Over the past several years, we’ve witnessed a major shift in how organizations accomplish tasks with the increasing shift to digital and cloud. It is no secret that for the rest of 2022 and years ahead, the cyber security landscape will continue to evolve, and cyber-attacks will become more unrelenting. So, one thing is obvious: the pace of change in the cyber security sector will be brisk. We asked 5 cyber security experts their predictions for the future of cyber security. Continue reading to explore their insights.

Randy Purse, Senior Cybersecurity Advisor at Toronto Metropolitan University

I think that AI, Machine Learning, and zero-trust are already having a significant influence on cybersecurity, and they will continue. For AI and machine learning, it’s a double-edged sword. There is tremendous work going on to leverage these technologies to help combat threats. However, there is also increasing use by threat actors. So, we need to stay on our toes. 

Zero-trust across all networks everywhere is a great idea, but for many small and medium businesses very ambitious and costly – this will gradually change with increasing virtualization and adoption of cloud-based solutions that have zero-trust architectures. 

Another important trend will be the evolution of cybersecurity as a discipline.  Right now, it is still largely a specialized sub-discipline within the technical community. We are starting to see greater integration of cybersecurity into mainstream management, finance, and business education programs. But this evolution appears to be considerably slower in technical disciplines. 

I’m hoping that in the not-too-distant future, we see all IT, computer, and engineering programs with embedded cybersecurity curriculum so that everyone graduating from a technical program will “design with security in mind”. We’ll always need specialists in the field, but at this stage, there shouldn’t be a software developer or computer engineer graduating from a program without a solid foundation in cybersecurity.

Joshua Copeland, Director of Security Operations Center (SOC) at AT&T 

For tools, I think AI/ML will be the next big leap for cybersecurity. The ability for tools to start doing the things that we would typically have a Tier 1 Analyst do is going to be huge in the ability to automatically identify and remediate issues. 

From a larger perspective, compliance with all the new laws, regulations, and governances that are being rolled out globally and really understanding what applies to an organization and how to comply is going to be huge! An organization is going to have to spend a significant amount of time to ensure its practices are meeting the bars these rules are creating.

Christophe Auberger, CTO and CISO Advisor at Fortinet

First, on the threat side, I believe that ransomware attacks will continue to explode, with increasingly effective phishing techniques. Their complexity and sophistication will also certainly increase, due to ever greater professionalization. There is also a risk of other supply chain attacks. These attacks are extremely dangerous and can expose an incredibly large number of businesses. 

From the point of view of security and defense strategies, we are already seeing several phenomena that will increase. The first concerns the convergence of networks and security which explains the adhesion to approaches such as SD-WAN, SD-Branch, or SASE. 

Then, there is an ever-growing need for simplification, integration, and automation of cybersecurity technologies, and we are moving towards the end of silo approaches. Finally, security consumption models are increasingly moving towards a service model associated with SLAs. This model will become more and more common.

Hannu Huttunen, Security Advisor 

The trend in information security for the next 3 years is going to be an increase in the different types of online scams in various forms involving e.g., cryptocurrencies and other get-rich-schemes also love scams seem to be more common every month. Cyber espionage targeted organizations are going to be one threat that will continue to be a current topic for foreseeable future. 

As the current situation in the world is very confused due to a war in Ukraine, there is and will be an elevated possibility of cyber-attacks targeted to governments, infrastructure, and various types of businesses in the west. One information security-related threat, and which seems to be overlooked and not seriously taken is the increased possibility of personnel espionage done by fleeing Russian IT specialists. 

It has been said that over 70.000 Russian IT specialists have fled to the west due to various sanctions set on Russia. As we know from the past, certain intelligence services have used different conflicts to infiltrate their personnel to western countries as a refugee looking for asylum and places to start a new life. When the war in Ukraine started many western companies started to hire fleeing IT refugees naively not thinking about possible serious risks involved.

Andre Maeder, Chief Information Security Officer (CISO) at Justitia 4.0

I see a strong tendency in seeking technical-only remediation of information security risks. Whilst these are and always will be important, I also believe that the personal touch and behavior will have a revival. Trying to technically strengthen the weakest link has its limits and so I trust that the information security market will expand and cover more interpersonal topics over the coming years.

Employee training helps you keep pace with changes in the industry 

As technology progresses, there comes the need for employees to align with these changes and foster cyber security knowledge and skills. One of the best ways to increase knowledge is through security training and development programs. By continuing to help your employees expand their skills, they will feel like more productive members of the company.

Swiss Cyber Institute’s Cyber Security Specialist program with Federal Diploma will provide you with an understanding of how to protect systems, applications, and data from cyber-attacks and minimize damage to critical assets. Download the program brochure or contact us for more information.