Most modern citizens have accepted the risks of putting their entire lives into the digital ether. Data breaches, identity theft, and mass leaking of, well, sensitive photographs hasn't curbed our willingness to store our most sensitive data on the web. Hackers have noticed, and they've held individuals and entire companies hostage through the use of ransomware and related threats. So, what's to be done?
These industry insiders share their perspective on how cyber experts are combating these threats, and where the industry as a whole is headed:
1. John Shin, Managing Director at RSI Security
“The future of cybersecurity will be largely determined by what hackers will be after. And I think this will primarily be in two areas: Health and Wealth. More specifically, this means private healthcare-related data and sensitive payment information. Private health records can be worth a fortune. Credit card data can be used for fraud or sold on the black market.
These are the two categories that currently get hacked the most, and hackers are only going to target them more and more in the future. But as a response, expect governments and regulators to step up and try to mitigate the threats. The EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) are just the beginning.”
2. Matan Or-El, co-founder and CEO of Panorays
“Hackers will continue to be more sophisticated, using new methods and tools to gain access to private information. At the same time, technology will continue to evolve, providing hackers with an even larger attack surface and more vulnerabilities to exploit. Even unsophisticated hackers will automate their strategies in their efforts to infiltrate vulnerable companies. Hackers will also take advantage of the fact that companies increasingly rely on their supply chains and will target popular third-party tools, suppliers and companies as a way to breach as many targets as possible.
To defend against such cyberattacks, companies will need to use more effective security solutions with innovative approaches. For instance, companies will assess their cybersecurity as seen from the hacker’s point of view. The goal will be to not only increase cyber resilience internally within their specific company, but also across the company’s supply chain.”
3. Brian NeSmith, co-founder and CEO of Arctic Wolf
“This is a big, multifaceted question. The enterprise threat surface grows and evolves while threat actors are clever and continually find new avenues to compromise information. Previously enterprise security teams could focus on on-premises systems, but those teams now need to consider the cloud with AWS, Azure, and all of the SaaS tools that contain sensitive information or could provide an avenue to compromise other information.”
4. Marzena Fuller, the CSO of SignalFx
“In 2019 and beyond, companies that process large volumes of personal data and companies that provide software/hardware/services used by financial, healthcare and retail sectors will continue to be targeted by hackers.
Moreover, companies that leave their resources open on the internet andfail to implement strong authentication will be a target to opportunistic attacks. To effectively protect their key assets companies must increase the visibility of security at the board level and increase investment in security talent and technology.”
5. Jon Rolfe, Group Cybersecurity and Risk Manager at Ventia
“The number of cybersecurity bad actors is bound to increase over the near future. Global education standards will continue to improve in emerging markets, and unless emerging market economies develop to support the technology talent pool, many skilled in technology may be forced to turn their skills to the black hat community. Emerging countries, as well as other groups, will increasingly see cyberwarfare as an opportunity to be a global player which was not previously an area they could afford with conventional warfare. This will accelerate as sophisticated attack tools become commoditized.”
6. Attila Tomaschek, Cybersecurity Researcher at ProPrivacy
“The future of cybersecurity will have a heavy focus on using artificial intelligence (AI) to secure devices and systems in the increasingly connected world. With the internet of things (IoT) and connected devices proliferating at such an incredible rate, the ways in which we leave ourselves exposed to potential cyber attacks are also increasing. Legacy systems simply do not have the capabilities to keep up with the evolving security threats, and relying solely on human oversight would prove woefully inadequate. Capable automated systems that can monitor, detect, manage, and prevent cyber attacks in real time will be what drives cybersecurity going forward.”
7. Noam Erez, CEO of XM Cyber
“The future of cybersecurity will be filled with new threats, solutions, and headlines. One of cybersecurity’s biggest challenges is that it’s a giant game of catch-up. New threats emerge, and companies upgrade their solutions in order to properly defend. However, hackers will often use this new tech to their advantage, and all of a sudden the AV companies have helped out the bad guys! On the upside, as time passes, the cybersecurity skills gap should keep decreasing, and people and enterprises will have greater knowledge of how to protect themselves.”
8. Ryan Webber, Vice President of Enterprise Mobility at SOTI
“The future of cybersecurity will center around industry adoption of 5G networks. 5G technology will enable billons of new devices to be connected to the Internet – with more speed, density and efficiency than ever seen before.. Therefore, 5G will result in a rise in cybersecurity concerns as hackers are provided greater access to entire networks of connected ‘Things' – from remote sensors to self-driving cars and smart devices in supply chains worldwide.”
9. Sarbari Gupta, PhD, CISSP, CISA, President & CEO of Electrosoft Services
“The future of cyber security practice is very bright! As software systems and applications get more complex, the potential for cyber vulnerabilities and gaps will increase exponentially. Furthermore, as more and more high-value information (such as health information, contract data, financial data, etc.) is collected, stored and shared through connected cyber environments over the next decade and beyond, the need for cyber security expertise will explode to combat the expected concurrent increase in cyber hacking and criminal activity.”
10. Dan Hubbard, Chief Product Officer at Lacework
“Cybersecurity is always going to be about protecting data and assets from bad guys. But as development frameworks and runtime environments evolve, security solutions will need to be comprehensive in where they operate and what they can detect. We're moving far away from a network-centric approach; in fact, we're even moving away from things like cloud-specific or container-specific security. Organizations will need solutions that are continuously monitoring for threats and risk potential, but in a way that supports CI/CD pipelines without slowing them down.”
11. Teguh Aprianto, co-founder of HackSys and Ethical Hacker Indonesia
“As technology continues to grow, so does cyber threats, the volume will continue to grow.
One example that can be used is big data. Many companies will depend on big data. Widespread mobile adoption has led to the emergence of social networking, which produces more data. The data will eventually be used for research and marketing needs. But often they don't realize that many cyber criminals also want the data. When the data is successfully obtained by cyber criminals. It will have an impact and is terrible.
Finally from me, the more the world is developing, many are trying to provide technology that is easy to use, but as we know, usually it will be contrary to the security they provide.”
12. Cristina Dolan, CEO and founder of insideCHAINS
“The biggest impact on the cybersecurity industry is regulation that requires directors, officers and executives to manage and report cyber risk to stakeholders. This goes beyond the cybersecurity controls and the IT department because CEO's and Boards can't manage what they don't understand. Cyber Risk requires understanding the financial impact, which is correlated to the threat landscape (which is always changing), maturity controls (which involves cybersecurity parameters) and the nature of the business assets, industry, size, and geography. Boards have to understand this Cyber Risk and make decisions on investments to reduce the risk, accept the risk or insure against the risk.”
13. Jeff Capone, CEO and Co-Founder of SecureCircle
“2019 will see the rise of data-centric approaches to cybersecurity. Organizations need to move away from endpoint, file, disk, network, and application-centric solutions. Data moves in and out of devices, networks, and clouds. Data security should follow the data.”
14. Mark Herschberg, CTO of Averon
“We'll continue to see the democratization of hacking. It used to belong only to those with specialized technical skills. With the growing communities on the dark web advanced hacking techniques have become productized, packaged, and sold. Hacking tools have supply chains as sophisticated as any industry. Now even people with basic skills can buy tools that employ advanced hacking techniques, greatly expanding the number of potential threats in the world. At the same time as more data moves to the web and more data gets monetized the incentive to hack continues to increase. “
15. Chadd Carr, Cybersecurity Consultant for 6massive Holdings
“I anticipate a convergence between the cyber threat intelligence, network security, and artificial intelligence markets. As the speed and complexity of threats increase, as well as the magnitude of resultant breaches, buyers will demand intelligent scapabilities that decrease costs, response times, and likelihood of potential threats. Synergy across these markets will empower buyers with the ability to identify and validate threats, determine and implement effective controls, and monitor and audit for effectiveness without the need for human intervention.”
16. Sam Stelfox, Security Engineer at Minim
“We're going to see a bridge between digital and physical attackers. Here's one that's close to home: WiFi-connected locks are making it easier for people to rent their apartments or enjoy the convenience of never carrying a key. But with that convenience comes the price. A hacker could take control of the device by compromising the owner's user account or network — and walk right in.”
17. JB Aviat, Co-Founder, CTO of Sqreen
“Cybersecurity today is faced with limitations of its own making. It’s far too opaque, from technology to pricing, and security and developer teams are too far apart in their working relationships. Security teams are outnumbered 100 to 1, and the industry faces a huge talent shortage. This needs to and will change in the future. The future of cybersecurity is visibility and transparency, delivered in a way that doesn’t slow down developers. The future brings security teams and developers together with tighter workflows and clean and usable tools. The future is one where security is as important as performance.”
18. Jason Mical, Cybersecurity Evangelist at Devo Technology
“The future of cybersecurity depends on the access SOC analysts are given to all of their organization’s data. Security teams have a focused mission – keep the organization’s data safe from attack – but many organizations continue to silo security data from traditional IT assets. They need to monitor and manage all enterprise data. Why? Artificial intelligence and machine learning-powered systems are fueled by data. By processing real-time data streams from across the business and learning from historical data, these systems are automating routine cybersecurity decisions and actions before threats can breach or impact an organization.”
19. Simon Harman, Co-founder of Loki
“As public awareness over the importance of security and privacy grows, consumers are slowly beginning to realize the critical importance of digital privacy, and companies are taking note. The steady growth of encrypted messaging services like WhatsApp and Signal highlight society’s growing appetite for more secure ways of interacting online. In the future we will see more consumer-ready platforms and mobile-first applications which incorporate privacy by default, meeting growing consumer demand and filling the gap in the market which large tech incumbents have often failed to deliver.”
20. Austin Norby, Director of Cyber Initiatives, Blue Star Software
“There are still basic cybersecurity mishaps that need to be accounted for including password policies, unpatched vulnerabilities, and ultimately the business cost to implement cybersecurity. The company or product that will succeed will be the company or product that is able to integrate security into their client's enterprise with minimal pains, a dedicated response staff, a custom remediation effort for when the client is compromised, and yet have the client convinced of the solution's absolute necessity.”
21. Victor Congionti, Co-Founder and CEO of Proven Data
“As more businesses join the digital era to store, record, and utilize data as part of their models, we are hopeful these organizations will have solutions in place to defend against incoming cyber threats. The future of cyber security will be a vast array of endpoint solutions, security monitoring platforms, and improved authentication processes. As a result, we need to encourage business leaders to choose the right solutions for their organization, and not become overwhelmed or exhaust resources on the ever-growing options when it comes to improving cybersecurity.”
22. Morey Haber, CTO, CISO at BeyondTrust
“The future of cybersecurity will evolve in the future from a technological approach of protecting systems to one focused on the criminal elements and actual crimes being conducted against information technology. As our systems mature, and we build security models directly into them, cybersecurity will be less about the exploitation of devices and more about the actual methods and crimes were conducted using them.”
23. Stephen Gailey, Head of Solutions Architecture at Exabeam
“It can be somewhat tricky with new technologies, new vulnerabilities and new threats constantly emerging to say for certain what the future of cybersecurity is. One of the predictions I see becoming a reality in the next few years is we will start to see government control over large internet service companies. It seems likely pretty big fines will be handed out, but I think we will actually see some form of legislative control being put forward or even break-ups considered.”
24. Bryan Becker, Product Manager at WhiteHat Security
With the explosion of connected technologies in the past few years, industrial control systems are the wild-west of cybersecurity at the moment. These systems control factories, buildings, utilities, etc. Unfortunately, most systems have little-to-no protection, and best practices are still being adopted very slowly. They also represent extremely high-value targets, especially from a strategic point of view. A few new companies have entered the landscape, but it is still an extremely young industry. Companies need to adjust their strategies to make sure IoT and industrial control systems are protected.”
25. Mike Ahmadi, VP or Transportation Security at DigiCert
“The future of cybersecurity is most likely going to be systems that can be vaccinated against known attack's, and have the ability to recognize potential threats and respond much as our own immune system responds. This coupled with strong authentication that serves to block invasive digital diseases will lead to systems that are more resilient.”
26. Nathan Stanfield, Founder of Stanfield IT
“With cyber attacks constantly evolving, cybersecurity has a difficult job keeping up. The future of cyber security lies with AI-drive anti-malware tools, and next-gen firewalls that learn and detect new threats as they evolve as well. In terms of cyber attacks, social engineering is a huge threat that grows more sophisticated all the time, as the human factor continues to be the weak link in many cybersecurity environments. Much of cybersecurity now and in the future relies on educating and creating a culture of cyber awareness amongst individuals and teams, as this is the best path forward to reduce the risk of human error.”
27. Frances Dinha, CEO of OpenVPN
“In the future, cybersecurity will focus more on the security controls related to adoption of IaaS and use of SaaS applications and continue to evolve to secure newer technologies like containerization as it becomes mainstream. Cybersecurity will also continue to become more ingrained into the newer devops model of software introduction.
We can also expect cybersecurity to start providing for and managing uniform, all-encompassing security controls over various kinds of enterprise application deployments, be it hybrid-cloud, multi-cloud or on-site data centers.”
28. Andrew Peterson, CEO of Signal Sciences
“The future of cybersecurity is where the risk is, and the risk is moving from the infrastructure and network layer up to the web application layer. Web sites have evolved from simple marketing sites that were outsourced to being the primary way in which businesses connect and interact with their customers. Now, the core business differentiator they deliver is through software that includes all customer data, making web and mobile apps a company's largest digital asset (and its most appealing asset to attackers). This is the reason why web app attacks continue to be the most common attack vector for data breaches, according to Verizon’s 2019 Data Breach Investigations Report.”
29. Marty Wachocki, Lead Developer and Partner at Propel Technology
“The future of Cybersecurity is definitely AI. There are new tools and software coming out on a constant basis now that are able to automatically adapt and detect new types of malicious activity, intrusions, attacks, etc.”
30. Marcus Chung, CEO of BoldCloud
“Cybersecurity's future is all-encompassing, considering the emerging technology trends and evolving threat landscape. As organizations develop and adopt technologies related to the sharing of valuable information in an interconnected world, cyberthreats are growing in both volume and complexity. The race is on to secure these systems and devices before fraudsters figure out how to exploit them. Enterprises can do their part by strategically working with cybersecurity experts and investing in solutions and infrastructures that protect their key digital asset, data. Soon, companies will be required to exhibit cybersecurity hygiene and educate users about avoiding suspicious or unsolicited emails and attachments.”
31. Mike Stamas, co-founder of GreyCastle Security
“The future of cybersecurity will be led by a workforce that intentionally studied cybersecurity, rather than fell into it as a default. We are just now beginning to see this generation of truly cybersecurity-trained students enter the workforce, and as they continue to do so, we will begin to solve some of the systemic problems that have been caused by the lack of a skilled workforce.”
32. Markku Rossi, CTO at SSH.com
“The future of cybersecurity is in the cloud. You might intuitively think that your own hardware is safer than the cloud (someone else's computer) – and in some very limited use-cases that is true – but if we forget nation-state actors, the cloud is your best bet for cybersecurity. Amazon, Google, and Microsoft can afford to recruit the best talent to secure their operations, and most organizations simply can't compete on the cybersecurity front.
Moving higher in the cloud stack allows you to concentrate on business logic, instead of worrying about operating system level patch management. By utilizing an Infrastructure as a Service (IaaS) or Serverless setup, you can concentrate purely on your data and computations, and let your cloud provider worry about everything else – including OS updates, HTTP request processing, certificate management, HTTPS security protocols, etc.”
33. Yoni Kahana, VP of Customers at NanoLock Security
“Today’s security breaches, Intel Zombieload flaw and Cisco router bug, have reaffirmed that you cannot rely on the security of the processor or the OS. The future of cybersecurity requires the trust anchor to move within the device, such as embedded in the flash, to protect the connected devices that proliferate today’s society– from smart cities and infrastructure to smart home devices and automotive. Many of these edge devices are deployed in the public domain that could allow adversaries to easily gain access – cybersecurity’s future requires end-to-end protection from the flash to the cloud, even if the processor is hacked.”
34. Shlomi Gian, Chief Executive Officer, CybeReady
“Today CISOs are in defense mode and in many cases are far behind the attackers when it comes to creativity and sophistication. The future of cybersecurity will rely on the super skilled IT organizations, equipped with powerful tools that will allow them to better protect their organizations. The rise of machine learning and science will be at the core of this trend and vendors who will be able to truly deliver innovation in their respective areas will dominate.”
35. Joshua Davis, Director of Channels at Circadence
“The future of cybersecurity is going to include humans working alongside automated assistants, where AI/ML assist in operations. Imagine a day where there are Alexa/Cortana/Google At Home-type tools providing cyber intelligence support going forward.”
36. Troy Kent, Threat Researcher at Awake Security
“While the TTPs of attacks will likely become more advanced in the future, the aims will remain largely the same. You can expect threat actors to continue attempting to exfiltrate PII, corporate secrets, and steal money. Many tried and true attack vectors will stay the same; i.e., you can be sure that phishing as a main vector of initial access isn't going anywhere. But with the emergence of deep fakes, it isn’t out of the realm of possibility that these are used not only for fake news but potentially to bypass authentication systems that rely on voice or video.”
37. Steve Tcherchian, CISSP, Chief Product Officer, XYPRO Technology Corporation
“The ability to leverage machine learning and artificial intelligence is the future of cybersecurity. There is no doubt AI can become the future of security. Data is exponentially increasing. Automation and machine learning have catapulted us beyond the limitations of human skill. But what AI can promise will change and evolve our understanding for the next few years as we continue to understand its capabilities and gaps. Machines fighting machines or machines fighting humans made for great blockbuster movies 25 years ago, and that may be a reality at some point. But for now, the jury is still out on how we can apply AI to combat security threats.”
38. Dirk Morris, Founder & Chief Product Officer, Untangle
“Ransomware, data breaches, phishing and security exploits are the top threats to cyber security. The future lies in cloud services in order to ensure better security and performance. Smaller businesses, including state and local municipalities, mom and pop shops, and others, will be targeted due to their lack of security solutions and limited budget. SMBs should look for solutions that are paired towards their small budgets and limited staffing resources to ensure compliance, network security, and peace of mind.”
39. Satish Abburi, founder of Elysium Analytics
“Unfortunately, Cybersecurity today is a brittle proprietary environment where adversarial communities move faster and are nimbler in developing malware that takes advantage of the complexity in our corporate infrastructures.
Cybersecurity will continue to evolve to an open source environment where the community takes advantage of the commoditization and affordability of massive computational speed and storage.
But, Artificial Intelligence has a growing a community that – year-over-year – scales its models to try and stay ahead of the bad guys. Eventually, cyber professionals will develop a measuring stick similar to Metcalf's law, addressing the accuracy and ability of systems to learn.”
Share your feedback and we'll consider adding it to the piece!
Have expert insights to add to this article?
Share your feedback and we'll consider adding it to the piece!ADD YOUR INSIGHTS