Within the next 20 years, cybercrime is going to be one of the greatest challenges faced by humanity. No industry is immune — cybercrime comes with a predicted annual global price tag of over $6 trillion by 2021.
The current and future states of the cyber threat landscape seem clear, but what about cybersecurity's role as the first line of defense against this new level of cybercrime? A FireEye report examining cybersecurity in 2019 and beyond highlights a rise in nation-state offensive activities, a lack of risks or rulebooks for attackers and a lack of security resources as factors affecting the current state of cybersecurity.
How did we get here?
The origins of today’s sophisticated cybercrime activities can be traced back to a type of computer virus that acted like a worm. In 1971, a few users of the ARPANET (the earliest form of the internet) were caught off-guard when their screens displayed the message: “I’m the creeper, catch me if you can.” Creeper was a type of virus with the ability to duplicate and spread to other systems, but unlike the modern malicious virus, it could only display messages.
The first malicious virus, called Rabbit (or Wabbit), was documented in 1974. The key differentiator is that this virus reproduced itself on the computer it infected until it was able to invade the system and cause it to crash.
Since then, computer viruses have become part of life, but they have rapidly evolved with cybercrime. Considering these trends, along with the widely accepted increase in internet of things (IoT) usage and data growth and the impact of stricter data protection and privacy legislation, what may the future of cybersecurity look like over the course of the next several years?
More military veterans with cybersecurity skills will be recruited to address the skills gap.
Unfortunately, the number of unfilled cybersecurity roles outstrips the supply of suitable talent, with an ever-widening gap of nearly 3 million jobs. While schools and training organizations are working tirelessly to reverse this, enlisting the expertise of former military veterans is a viable option. Each year, more than 200,000 U.S. military members transition back from active-duty positions to civilian life -- not an easy change. Fortunately, recognizing the value to be gained from incorporating military-style tactics to defend their digital space, more organizations are putting programs in place that cater specifically to veterans with security-focused skills, giving them training and certifications, mentorship and placement opportunities in the cybersecurity industry.
Security data scientist roles will become more prominent.
Successful businesses today run on data, and to a certain extent, the same will be true of cybersecurity. Artificial intelligence and machine learning solutions depend on data, and as these become mainstream, they will need data that is prepared, processed and interpreted. Enter the role of the security data scientist, who specializes in the application of advanced analytics to data sets, separating the good from the bad to uncover unidentified risks. Artificial intelligence and machine learning solutions can automate security after this data has been collected, sifted through and interpreted.
Social contracts will evolve and cement trust amongst data, systems and humans.
Privacy and trust are enormous factors when it comes to security. In the modern age, this now also extends to digital entities, not just people. We’re living in a world where data privacy and protection is at a peak, yet we continue to create more data through the use of IoT and modern technologies, expecting the same, if not higher, levels of privacy.
When visiting the doctor, for example, a level of trust and security exists. Previously, that level of trust and privacy existed between patient and professional, but in the modern era, that relationship can apply to digital entities or representations, such as web or mobile interfaces conducting remote consultations or digital assistants taking notes during a face-to-face session. These digital entities can be similar to physical entities, which explains why social contracts must change — they need to ensure privacy and trust across the board for all parties at play.
Applications will continue to fuel business but need security.
According to research, by 2020, the apps market will be valued at $189 billion. It is, therefore, understandable why the emphasis on application security (AppSec) — the process of making apps more secure by finding, fixing and increasing their security — is now far more pronounced, particularly considering that applications have become lucrative targets for hackers.
Most of the application security takes place during the development phase, during which developers monitor, fix and, as far as they can, prevent security vulnerabilities. A standard coding error, for example, could open the door for unverified inputs, which can easily become SQL injection attacks and, later, data leaks — if a hacker knows where to find them. The most successful AppSec methods operate across the whole life cycle of an app, from design and development to release and update.
What does this mean for your business?
Cybercrime is not going away. The onus is on businesses to implement and be vigilant about all cybersecurity measures. Internally, this means educating employees to be aware of potential vulnerabilities that could be a way in for cybercriminals — for example, suspicious-looking emails or when to use a personal smart device for work purposes.
In terms of business operations, it’s important to identify potential gaps in cybersecurity expertise and enlist individuals with the right skills to fill that gap. This could mean an opportunity to employ military veterans with the required skills or data scientists who can analyze and curate data. Companies with web and software applications should look to deploy security into each phase of the DevOps process to reduce vulnerabilities, rather than right at the end.
The fight against cybercrime is not an easy one, particularly when the goal posts keep changing. But the cybersecurity industry is working hard to constantly innovate and leverage existing and evolving technologies, including artificial intelligence-driven approaches, to prevent adversaries from winning.
