Toro-Blog-listing

Security Threat Landscape 2024

Written by HQ | Feb 20, 2024 7:57:02 AM

Toro recently hosted a webinar delving into the multifaceted landscape of security risks expected in 2024 and beyond.  

The discussion was led by Katie, Toro's Director of Cyber Security, and Gavin, Director of Physical Security.  

The webinar began by contextualising the broad spectrum of security risks, emphasising the interconnectedness of physical, cyber, and societal domains and how these are influenced by global conflicts, climate change, and technological advancements. 

To begin, insights were drawn from the World Economic Forum Global Risk Report 2024. From which, Katie highlighted key areas of concern, including the proliferation of misinformation, extreme weather events, societal polarisation, and cyber threats. These risks, Katie noted, are not isolated but are deeply intertwined with broader geopolitical tensions and environmental challenges. 

Katie “When we think about security, we consider things as a whole. Because we know threat actors will leverage physical, cyber and people vulnerabilities, this means risks will occur across all these domains.” 

The context for our security threat landscape this year and beyond is playing out in the news every day. Global conflict, social division, and the impact of climate change – all intertwined.”  

Essentially, we’ve got a hotter planet, causing natural disasters, and forcing migration, which exacerbates conflict and war, prompts border restrictions, and causes global supply chains to falter. In turn, this leads to growing protectionism, which reduces international cooperation, encourages more localised policies and trade barriers, and ultimately restricts access to hi-tech innovation because nations become more protective of their technology advancements.” 

Gavin then went on to highlight that economic downturn ranks as the primary concern for many countries, including the United States and United Kingdom, over the next two years.  

He emphasised the significant impact of extreme weather events on economic instability, attributing it to the depletion of resources needed to mitigate climate change. This exacerbates the divide between the global north and south, rooted in historical colonialism and imperialism. Gavin underscored how authoritarian governments exploit various crises, including extreme weather events and economic downturns, to undermine democracy. He also noted the role of technology in exacerbating societal divisions, leading to distrust and conflict.  

Additionally, he expressed concerns about the diminishing investment in human development and resilience due to constant crises and the proliferation of misinformation, potentially leaving the next generation without clear paths for improvement in human potential, security, and well-being. 

Gavin “As human ability is advanced by technology and we have access to far more information and resource, this is also an enabler for societal division leading to distrust, conflict, and separation. A recent report suggests the continued growth in technology may leave the next generation without a clear path to improve human potential, security and wellbeing as constant upheaval becomes the norm.” 

Cyber Insecurity 

Katie highlighted the escalating global conflict in cyber space, citing examples from Israel/Palestine and Ukraine, where Russia's extensive cyber operations have set unprecedented records. With Ukraine facing war fatigue, Russian cyber efforts are expected to intensify to undermine morale and disrupt external support.  

Katie also spoke about the upcoming global elections posing additional risks, with Russia likely to target the US presidential election to manipulate public opinion away from supporting Ukraine.  

She then touched upon how cyber threats, being borderless, present agile challenges, surpassing traditional defence measures and how tech companies like Microsoft are stepping up as geopolitical actors, monitoring conflict zones to enhance collective defence efforts. Influence operations in cyberspace are compounded by the spread of misinformation and disinformation, fuelling the escalation of cyber warfare, often aided by AI technologies. 

Katie “Influence operations are a growing and significant challenge in cyberspace as cyber-warfare filters down through the global operating environment and is intensified by growing misinformation and disinformation, which proliferates across online social platforms and in turn cyber-attacks multiply, enhanced by AI.” 

Adverse Outcomes of AI 

Katie discussed the dangers associated with AI, including the emergence of malicious models like FraudGPT and WormGPT, as well as the accessibility of infrastructure for large-scale phishing campaigns. She highlighted the resurgence of 'script kiddies'—cyber criminals with limited technical skills but who are opportunistic and vast in number. Furthermore, Katie emphasised the potential regulatory challenges posed by AI and quantum computing, as well as the threat these technologies pose to encryption systems and technology lifecycles. 

Katie “The technological advances in AI and quantum computing will also drive innovation will largely be borne out of automation – fuelled by AI. But AI will increasingly be regulated and policed by governments, so you will have to navigate this.” 

Societal Polarization  

Gavin delved into the concept of societal polarization, describing it as the alignment of diverse societal differences along a single dimension, leading to an "us versus them" mentality.  

He highlighted the erosion of shared values due to distrust, political polarization, and economic hardships. Gavin warned of the threats posed by synthetic content and false media in exacerbating social divisions and influencing ideological violence.  

He emphasised the rapid acceleration of manipulated information and its potential impact on electoral processes and global conflicts. Additionally, Gavin discussed the influence of civil unrest movements like Black Lives Matter and Me Too on societal attitudes, and the resulting vulnerability to societal polarization. He urged businesses to navigate regional divisions and changing ideologies while preparing for stricter regulations. 

Gavin “If you work for a global business, regional divisions will be especially difficult to navigate as your employees, customers, suppliers, and stakeholders will all be influenced by different and varied factions- and in this miss and disinformation environment, these can rapidly form and change. You might find that new structures within the organisation form around nationalistic and ideological views and may not be aligned with the organisation’s social structures.  You might also find yourself caught in the middle of splintered governments or used as pawns between nations. New governments are likely to impose new laws with regulators imposing stricter standards.” 

Extreme Weather Events  

Gavin discussed the United Nations' prediction of increased extreme weather and climate disasters in 2024, citing 2023 as the hottest year on record with significant climate-related events worldwide.  

He referenced the impacts of El Niño, including wildfires, floods, and droughts in various regions. Gavin emphasised the disproportionate impact on developing countries, stressing their inability to mitigate climate effects due to lack of resources. He warned of disruptions to supply chains, increased insurance premiums, and regulatory demands for climate resilience. Additionally, he noted the potential for heightened activism and societal rifts around climate issues, urging businesses to bolster resilience measures and contingency plans to adapt to the accelerating pace of change. 

Gavin “Extreme weather events might disrupt your supply chains as droughts and low water have a major impact on inland water trade routes... Moving forward you will need to prove climate commitment and resilience with a higher demand and restrictions from regulators. Climate activists will continue to target you if your business is associated with climate change. Tactics and actions are likely to become more progressive and violent as extreme weather events have wider and more impactful consequences. The upcoming elections will be a focal point for climate activists as some parties are promising to draw back on existing commitments to climate actions. Societal rifts caused by mis and disinformation could impact operations in locations most affected by extreme weather events as populations seek to appoint blame against businesses linked to climate change. Due to this your employees, contractors and suppliers could be targeted by association. If you do not have sufficient resilience mechanisms in place you are likely to be the most impacted and unable to adapt to the speed of change. There will need to be greater commitment and financial resource made available to strengthen supply chains and prepare and rehearse contingency and recovery plans.” 

Economic Downturn 

Gavin highlighted the impact of extreme weather events attributed to El Niño on food production and logistics, leading to inflation and supply chain disruptions.  

He pointed out the ongoing conflicts in Ukraine and the Middle East, along with tensions over Taiwan, as factors likely to affect global supply chains and trigger energy spikes.  

Gavin emphasised the influence of politics on economic uncertainty, particularly with upcoming elections in major economies like the US and Europe. He warned of potential consequences such as increased cost of living, debt distress, and a rise in illicit economic activity. Gavin underscored the challenges facing developmental progress and living standards due to economic, environmental, and technological trends. Despite a lack of a global recession, economic uncertainty persists, with predictions suggesting worsening conditions in the next decade.  

Gavin urged businesses to brace for continued hardships and unpredictable risks, including significant supply chain disruptions and increased scrutiny from politicians and communities seeking to overcome economic hardships. He noted the potential for tighter border controls, trade barriers, and localised policies, which could widen socioeconomic divides and lead to targeting of businesses by disaffected populations. Gavin stressed the need for small and medium-sized businesses to prepare for slowing growth and elevated interest rates, and to provide support for staff amid job insecurity and economic uncertainty. 

Gavin “Economic uncertainty in some of the world's largest markets and geopolitical developments will continue to create operating hardships and unpredictable risks.  Prolonged conflicts are likely to cause significant supply chain disruption which will be difficult to manage and possibly ineffective in a rapidly changing and unstable environment and economic downturns will cause greater inflation and operational difficulties.... If you are a small or medium sized business, then you will be more exposed and sensitive to slowing growth and elevated interest rates. Fears of a recession have a spiralling effect on job insecurity and economic uncertainty. Staff will need to be more engaged and supported." 

To conclude the webinar, Katie shared some key strategies for bolstering resilience in today's threat landscape: 

Katie emphasised the importance of pinpointing your organisation's most critical assets, including data stores, AI/Machine Learning models, intellectual property, research findings, and critical infrastructure suppliers. 

She highlighted the need to evaluate the effectiveness of current security measures in safeguarding these critical assets, covering aspects such as people, physical assets, applications, and processes, and understanding the potential consequences of compromise or destruction. 

Katie discussed the proactive steps needed to identify vulnerabilities in AI-based Large Language Models (LLMs) or Machine Learning applications, particularly focusing on the risks associated with data tampering and the impact of deploying innovative technologies alongside increased technical debt and legacy systems. 

The advice was to enhance security controls based on a thorough analysis of existing vulnerabilities and potential risks, along with the importance of establishing and communicating policies for the safe and compliant use of AI tools within the organisation. 

Katie suggested to participants they might need to assess relationships with cloud service providers to minimise single points of failure; or build stronger partnerships with regulators; or perhaps collaborate more with Environmental, Social, and Governance (ESG) teams for regulatory compliance. 

She stated the necessity of conducting comprehensive risk assessments to identify potential disruptions in supply chains caused by factors such as climate-induced disasters, conflicts, trade disputes, or regulatory changes, and the importance of identifying alternative suppliers to mitigate risks. 

Katie stressed the importance of utilising threat intelligence for swift responses to threat events and addressing cultural differences within the workforce to ensure effective adaptive management, while also highlighting the need to provide necessary support during operational interruptions or periods of increased pressure. 

Finally, Katie underscored the need to allocate adequate resources to the security function to effectively manage incidents, disruptions, and organisational changes. 

 To watch the webinar in full please click here.