Professional Documents
Culture Documents
HORIZON
2024
The disintegration of trust
T H R E A T
2023
Identity is
HORIZON weaponised
2022 – 2024
Security fails in a
brave new world
2022
1.1 Augmented attacks 1.1 Artificial intelligence industrialises 1.1 Ransomware evolves into
distort reality high-impact attacks triple extortion
1.2 Behavioural analytics trigger 1.2 Automated defences 1.2 Regulators inhibit data-driven
a consumer backlash backfire innovation
1.3 Robo-helpers help 1.3 Layered security causes 1.3 Attackers undermine central
themselves to data complacency and confusion cryptocurrencies
2.1 Edge computing pushes 2.1 Digital doppelgängers 2.1 The cloud risk
security to the brink undermine identity bubble bursts
2.2 Extreme weather wreaks havoc 2.2 Biological data drives a 2.2 Activists pivot to
on infrastructure rash of breaches cyber space
2.3 The Internet of Forgotten 2.3 Gamed algorithms cause 2.3 Misplaced confidence disguises
Things bites back commercial confusion low-code risks
3.1 Deepfakes tell 3.1 Smart grids succumb to an 3.1 Attackers poison the
true lies attack surge data well
3.2 The digital generation become the 3.2 Isolationism creates a 3.2 Misleading signals subvert
scammer’s dream security disconnect cyber fusion centres
3.3 Activists expose 3.3 Security struggles to adjust to 3.3 Digital twins double the
digital ethics abuse the never normal attack surface
The themes and threats included in Threat Horizon 2024 are summarised below, along with recommendations
arising from the full report.
1.1 Ransomware evolves into triple extortion Maintain the board’s understanding of the
ongoing threat; support the development and
Political, diplomatic, and legal actions against ransomware actors
maintenance of response plans alongside required
and the underground financial systems that support them will force
improvements in cyber hygiene.
the crime to evolve, causing impacts beyond the victim organisation.
1.2 Regulators inhibit data-driven innovation Identify algorithms in use; assure the integrity
of all inputs; build policy and assurance
Organisations planning to leverage AI-based algorithms will
processes to govern development, usage,
be disrupted by regulatory changes and new requirements to
and fairness.
demonstrate that those algorithms are operating fairly.
1.3 Attackers undermine central cryptocurrencies Obtain subject matter expertise to audit
existing systems for cryptocurrency readiness;
Cyber thieves will seek to exploit and cash in on new central bank
ensure crypto payment platforms are
crypto schemes and the developing regulatory landscape for all
hardened and that regulatory requirements
cryptocurrencies, disrupting their mainstream acceptance.
are met.
2.1 The cloud risk bubble bursts Control the growth of cloud adoption; be
clear on architectural strategy; address single
The short term benefits of cloud adoption at scale will have
points of failure through solutions such as
a hidden and rising cost as organisations realise that their
redundancy and parallel processing.
flexibility and freedom of choice has been lost.
2.2 Activists pivot to cyber space Leverage threat intelligence, purple teaming
and resiliency testing to prepare for and detect
Aided in part by the increase of internet-connected operational
potential attacks, particularly focusing on
technologies, highly motivated activists will target digital assets
remote installations.
to further their causes.
2.3 Misplaced confidence disguises low-code risks Clarify existing use of no-code, low-code tools;
specify where, when and how they should
Structured approaches to application development are
be used or not; maintain ongoing vendor
undermined by the uncontrolled adoption and use of low-code
assurances on their security.
tools by non-developers.
3.1 Attackers poison the data well Examine all data sources to establish current
levels of quality assurance; implement tooling
Threat actors will exploit the sheer magnitude of the data
and methods to maintain those levels to an
economy, compromising its integrity to discredit, misguide or
acceptable standard.
alter business outcomes.
3.2 Misleading signals subvert cyber fusion centres Assure the quality of intelligence and signal
inputs; establish methods for responding to
Attackers will use misinformation and misdirection to cause
any degradation to maintain the fusion centre’s
automated and highly influential cyber fusion centres to
operational integrity.
disrupt the businesses they serve to protect.
3.3 Digital twins double the attack surface Engage with suppliers to understand
their security posture, and spot potential
The challenges of securing digital twins will undermine their
weaknesses in the links between digital twins
benefit, with attackers using a range of techniques to prolong
and their real-world counterparts.
manufacturing and supply chain downtime.
WHERE NEXT?
We recommend that ISF Members:
– review the threats in Threat Horizon 2024, identifying those that are of high priority
– use ISF Live to become familiar with the techniques ISF Members have used to implement
Threat Horizon
– consider how the contents of Threat Horizon can be adapted to work best within your organisational
culture, for example: enable threat analysis and formulation of potential impacts and responses;
brainstorm risk treatments, and conduct threat analysis, formulate potential impacts and responses,
and identify risk treatments
– use the ISF Threat Radar with business leaders to help prioritise threats and actions, particularly when
time and budgets are limited
– work with other organisations to collaborate on threat intelligence and strategies
– give careful consideration to the ISF resources in this report including:
ISF Services offers customised Threat Horizon engagement to help Members identify, assess and
prioritise the most relevant threats to your organisation. This engagement includes an expert-led
Threat Radar review to develop mitigations for emerging threat scenarios and support you in building a
business-aligned information risk management capability.
Contact
For further information contact:
Steve Durbin
Chief Executive
US Tel: +1 (347) 767 6772
UK Tel: +44 (0)20 3289 5884
UK Mobile: +44 (0)7785 953800
steve.durbin@securityforum.org
securityforum.org
Disclaimer
This document has been published to provide general information only. It is not intended to provide advice of any kind. Neither the
Information Security Forum nor the Information Security Forum Limited accept any responsibility for the consequences of any use
you make of the information contained in this document.
©2022 Information Security Forum Limited | Classification: Public, no restrictions | Prepared: January 2022