We rely on technology more than ever before in both our work and personal lives. It provides us with convenient, often instant, solutions to our productivity, shopping, learning and entertainment needs (and more). However, this dependency comes with definite risks.
Sophisticated cyberattacks increasingly threaten both business and personal data. Further, in the face of system failures, essential processes can grind to a halt, or users may instantly lose access to valuable tools and digital assets. Below, members of Forbes Technology Council describe some tech-related threats both the industry and users should do more to address, as well as their thoughts on how best to meet these challenges.
1. Identity Sprawl From Software As A Service
The push for SaaS-enabled productivity has caused sprawl in employee identities. In fact, a 2021 survey found that, on average, enterprise users manage over 25 unique identities across apps. The need to reimagine identity security has never been greater. Security teams need the ability to comprehensively monitor account activity and enforce least-privilege principles to reduce risks and align permissions with actual needs. – Jagadeesh Kunda, Oleria Corporation
2. Supply Chain Attacks
Cybersecurity risks from supply chain attacks are significant. Companies must have strong security policies regarding vendor assessments, conduct regular security audits, adopt zero-trust architectures and promote industry collaboration on threats. Additionally, regardless of the company’s size, SOC controls must be in place to manage audits effectively. – Venkatadri Marella, BenchPrep
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
3. A Lack Of Redundancies
Having redundancy in critical systems significantly reduces risks. Businesses have been backing up systems for decades, and consumers now use cloud data backups. The next step is redundant physical devices. Instead of overrelying on smartphones, more people are opting for secondary, purpose-built devices, such as smartwatches with navigation and text messaging or even something as simple as a backup flashlight. – Alex Gudilko, AJProTech LLC
4. SIM Swapping
While it is still mostly effective in very targeted attacks, SIM swapping on mobile phones remains an effective gateway to account takeover. Beyond the basic protections (setting a PIN on the SIM card, using a separate phone number for account verification and so on), moving away from SMS as a method for transmitting one-time passwords may be the only way to truly mitigate this vulnerability. – Michael Mosher, Northwoods Global Advisors
5. Hypervisor Ransomware
The number of hypervisor ransomware attacks continues to grow. Organizations like MGM and MITRE have recently been breached, demonstrating the desire threat actors have for compromising virtual infrastructure. To protect hypervisors, organizations must invest in proper network segmentation, hardening programs and runtime security. – Austin Gadient, Vali Cyber
6. Overcollection Of Customer Data
Every industry tries to capture as much data as possible from its customers, even though it’s impossible to guarantee its protection. Limiting data collection would increase customer protection. Adoption of a zero-data model requires a shift in the historic business assumption that “the more we know, the better.” – Cyril Korenbeusser, Mizuho
7. Exposed Digital Identities
As reliance on technology grows, so do opportunities for exposed digital identities, which open the doors for ransomware and fraud. To address this, organizations need visibility into the holistic digital identities of their employees and customers. Advanced automated identity correlation tools provide this insight, enabling proactive remediation of vulnerabilities before threat actors can exploit them. – Damon Fleury, SpyCloud
8. Human Error
Both people and businesses have a huge reliance on technology, and if that tech goes away suddenly—like when a computer crashes, a cell phone breaks or a company becomes the victim of a ransomware attack—productivity grinds to a halt. The biggest vulnerability is the human element. Addressing this vulnerability through training, physical protection and/or cybersecurity protection is paramount. – Carlos Morales, Vercara, a DigiCert Company
9. Deepfake Technology
Deepfake technology poses a significant threat by enabling misinformation and fraud. The lack of regulation around its use exacerbates these risks. To address this, governments and organizations must develop and enforce robust legal frameworks that criminalize malicious use of deepfakes. Additionally, investments in detection technologies and public awareness campaigns can help mitigate the harm. – Manasi Sharma, Microsoft
10. Overreliance On Centralized Cloud Services
One major tech vulnerability is overreliance on centralized cloud services. A single outage can disrupt countless businesses and individuals. To address this, the industry should prioritize decentralized systems, backup solutions and robust offline capabilities, ensuring continuity even during unexpected disruptions. – Ashok Manoharan, FocusLabs
11. Reliance On Rare Earth Elements
One critical yet overlooked vulnerability is the tech industry’s reliance on rare earth elements, which are predominantly sourced from politically unstable regions. Supply disruptions can instantly halt production of essential devices. To mitigate this, the industry must invest in recycling technologies, research alternative materials and diversify supply chains to reduce geopolitical risks. – Maksim Strok, Stress Monitor for Watch
12. Prioritization Of Speed Over Efficiency
The greatest vulnerability in tech is prioritizing speed over efficiency. Prioritizing speed is a one-dimensional approach focused solely on time to completion, while prioritizing efficiency is a systematic, multidimensional approach that ensures actions align with risk tolerance. The latter approach prevents costly bottlenecks, rework and even catastrophic failures, ensuring the reliability of the digital infrastructure that powers our world. – Brittany Greenfield, Wabbi
13. Password-Based Security
Most consumers and businesses continue to struggle with protecting the accounts and secrets in their ecosystems, and multifactor authentication alone is not going to solve the problem. Passwordless solutions combined with biometrics may be a better way to address this vulnerability. External threats continue to grow, and more awareness is needed. – Abhi Shimpi, Fidelity Investments
14. Data Tampering
Implementing blockchain technology can enhance data protection and redundancy. Blockchain’s decentralized and immutable ledger provides a robust layer of security against data tampering, making it essential for industries that rely on digital transactions. – Dmitry Mishunin, HashEx
15. Unsecured Space-Based Assets
As reliance on space-based systems for communication, navigation and data grows, these assets face rising risks from cyberattacks. The industry must implement advanced encryption, real-time threat detection and global collaboration on cybersecurity protocols. Safeguarding these systems ensures the resilience of consumer technologies, critical infrastructure and global connectivity. – Shelli Brunswick, SB Global LLC
16. Lack Of Security Updates For Older Devices
Updating devices regularly is essential, since every new update usually improves overall security and helps prevent hackers from stealing your data. However, older devices often don’t receive them, even though there are still many people using such gadgets. Tech brands need to address security vulnerabilities in both their latest and their older devices to ensure a safer digital environment. – Roman Vrublivskyi, Attekmi
17. Misuse Of GenAI Technologies
The potential misuse of generative AI technologies for spreading misinformation, creating sophisticated phishing attacks or producing deepfake content can undermine trust in digital content, manipulate opinions and jeopardize security. We must build robust detection tools to identify AI-generated content, educate the public to recognize misinformation and establish legal frameworks to penalize misuse. – Sandeep Jha, LinkedIn
18. Unsecured IoT Devices
One major tech vulnerability the industry must address is Internet of Things device security. IoT devices are everywhere, but they often lack strong protection. Weak passwords, outdated encryption and limited updates make them easy targets. The solution lies in stronger security measures—encryption, unique passwords and automatic updates—alongside improved user education. – Sergii Malomuzh, Rewump
19. Quantum-Vulnerable Cryptography
The future of data lies in the quantum realm—encrypted data from today may be decrypted by quantum computers in the future. The sector needs quantum-safe cryptographic “time capsules” to incrementally upgrade stored data encryption to post-quantum standards. This approach ensures long-term data safety and protects private information as quantum decryption capabilities advance. – Dr. Reji Thomas, TOL Biotech
20. Dormant Service Accounts
Dormant service accounts pose a severe yet overlooked vulnerability. These forgotten machine identities often retain powerful system access, creating invisible attack paths throughout organizations. The solution requires continuous discovery and monitoring platforms that automatically detect these accounts, assess risk levels and safely decommission them before attackers can exploit them. – Tim Eades, Anetac
