From Covid-19 to war in Ukraine, SolarWinds Sunburst, Kaseya, Log4j, MOVEit and more, the past five years brought cyber to mainstream attention, but what comes next? The Computer Weekly Security Think Tank looks ahead to the second half of the 2020s
By
- Pierre-Martin Tardif, ISACA
Published: 06 Dec 2024
Guessing the future is always a difficult task. Six trends for the next five years seem more apparent than others, and it will be interesting to re-read this article in 2029 to assess its accuracy. In the meantime, the six trends standing out as top priorities, in no particular order, are:
Preparing the post-quantum cryptographic migration, including raising top management awareness to provide sufficient resources.
There will be a need to identify where cryptography is used in the organisation, which can be found in several places, including libraries, the Internet of Things (IoT), communication protocols, storage systems, and databases. Prioritizing systems for the transition will be paramount, taking care to clearly identify your critical systems.
Choosing how to manage the transition will also be essential since it may hinder the organisation. More precisely, hybrid protocols, mixing classical and post-quantum cryptography, could be an interesting option to consider, since it allows your clients to migrate at their own pace.
Also, testing will be mandatory, while deploying a realistic test environment might be complex. Finally, the right migration time will be hard to establish, even if governments provide guidelines.
Finalising operational technologies (OT) oversight, improving their cyber resilience, and integrating them into existing cyber security operations.
This convergence started more than 10 years ago and is still ongoing. OT cyber security must include addressing human safety concerns and intensive collaboration with engineering.
The monitoring approach should rely on artificial intelligence (AI) to identify abnormal behaviour, from weak signals, to support advanced persistent threat hunting. Since some systems are legacy, they may lack the necessary features to directly collect the information needed. Encapsulating with an intermediate security system could be a viable solution.
A layered defence strategy and a movement toward a zero-trust architecture might help minimise the attack surface.
Improving cyber security fundamentals, including identity management and network micro-segmentation, and supporting zero-trust architecture while enabling automated threat response.
This leads to implementing robust identity and access management that enforces least-privilege principles and multi-factor authentication.
By integrating policy-based automation, access management becomes more dynamic, transparent and enforceable. Continuous monitoring and real-time analytics should be used to detect anomalies and unauthorised activities, including user behaviour, device posture and geolocation.
Learning how to conduct cyber security for artificial intelligence pipelines (AIOps) while constructing a business case for artificial intelligence-based cyber security, like zero-day attack detection.
This dual focus addresses the sharply increasing complexity of cyber threats and the pervasiveness of AI. As AI continues to revolutionise the landscape, international and domestic regulations are being defined and will become vital to ensure its compliance, resilience and trustworthiness.
Addressing increasing regulations to maintain global compliance, notably for privacy, critical infrastructure, and business continuity.
As stricter rules are adopted, like European Union’s (EU’s) General Data Protection Regulation (GDPR) and AI Act, California’s Consumer Privacy Act (CCPA) for privacy, as well as European Network and Information Systems Directive 2 (NIS2) and CISA guidelines in the United States for critical industries, and more specific requirements from the EU’s Digital Operational Resilience Act (DORA) for the financial industry, organisations need to contextualize these requirements and integrate them into their security posture.
Collaborating closely with third parties, including identifying their Software Bill of Materials (SBOM), and communicating any vulnerability along the supply chain. This will remain an important priority for security leaders as the global enterprise landscape becomes increasingly interconnected.
This should ensure a better understanding of the dependencies toward the third parties, and when an organisation becomes more mature, the broader interdependencies of their ecosystem.
In conclusion, while predicting the near future remains a challenging task, these six top priorities will play a pivotal role in organisational resilience.
As we look ahead, there seems to be a distant echo on the horizon. Let’s hope it is not your next threat!
Pierre-Martin Tardif is a member of the ISACA Emerging Trends Working Group. A longstanding IT and cyber security professional and educator, he is based in Quebec, Canada.
