fi right now, but it might become a reality.”

Back to the future

Clearly, security and IT leaders need to plan for emerging threats and inform their boards.

One trusted method is to test new technologies through small trials. This helps understand the organization’s risk appetite, alongside the benefits of innovation.

Few enterprises, though, can employ dedicated teams of security researchers and futurists to assess far-off risks. But organizations can work with their security partners, leverage their expertise and scale to look over the horizon.

As one of the largest enterprises in its sector, Deutsche Telekom and T-Systems have that scale. “That, in itself, puts a huge target on our backs, and we need to defend our own telecommunications network day in day out, and protect our end customers,” Krumböck explains.

This allows T-Systems to invest forward-looking security research, and crucially, translate that intelligence into information and advice that boards can understand, and act on.

Want to secure AI initiatives? Start with this e-book.

Need to rethink comprehensive security? Check out this guide.