How will your organization protect its most important digital assets five years from now? What about 10 years from now, in 2030? And how will you keep your personal identity safe in the threat landscape of that era?
It’s been reported that according to data by the IDC, “85% of enterprise decision-makers say they have a time frame of two years to make inroads into digital transformation or they will fall behind competitors and suffer financially.” Digital transformation plans will fail without paying attention to digital trust.
While the security industry tries to be forward-thinking, planning for future threats before they take us by surprise, it is difficult to visualize how things will be in the future. Consider how much things have changed in the past decade. What new threats have emerged? What new tools have been created, and what has changed in our security approach?
Given the rapid transition that economies, societies and technologies are experiencing, it’s likely the transition from 2020 to 2030 will be more volatile and disruptive than the previous decade. Innovation will both revolutionize and create the potential for a perfect storm in the future of data protection.
Based on what I’m seeing, as the senior vice president and chief marketing officer of a cybersecurity company, I believe tremendous change is coming in at least three areas:
1. Market Transitions
There are a lot of hot technologies that will hit critical mass in the next 10 years.
Artificial intelligence (AI) has provided fodder for futurist speculation for decades, but practical applications are impacting more aspects of corporate life in the here and now. Cybercriminals also leverage AI to make attacks more effective, and cybersecurity vendors use it to detect and respond to threats.
It’s likely that 5G networking, which I expect will explode in the U.S. over the next two years, will revolutionize everything from healthcare to public safety to autonomous transportation. Latency will be a thing of the past, as speeds ranging from 10 to 100 times that of 4G LTE will mean that even slow-moving information will move more quickly than the human eye can send a signal to the brain. With that, 5G will also enable adversaries to deliver their attacks more efficiently and effectively.
Quantum computing is still in its infancy, but analysis suggests that some companies may reap real gains from the technology by 2025. Whenever it comes, it will suddenly be possible for a single machine to do billions of computations simultaneously. This means that today’s cryptographic algorithms will be breakable, exposing information to cybercriminals.
Quantum-resistant cryptography is under development, but chief information security officers (CISOs) will need to plan for “rip and replace” scenarios to implement it. This will require a substantial effort by enterprises to reencrypt everything they store today to become quantum safe. At the same time, social and political trends may mean that this incredibly advanced technology resides on systems that are more fragmented than they are today. Standards like the new cryptography law in China (and unique cryptographic requirements in other nations) will mean that technology will be less interoperable across jurisdictions.
2. Global Compliance Pressures
The trend is clearly toward more regulations versus fewer, and the current patchwork of requirements across jurisdictions will likely become more complicated.
Compliance with the European Union’s General Data Protection Regulation (GDPR) has been a headache for global companies over the past two years, and now companies with customers in California must comply with the similar requirements of the California Consumer Protection Act (CCPA). California has also recently enacted minimum security standards for all internet of things (IoT) devices sold in the state.
These are among an alphabet soup of requirements that sort out by geography, vertical and other criteria. In the future, companies may have to go to market in very different ways in different countries to stay globally compliant. For companies that decide to ignore them, the “playing nice” period for compliance appears to be over, and governance bodies are now assessing significant fines for GDPR violations.
3. The Proliferation Of ‘Smart’ Consumer Electronics
Consumer IoT devices are a hot-ticket item right now. Smart home gadgets, security cameras and even over-the-counter health devices are attracting a critical mass of buyers. Their ease of use encourages wide-scale adoption, but the reality is that many aren’t configured securely. Home routers, many of which are connected to dozens of devices, are vulnerable to attack, as are the individual devices. Most device manufacturers are either slow to issue security patches, or they neglect to update devices.
What Can We Do?
Trends are converging, and the main result is even more complexity and risk — for businesses and consumers. Large enterprises will continue to invest in their security stack, which will include new elements over time. AI will be a bigger part of security strategy, and tools like quantum-resistant encryption will not be optional.
But what about when we take off our enterprise security hats and go home to our Wi-Fi router and all the devices connected to it? What are the best suggestions for security hygiene we can follow at home?
Most pointers will seem obvious to those of us in security: Use complex passwords, and change them often. Don’t click on unknown pop-ups or unexpected email attachments. Don’t delay installing updates. In regard to security, an ounce of prevention is worth a pound of cure. We can be security lights in the darkness for everyone around us. We go to other professionals when our cars break and our plumbing needs to be fixed — maybe we need to let our friends and family trust in us when they need security help.
Pragmatism is the order of the day: Little changes in security habits can add up over time. Teach those around us to make those changes, one at a time, and perhaps the threats of 2030 won’t be as severe as we might expect.
