Cyber Security Trends in the next Five Years - A Personal Outlook

Significant disruption and trends are developing which will influence the directions in which cyber security threats and solutions will follow in the next five years.

Here are my personal thoughts on the major trends.

1.      Increased Digitisation and Digital Transformation in organisations

• Increasing attack surface;
• Increased opportunities for the attacker to perform surveillance and data exfiltration; and
• Increased system consolidation leading to concentration risks.

2.      Significant adoption of Technology platforms: Mobile, Big Data, Social, Cloud, IoT, AR/VR, Blockchain

• Increased demand for talent capable for supporting and securing technology adoption; and
• Increased need to protect endpoints from exploitation of resources (compute and storage) for malicious intent.

3.      Significant exploitation of Cloud-based Technologies

• Increased need for highly distributed and scalable Cybersecurity-as-a-Service (CaaS) Cloud-based solutions; and
• Increased need for Compliance Technologies or Regulatory Technologies to maintain assurance for data sovereignty, privacy/confidentiality and hosting location assurance.

4.      AI and Automation Proliferation

• Increasing reliance and permeation of artificial intelligence and automation leads to new dominant forms of action-reaction paths;
• Increased need for cyber vigilance and protection against compromised automation; and
• Increased need to protect artificial intelligence from corruption and exploits.

5.      Immersive User Interfaces (AR/VR, Voice Concierge)

• Increased need for protection against behavioural augmentation risks (psychological operations a.k.a. social engineering through influence or psychological programming); and
• Increased need for protection against impersonation or covert instruction, particularly for voice concierge services.

6.      Increased Cyber-physical interaction and influences

• Increased need for IoT security; and
• Increased need for security and safety controls to be built into systems interacting in the cyber-physical boundary (autonomous vehicles, robots, systems [e.g. lifts, fire protection, security locks, home appliances, etc.]).

7.      Blockchain Proliferation

• Increased need for verification for maintaining trust (confidentiality and integrity) and availability in the distributed ledger; and
• Increased need to securely design systems capable of maintaining availability (DDoS protection) for systems using Blockchain technologies.

8.      Digital Everything

• Increasing interactions in the digital form leading to the need for continuous and adaptive risk and trust mechanisms.

9.      Crimeware or Exploit-as-a-Service Proliferation

• Increased need for Cyber-hygiene to limit and reduce Ransomware and Zero-Day risks; and
• Increased need to architect systems for scalability and Denial of Service (DoS/DDoS) protection.

10.  Open Source Vulnerability Proliferation at Scale

• Increased need to review and update products with dependencies on open source frameworks and components to enhance cyber-hygiene and reduce the attack surface

The above trends lead to the following considerations:

1. Disposing the old mindset that systems can be “clean” and replacing that with accepting systems will have vulnerabilities;
2. Realising that compliance does not mean security;
3. Increased need to have a People-focussed approach to security, building security around human interactions and activities performed through digital means;
4. Increased focus on designing safety and security into systems and applications to protect people and their lives;
5. Significant need to maintain cyber-hygiene so as to increase the cost of attack (raising the bar); and
6. Enhancing processes and use of technology to reduce the detection-response time to as to better the position against threats and exploits.