Ever wondered what the state of cybersecurity will look like in 2031? While 10 years may seem far in the future, the speed at which the industry evolves will make the next decade fly by. Predicting the future of cybersecurity isn’t just about looking into the crystal ball for fun. By imagining how the industry will change in 10 years, chief information officers and chief security officers can prepare for future challenges so they don’t look back and wish they had acted in 2021.
As much as I enjoy making predictions, to give this story the best chance of getting things right, I interviewed three top cybersecurity experts for their perspectives on the future of cybersecurity.
Tyler Cohen Wood is an author, speaker, and former senior intelligence officer with the Defense Intelligence Agency.
Roger Grimes is the defense evangelist for KnowBe4 and author of several books on hacking.
Troy Hunt is a cybersecurity speaker and trainer. As the founder of the popular website ‘Have I Been Pwned’, he has also testified before Congress about data breaches.
We talked about the future of the cloud, passwords, artificial intelligence (AI), data breaches and the skills gap. Check out their expert insight into what the industry needs to know about the future of cybersecurity in 2031.
Future of Cybersecurity: Cloud Computing
If there is one aspect of IT that has seen the most growth in the last 10 years, it is undoubtedly the use of the cloud. In 2031, the cloud can only continue to blaze ahead. Or is it possible? Depends on who you ask.
According to Hunt, cloud makes it faster, cheaper and easier than ever to put services online and collect huge amounts of data.
“But faster, easier and cheaper than ever means it’s easier to expose everything,” he said. “We see that a lot is going wrong now. I don’t see any of those factors diminishing in the next ten years. Especially since there is such a high demand for it. Of course we want cheap, ubiquitous cloud services; of course we want to connect our washing machines to the internet and that is not going to change.”
However, Cohen Wood predicts that the future of cloud computing could be short: the cloud could evaporate in 2031.
“I don’t think things will be in the cloud in 10 years; I think everything will be back on location,” she said. “There will be more peer-to-peer closed networks. People will discover how to use blockchain.”
She envisions a peer-to-peer system. In it, each network carries different types of traffic for different types of communication. This is no different from what the intelligence community uses.
“You have an unsecured network, a secure network and then you have a very secure network,” she added.
However, Cohen Wood said the cloud will never go away. “Things Will Rock” [towards on-prem] for a while, but eventually it will go back to the cloud because that’s how it works. History has proven that time and again.”
The state of passwords
Ah, the password. We’ve been talking about its demise for decades. But today we are collecting them at unprecedented speeds.
According to Grimes, the same attacks that allow threat actors to steal our passwords will still be the same in 10 years. It follows that the password we know and love (or hate) will also be alive and well.
“There are 10 root causes of all hacking and malware exploitation, including social engineering, unpatched software, misconfiguration and eavesdropping,” he said. “The methods that were used 34 years ago (when I started in the industry) are the same methods that are used today. They haven’t invented a new way of hacking. So I believe passwords will be around for at least another 10 years, or two decades, or forever. I go against conventional wisdom.”
Have past predictions come true?
Grimes wrote his first paper on the demise of the password thirty years ago, and while he still revises that theory with restrained optimism, he acknowledges that passwords are just that way. usable. After all, the future of cybersecurity from that first article has become the present.
“Not only do we have fewer passwords, we have more than ever,” he said. “It’s because there are some benefits of passwords. They are cheap, easy to use and easy to replace. If you were to tell me that they are still in use two decades from now, it wouldn’t be surprising at all.”
Hunt agrees that passwords are permanent, but hopes they will evolve. “I suspect in ten years we will have more passwords than we do now, but I also suspect that without them we will have more means of authentication,” he said. “A great example of where we’re seeing that industry shift is when I look at my iPhone, I log in with my face; I don’t need to use a password. But I still have a password and I have a pin as a fallback position. I like the direction we’re taking with smarter ways to do authentication.”
Hunt predicts that in the next 10 years we will see more biometrics and use additional authentication methods with devices we already have in our pockets.
“Passwords get a bit of a bad rap,” he said. “But what passwords do extremely well is usability. Everyone knows how to use a password.”
The role of AI in the future of cybersecurity
How prominent the password and cloud will be in 2031 may be up for debate, but the key role AI will play in cybersecurity is something we can rely on.
All three experts told me that the use of AI will be even more critical than we think.
“I believe that if AI is not applied, we will be in trouble,” said Cohen Wood, who has developed her own AI algorithm for healthcare. “I also believe that in healthcare, for example, there is a chance that in the future it may even be illegal or a form of malpractice not to use AI in your healthcare practice.”
For Grimes, AI will be the catalyst to determine whether the industry can keep up with the threat actor community. “Ultimately, these good threat hunting bots will compete with bad bots that change quickly depending on the circumstances,” he said. “I think you’re going to have computer security algorithms where people hang out and make better algorithms for their specific bots. It ends up being blunt versus blunt. You will still need human intervention, because people are always needed and are at least half of the solution.”
Data breaches and the threat landscape
Like AI, data breaches are expected to become more common in 2031 than in 2021 – which is both unfortunate and terrifying. As more data and devices appear online, the risk of a breach only increases.
Hunt has said for years that there are numerous tuning factors that contribute to exacerbating data breaches that will continue as the future of cybersecurity approaches. “We just have a lot more data, we’ve collected a lot more data because we have more online resources and digital systems,” he said. “We also have more people online; for example, look at these emerging markets like India. There is still tremendous growth that is going to happen there in terms of people coming online and then providing their data in digital systems.”
And those are just people. Adding the Internet of Things to the equation gives attackers more data to break throughch. “We collect a lot of data from devices that have never been digitized before,” Hunt says. “Now we have digitized all this data.”
Massive Supply Chain Violations
When it comes to the kinds of threats to expect, I asked the experts if we should be concerned about infrastructure attacks and other large-scale breaches.
Grimes expects more attacks on the supply chain and more attacks from nation states. “All the horror stories that we worried about for a long time have come true,” he said. “National states are more likely to go after infrastructure as our infrastructures become more and more digital.”
However, he predicts that the same types of attacks will happen, caused by the same mistakes made now and in the past, as people bring more systems online and make them more accessible.
He suggested that the only way to prevent more infrastructure attacks is to pass a Geneva-style digital law between countries that prohibits them from attacking infrastructure.
The Cybersecurity Skills Gap
Finally, we need to talk about the overwhelming number of unmet cybersecurity functions. After all, if we can’t solve this crucial piece of the cybersecurity puzzle, how can we keep up?
With such lucrative salaries in the field, you would assume it would narrow the gap in cybersecurity skills.
“Let me say I’m a little disappointed,” Grimes said. “Money has been good for a while. In a few years you can make six figures, and some can earn that much after school. Everything is possible. You can create your own software, you can create your own threat detection bot. It’s frustrating that we still have this problem in 2021.”
Women in cybersecurity
But what frustrates Grimes even more is how the problem can be solved to get more women into the business.
“It may be shocking to many people, but the percentage of women in the IT security industry today is lower than it was twenty years ago,” he said. “I applaud the people who are figuring out how to correct this, because we need the female perspective. I’ve raised three girls; they’re scary smart. Long-term planners often say that women play chess, and every man I know plays on his good drafts.”
Of course, a career is about much more than money. But job security in this industry is equally solid. After all, today’s recruits are the people who are building the future of cybersecurity.
“It’s in so much demand,” Hunt said. “But it’s clear we leave a lot to be desired in terms of how well we’re actually doing at securing our stuff…Now seems like a better time than ever to get involved in this industry.”
“I want to think positively, otherwise I wouldn’t be doing what I’m doing,” Wood added. “I have to believe that we can succeed in this. But I do know that the only way we can do that is by working together.”
The future of cybersecurity depends on it.