Our Christmas calendar is almost at its end, and today we’re focusing on what’s ahead in the new year by rounding up the forecasts from the experts we’ve interviewed throughout the month. So without further ado, here are the most important trends they believe will impact cyber security in the next 3-5 years.
Tomi, Practice Leader
- AI based attack platforms will become known to the general public
- Lack of solid IoT security will cause large scale damage somewhere
- A proper virtual currency will be established and it won’t be bitcoin. This will have a huge impact on the monetization model for the bad guys
Christoffer, Senior Security Consultant
Security patch cycles of the internet-exposed services must improve radically. Mass-scanning for vulnerable services combined with quick exploit development as a business has turned internet-exposed services into malware infestations. As an addition application firewalls to monitor and prevent unwanted behaviour on services to prevent automated exploitation.
I believe that in 5 years credibility and trust will be stronger drivers for brand building, compared to price and aesthetics. The perceived quality of products and services will be determined by the longevity or resilience against fault. The process for security verification and incident handling during the lifetime of a technology will determine the value of the technology and the brand. This may come off as naïve in the age of rock bottom prices, but over-consumption of short-lived technology will lead to broken expectations. Brand differentiation on quality will be born out of the void of trust in consumer electronics and services. This is already happening when decision makers are being replaced out of security negligence.
Marvin, Technical Capability Manager
The usage of cloud services or a hybrid of the public/private cloud. Security issues could impact more people at the same time, but could also be fixed quicker for all users – it goes both ways.
Antti, Senior Security Consultant
Regulations and security compliance needs are pushing companies to be more aware and more in control of their data. On the other hand, technological evolution is forcing organizations to move towards more fragmented “hybrid-model” IT environments, with complex structures comprised of multiple clouds and on-premise systems. Data is bouncing back and forth: stored there, processed here, analysed there… Physical locations get mixed, administration loses visibility, developers lose roadmap vision.
I expect to see the biggest trend in security management being the process of trying to make sense of all of this. We need to seek ways to effectively track company data, and figure out how to protect it. Technology is currently moving way faster on information processing than information management. In essence, data administration can’t keep up.
Sean, Security Advisor
Five years is quite a long time in the context of cyber security – I recommend reading this interview with David Ignatius, author of ” The Quantum Spy”, for a peek at the potential impact of nation states pursuing “quantum computing”. Nation states seeking exploitable vulnerabilities have had a significant impact on network security in recent years. Nothing happens in isolation for very long. Supporting ecosystems develop and soon… markets pop-up that cater to non-governments. Quantum computing, when it emerges, will not remain contained. And even the pursuit of it will have consequences during the next few years.
Tuomo, Principal Security Consultant
I think the trend of breaching targets via supply chain attacks using partners, providers, suppliers, customers, etc. will continue. Companies usually have little understanding regarding the level of exposure they have via this avenue.
The IoT and cloud megatrends will also force businesses to adopt new behavioral patterns, both on the security service provider and consumer sides.
Suppliers will continue to push services — using terms like blockchain, machine learning and artificial intelligence – which have little impact to the actual state of affairs.
Christine, Senior Analyst
Two important trends that will impact cyber security are:
- The increasing number of IoT devices with varying levels of security. It will be interesting to see if the voices being screamed from the mountaintops and all our warnings on security will be heeded by the providers. And if not, how would the attacks against these smart homes, smart hospitals, and smart cities look like?
- The more and more closed ecosystems of major operating systems. Will the security provided by the OS be truly enough for the users? How will the attacks evolve? How will cybersecurity evolve?
Tom, Principal Security Consultant
The continued lowering of prices when it comes to IT resources combined with increased capabilities in automation and computing will result in certain attacks becoming feasible for attackers when it comes to bruteforcing or analysis. Examples include cloud technology, machine learning specific hardware and services, and speed in processing data. We have seen this as well with OpenAI’s bot being able to play an e-sports game like Dota2, DeepMind beating the reigning Go champions, or just any student nowadays running AI and machine learning libraries on their own home computer. Things are going to start moving fast really soon.
On top of this, more things will be connected as part of IoT, and more incidents will happen with these devices. This will result in data leakages of different kinds that we will have to deal with. As connected devices become more personal, so does the data that can leak. It will get a lot worse before it gets better. Keeping in mind our personal, business, medical, and financial data: at what price will we start to act and elect people in local and federal governments who will take a stance on this? Leaks will happen, data becomes more private as different devices are getting closer to us, our privacy is invaded, and our data is being sold at secondary markets through IoT and mobile apps. Now add to that mix the continued lowering of prices for data analysis and artificial intelligence/machine learning to start correlating all that data and re-selling the results. The future is going to be very interesting indeed for anyone into technology or infosec.
Rüdiger, Sales Engineer
We will see the internet even more than now. I am sure we will have a connection to the internet where we do not even think about it now. The whole smart device / IoT world thinks in silos at the moment, but they will grow together to make our lives easier. I mean, if my flight will leave late, why cannot my iPhone alarm clock just wake me up later? This connection of different services and devices will of course also attract the bad guys. But we will be there to protect you, so don’t worry ;-).