Virtualization Technology News and Information
Article
RSS
Deep Instinct & Top Cyber Influencers Offer Future Cyber Predictions for 2025 & Beyond

Crystal ball 

2021 will long be remembered for the top cyber attacks of the year - such as SolarWinds, Kaseya, and Colonial Pipeline - some of which involved one of the most prominent ransomware gangs, REvil. With cyber threats continuing to escalate and having an impact on major critical infrastructure including hospitals, oil and gas industries, transportation and more, we don't need to just look at the year ahead - we need to really think hard about cyber threats heading our way in the next 5 or 10 years. We did just that by asking some of the industry's most influential thought leaders for their predictions for 2025-2030 to really hone in on what needs more focus in the years to come. 

#1: Increase in Cyber Terrorism and Malicious AI

Guy Caspi, CEO and Co-Founder of Deep Instinct  

Guy Caspi 

I believe we will see more terrorist organizations globally using force through cyber means. Today, terror organizations are still focused predominantly on information warfare, and things like DDoS and defacement. With cyber capabilities continuing to trickle down, I don't believe it's far-fetched to think of attacks on critical infrastructure, transportation, healthcare and more carried out by terrorists. This will be a new ballgame in terms of the level and breadth of the threat. With AI and traditional ML becoming a commodity, I'm sure we'll see AI used and adopted widely by attackers of all levels, and not just adversarial AI for evasion. By leveraging AI tools and capabilities, attackers will improve the scale, success and effectiveness of their attacks.

#2: EDR is not enough

Nadav Maman, CTO and Co-Founder, Deep Instinct

Nadav Maman 

The sophistication level of attackers is going to put organizations in a position in which humans won't be able to hunt threats anymore and the complexity of this will require AI-based cyber analytics that look at the entire organization over multiple signals (device, user, network etc.) across the board, which is not being provided by any vendor today. The level of required algorithms dealing with such a massive amount of data with multiple data sources will continue to be in our top focus.

I do believe that at some point, mid-size organizations, as well as enterprise organizations will realize that EDR is not a good solution against ransomware attacks. The impact on the Total Cost of Ownership (TCO), the operational damage and especially the impact on brand awareness, will cause organizations to put more focus on prevention and deal with these threats more proactively. It cannot be that a specific threat like ransomware will be in discussion for another additional 5-10 years. 

#3 Shifts Towards Cyber Insurance

Daniel Meissler, Head of Vulnerability Management and Application Security, Robinhood

Daniel Meissler 

In the future, I see the cybersecurity landscape moving more towards its inevitable destination, which is something like insurance and accounting. I know, it's not sexy. Security has always been about magic and wizards, and that's exciting, but not stable or predictable. Businesses need stability from security so they can have all their risk be business risk. So we can expect more cyber insurance, more continuous testing of security state, and more continuous validation of the ability to recover from catastrophic events.

#4 Deb Radcliffe, Strategic Advisor, CyberRisk Alliance & Author of "Breaking Backbones: Information Is Power: Book I of the Hacker Trilogy"

Deb-Radcliffe

In the next 5-10 years, I think we will see an increase in remote warfare via drones, which will open up new drone signals and control hacks. Even the military are starting to leverage these techniques already. If these become weapons of mass destruction this will be the next place bad guys will use to monetize and hold businesses hostage. I include a lot of this in my cyber thriller, "Breaking Backbones: Information is Power." I also see the advancement and a new era of more killware against smart, self-driving cars (also in my book), medical devices, and other smart devices that can be used to kill and harm people physically. Sadly, ransomware operators don't care if they are killing people.

Digital transformation, a term marketers love, is actually just an overhyped buzzword for moving to the cloud and has been expedited in timing because of the pandemic and remote work. More apps are getting hacked in the cloud with leaky buckets, etc., as Developers make their own cloud networks to build to. The cloud will be where attackers turn most of their attention to in the future. Supply chains will be impacted more regularly as a result.

Lastly, I would like to clarify that most hackers are good guys and bad guys are bad guys. Hackers do not deserve the reputation of being bad guys.

#5 Cyber Wakeup Calls Ignored

Ira Winkler, Author of "You CAN Stop Stupid: Stopping Losses from Accidental and Malicious Actions" and CISO of Skyline Technology Solutions

Ira-Winkler 

When we look at the Colonial Pipeline attack earlier this year, we need to ask ourselves: why is this attack any different than Code Red, Nimda or even the Morris worm? Why didn't anyone stay awake after those so-called wakeup calls? We keep hitting the snooze button on all ransomware attacks which have all been called, "wakeup calls". Colonial Pipeline was a pimple on our ass compared to the damage WannaCry did and nobody seems to remember it. Gas shortages were nothing compared to hospitals shutting down in the UK with WannaCry, among other impacts throughout the world. The cyber industry has such a horrible memory in acting like Colonial Pipeline was worse than WannaCry -- which was not the case. Ransomware is the same as the Morris worm at the end of the day. There is no revolutionary new attack so to speak - it's just an evolution  - simply just a progression of using available technologies to refine malware.

The problem is that for the last two decades, we have seen complete stagnation in how we fix, "The user problem". We have this ridiculous saying about humans becoming, "The Human Firewall". You should be fired as a leader if humans are your last line of defense. Many people tried to portray the SolarWinds hack as a user issue, since the attack happened because an "intern" set a bad password. Your entire security posture should not crumble because of a single bad password. We need a stronger security strategy in place to prevent these attacks from happening in the first place.

#6 Securing Blockchain and Crypto

Marcus Carey, Enterprise Architect, Reliaquest and Author of Tribe of Hackers

Marcus-Carey 

In the next 5-10 years, I see most companies doing crypto payments and people will need to understand these better, as scammers will be coming after corporate crypto wallets. Cybersecurity pros need to pivot into Web3 to operate in the blockchain. Big brands will continue to use NFTs, and companies like Disney and Marvel will have a NFT with IP that people will want to buy.

Along the same lines, attackers are already operating in Web3 with ransomware attacks that leverage bitcoin and cryptocurrency. In fact, attackers have been super savvy in crypto for a while now, so we need to threat hunt and identify bad actors in the cryptocurrency space, through the blockchain. If companies are receiving crypto money, attackers will try to access these wallets. We may have cash in the bank currently, but in the near future, these digital wallets - also known as hot wallets - will be a major target for attackers who aim to steal the currency out of them since they live on computers. The reason why cold wallets are important is because attackers will look for hot wallets on the network and some people might want to store cold wallets in a safety deposit box.

Preparing for the Future

While we know predicting the future can be futile, being prepared isn't. There are many attainable steps organizations can take to not end up front-page news. As we head into 2022, there are many challenges we face, but one thing is for sure: the importance of cybersecurity continues to grow not just year over year, but well into the future. And with each technology revolution - AI/ML, crypto, Web3, and more, we need to innovate just as fast with cyber threat prevention technologies as well. We would love to hear your predictions to see how they stack up against these industry influencers and experts! Reach out to us on Twitter @deepinstinctsec to share what you are seeing in your 2025-2030 crystal ball.

##

Published Wednesday, January 12, 2022 7:36 AM by David Marshall
Filed under: ,
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<January 2022>
SuMoTuWeThFrSa
2627282930311
2345678
9101112131415
16171819202122
23242526272829
303112345