Cyber Security in 5 Years: The Top Experts Speak

Cyber security is quickly becoming a part of everyday life. We see data breaches weekly – either reported timely or not – with much finger pointing, and many times, not with many concrete solutions. Education, creating robust strategies and simply talking can be the beginning building blocks to data protection. Here we are building the conversation around the future of cyber security, and predicting and analyzing the best strategies to win this cyber protection ‘game.’ We reached out to cyber security experts in the field to help us get a grasp on our posed question. We asked for them to share important cyber security projections in the next five years. Below you’ll find the responses to the question we posed:

Where do you see cyber security in 5 years?

Cyber Security in 5 Years: The Top Experts Speak

Meet our Panel of Cyber Security Experts:

Gregory MorawietzDr. Ken Baylor
Dr. Chadd CarrMichael Fimin
Stefan MaerzPieter VanIperen
Rodrigo MontagnerMihai Corbuleac
Asankhaya Sharma Tomas Honzak
Brian Berger
Rick Deacon
Igor Barinov

GREGORY MORAWIETZ

Cyber Security Predictions for 2018: The Top Experts Speak

Gregory Morawietz is a IT Security Specialist for Single Point of Contact with over twenty years’ of network and security experience. Morawietz has worked with hundreds of firms on improving IT environments, consulting and integrating technology for the enterprise network.

This is where cyber security will be in 5 years…

  1. Cyber security protection will not be any further along than it is today as far as how it’s positioned. As technology continues to evolve, so will the threat landscape. Wearable breaches will occur, IoT devices will be compromised, vehicles will be rooted and massive data breaches are on the horizon. There will continue to be data breaches, massive hacks. It will not be U.S. based; instead, it will be on a global scale. Companies don’t take their security seriously. Most organizations are in reaction modes without a good response plan. IT and Operations is always the last thing to get funded and the first thing to be cut. No one sees the need to throw money at a breach that may or may not occur, and for this reason they will continue to occur on a regular basis.

 

DR. CHADD CARR

Cyber Security Predictions for 2018: The Top Experts Speak

Dr. Chadd Carr is the Chief Technology Officer (CTO) and Global Lead for Cyber Innovation & Strategy at 6massive Holdings, LLP. Prior to 6massive, Carr was the Founding Director of PricewaterhouseCoopers (PwC) National Cyber Threat Research Center (CTRC). As a former Special Agent and Computer Crime Investigator with the Air Force Office of Special Investigations (AFOSI), Carr’s 18 years’ experience covers cyber security, intelligence, network intrusion investigations, computer forensics, and information operations.

This is where cyber security will be in 5 years…

  1. As society becomes increasingly integrated, especially in the area of IoT (the internet of things), we will see a continued shift away from traditional deterrence and prevention cyber security frameworks towards more modern methodologies emphasizing on containment and remediation.
  2. An increased demand for legislation. Just as those U.S. based companies offering health insurance benefits are required to comply with HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act), companies like Equifax that routinely collect, store, and aggregate subscriber personally identifiable information (PII) will be required to conform to strict federal data retention and incident reporting requirements.
  3. An increase of major breaches as corporations begin to outsource liability and responsibility of fines, fees, and penalties resultant of such breaches in the form of cyber insurance. To counter this trend, these insurance providers will need to price their policies in such a way that the insurance supplements, rather than replaces, robust security frameworks. The inherent challenge of that however is defining what that standard will be. Cyber security, much like life, requires collaboration.

 

STEFAN MAERZ

Cyber Security Predictions for 2018: The Top Experts Speak

Stefan Maerz is a cyber security engineer for Titan and Summit, two of the world’s fastest supercomputers at Oak Ride National Laboratory. Prior, Maerz worked on the cyber security program at Los Alamos National Laboratory, and has experience as a systems administrator and in technology consulting.

This is where cyber security will be in 5 years…

Not all that different than it is today to be honest — every year the Verizon data breach report comes out and it more or less tells us the same thing. We need to build security in as a fundamental component of our technology architecture.. There is no easy button in security. The state of the industry hasn’t evolved much in the past 5 years — I don’t foresee a reason it will change tremendously in the next 5.

That said, there has been an emerging trend toward data analytic platforms based on behavioral information that is showing promise. Historically, the security industry has attempted to enumerate lists of bad things — anti-virus signatures, network intrusion detection signatures, domain names, IP addresses, indicators of compromise…the list goes on. The problem with this approach is that the list of bad things will never stop growing. And we as defenders have finite resources. The enumeration of badness approach is an arms race, and one that we as defenders will never win.

Rather focusing on behavioral indicators that are common among a large variety of attack scenarios is much more useful. For example, a wide variety of attacks involve account compromise. Consequently, odd user account behaviors can help you detect a wide variety of attacks. Further other tools like DNS analytics, beaconing/command and control channel analysis can be quite useful.

 

RODRIGO MONTAGNER

Cyber Security Predictions for 2018: The Top Experts Speak

Rodrigo Montagner is an Italian and Brazilian IT Executive with 18 years of experience managing IT in multiple businesses and countries. Montagner is currently CEO and Founder of OM2 Tech Solutions.

This is where cyber security will be in 5 years…

In five years, most of the components, software and approaches to internet, connectivity, IoT, e-mail and security content currently used and/or under development will evolve and adapt into a more easy-embedded situations, where the devices will be much safer than today, and potentially so safer that the first big layer of cyber war will slightly move into new layers and patterns, such as, for example, trying to turn block chain into an insecure environment, spread different types of invasions and cyber threats directly from the dark net, etc.

If you think about a reality of self driving vehicles (planes, cars, trucks), robots 100% digital and as a strong workforce, this future reality will loudly claim for a more secure environment. That’s why I believe that the cyber war will move into deeper layers of information and internet.

Hardware and Software will be much more safer, and cyber security will have to be less naive and move into deeper channels.

 

ASANKHAYA SHARMA

Cyber Security Predictions for 2018: The Top Experts Speak

Asankhaya Sharma is a cyber security expert and technology leader with over a decade of experience in creating security products for industry, academia and open-source community.

This is where cyber security will be in 5 years…

One of the main driving trends in cyber security in the past few years has been the increase in the use of Machine Learning and AI. If you look at any new endpoint protection or threat detection product today, you will notice that instead of relying on signatures or rules they tend to be focussed on anomaly detection based on machine learning models. In the next 5 years, we will see this trend spread out and intensify to the extent that it will impact the roles of cyber security analysts and researchers. The next phase of technology that is coming up in cyber security is using AI to replace most of the work done by human analysts. This includes not just detecting threats but automation in security response and orchestration. The skill shortage we currently experience in the security industry may no longer be a problem in 5 years due to automation.

 

BRIAN BERGER

Cyber Security Predictions for 2018: The Top Experts Speak

Brian Berger is the executive vice president of commercial cyber security for Cytellix, responsible for 24/7 system management and business operations, as well as marketing, development, sales and engineering support of the cyber team and its solutions

This is where cyber security will be in 5 years…

Cyber security will become a mainstream practice of all businesses as part of business continuity vs IT.  As technology expires “end of life,” it will be replaced with the next generation products that have “security or cyber-by-design” as a function of the product. The growth of IoT/IoE, autonomous products/vehicles/distribution drones will be used as part of the infrastructure causing the need for stricter controls for monitoring cyber health. In addition to monitoring, the dynamic need for security patching/updates will be required as part of normal daily cyber practice vs where we are today.  As technology cycles include security by design, some software point solutions will become imbedded vs add-on causing a shift in the technology industry.  We have called these cycles in technology “consolidation”, but the new term may be something completely different for the shift technology and investments in new start-up products/technology.

 

RICK DEACON

Cyber Security Predictions for 2018: The Top Experts Speak

Rick Deacon is an ethical hacker with nearly 10 years of experience who started Apozy, a cyber security startup backed by YCombinator.

This is where cyber security will be in 5 years…

With the extreme push to the cloud from companies like Google, Amazon, and Microsoft – the future is cloud. As far as security goes, companies will be pushing to create a security ecosystem that breaks down traditional networks and keeps data completely in the cloud with software defined perimeters. This means the largest changes will be:

  1. Companies moving to cloud apps for EVERYTHING. Including authenticity, identity, and attestation.
  2. Perimeter Less security models such as Google’s Beyond Corp.
  3. Centralized management of all data and users.
  4. Application security as the main focus.

 

IGOR BARINOV

Cyber Security Predictions for 2018: The Top Experts Speak

Igor Barinov is the co-founder and product manager at Oracles Network, an Ethereum-based public network. Oracles Network is the first Ethereum-based public network with Proof of Authority (PoA) consensus reached by independent, pre-selected validators.

This is where cyber security will be in 5 years…

In recent years, we’ve seen cyber security become increasingly significant. The amount and the quality of data that we put online is what drives the shift. Never before was it possible to find so much private information online. And this trend keeps growing. Also, people realized the importance of data. The right data insights can open all doors for you. So the ever-growing amount of data and understanding what a huge force it encompasses is a necessary conversation have.

So, a logical question to ask now is: “What steps can individuals and companies take to protect their data?” Being on top of technological breakthroughs is important. A lot has been done in the blockchain space to improve data safety, for example. The notion of distributed data storage, by default, makes data less vulnerable to stealing. If the information doesn’t belong to one particular person/ organization/ server, it’s close to impossible to be stolen. Also, the nature of anonymous/ pseudonymous data makes it less appealing to potential thieves who are after the data on the specific company. There are blockchain projects focusing on building solutions for data authentication and device security management. Lastly, it’s important to remember that attacking technologies develop together with protection technologies. No solution will work forever.

 

DR. KEN BAYLOR

Cyber Security Predictions for 2018: The Top Experts Speak

Dr. Ken Baylor is the president of the Vendor Security Alliance. Previously he was CISO at Symantec and Pivotal, and Head of Compliance for Uber.

This is where cyber security will be in 5 years…

The focus will change from buying just another security product provide an negligible security advantage. It will shift to focusing on what is weak in your whole delivery process (i.e. your company plus those you closely rely on). This will mean advanced due diligence on third parties, and swapping out those with weak security/privacy practices for those with better ones.

Those who abuse consumer trust (e.g. Equifax) pay the price. Blaming a third party for the breach no longer suffices. We are seeing this being driven by GDPR is Europe and the FTC in the US.

 

MICHAEL FIMIN

Cyber Security Predictions for 2018: The Top Experts Speak

Michael Fimin is an accomplished expert in information security, CEO and co-founder of Netwrix, a provider of a visibility and governance platform that enables control over changes, configurations and access in hybrid cloud IT environments to protect data regardless of its location. Netwrix is based in Irvine, CA.

This is where cyber security will be in 5 years…

  1. Continuous adaptive risk and trust assessment. The CARTA approach represents a critical strategy for forward-thinking CIOs and CISOs. Continuous monitoring and risk assessment of business networks and ecosystems will help organizations recognize the changing threat landscape and make better decisions about your cyber security posture, e.g. granting certain access rights to users based on their user history.
  2. User Behavior Analytics. Due to high demand for more context around insider behavior, many organizations will finally switch from traditional monitoring solutions to those that provide deep analysis of user behavior and help them identify insider threats in their early stages. While companies will still need basic detection strategies in place, precise analytics of what users are doing in the IT environment will help them mend their security holes better and investigate breaches faster.
  3. SIEM-UEBA integration. Gartner predicts that by 2020, at least 60% of major cloud access security broker vendors and 25% of major SIEM and DLP vendors will incorporate advanced analytics and UEBA functionality into their products. I think this is a logical step: while SIEM are good at detecting already known threats, UEBA solutions deliver additional context to events that miss important details, which will greatly simplify job of IT security professionals and help them address hidden risks faster.

 

PIETER VANLPEREN

Cyber Security Predictions for 2018: The Top Experts Speak

Pieter VanIperen is a Founding Member of Code Defenders a collective the protects the long tail of the internet, an Adjunct Professor of Code Security at NYU, a Certified Penetration Testing Engineer (Ethical Hacker) and a Certified Secure Web Application Engineer. Vanlperen is currently a resident software architect and secure coding expert for a major online discount brokerage. He has also served as the CTO of several digital companies and has advised multiple startups.

This is where cyber security will be in 5 years…

Cyber security is going to be intimately intertwined in development cycles, like QA and performance testing. Patching cycles will continue towards total automation, as the number of vulnerabilities found is going to continue to increase. Threat intelligence and more intelligent behavioral analysis is going to play an increasing role in impeding the progress of attackers. Ultimately though, cyber security is going to be a long term arms race like the cold war. Companies will begin to arm themselves and breaches will become smaller hits occurring less frequently, and they will mostly go under the radar of mainstream press.

MIHAI CORBULEAC

Cyber Security Predictions for 2018: The Top Experts Speak

Mihai Corbuleac is Senior IT Consultant at ComputerSupport.com LLC an IT support company providing professional IT support, cloud and information security services to businesses across the United States since 2006.

This is where cyber security will be in 5 years…

Technology is an asset, but it comes with a price. We always need to prevent and watch for new vulnerabilities and this is why cyber security will remain a top priority in the following years. However, even with the help of AI and machine learning it will not be easy. We will be seeing smarter and more sophisticated big data systems, but on the other hand, there will be complex attacks launched on a grand scale with little or no human intervention that can damage connected devices, digital infrastructures in a matter of seconds. States will definitely have a bigger role in protecting large scale environments like their own infrastructure: electricity, water supply, traffic control, against DDoS or ransomware attacks. The situation can get even more dangerous if we think about our vehicles, which are controlled by Electronic Control Units which are hackable – cyber security will be vital, volatile and hence more expensive. Guarding data will remain a challenge in the following five years.

TOMAS HONZAK

Cyber Security Predictions for 2018: The Top Experts Speak

Tomas Honzak is Director of Security and Compliance at GoodData.

This is where cyber security will be in 5 years…

Security needs to continue working closely with businesses to make sure business managers can make educated decisions about the risks related to cyber security – and CISOs need to use their decisions to justify their budget requirements. Without the tight cooperation, security will be seen as just another item on the costs list that brings little value.

In many cases, especially for smaller organizations, data protection is done only on best effort principle. For IT shops, this typically means that there’s at least the basic technical security, everywhere else, the companies are literally at the mercy of their service providers. Hiring a compliance or governance related role means not only a chance for the business to start looking at their data in a more systematic, end-to-end and risk-based manner, but also  – and this is what regulations like GDPR intend to achieve – from a standpoint that was never really considered before. These roles can help the company evaluate and mitigate not only risks related to the technical security, but also address the regulatory aspects of the business and integrate them with the IT operations in a way that makes the best sense in the scope of the business

READ MORE IN THE SERIES:

Important Takeaways From the WannaCry and NotPetya Cyber Attacks: The Top Experts Speak
What Computer Security Experts Wish You Knew: The Top Experts Speak
Cyber Security Predictions for 2018: The Top Experts Speak

Megan Thudium

Megan Thudium

Megan Thudium is a Berlin-based writer with a passion for curating actionable and enlightening content for business leaders. A seasoned author, her latest works encompass topics in travel, business and information security. Follow Megan on twitter @megan_thudium.

You may also like...

1 Response

  1. October 25, 2017

    […] This article was originally published at: https://itsecuritycentral.teramind.co/2017/10/25/cyber-security-in-5-years-the-top-experts-speak/ […]

Leave a Reply

Your email address will not be published. Required fields are marked *