Cybersecurity leaders need to prepare for the long-term picture as well as deal with current day-to-day issues, according to Toby Bussa, VP analyst at Gartner, speaking during the Gartner Security and Risk Virtual Summit.
As we emerge from a decade of substantial change in the cybersecurity landscape, Bussa expects to see a similar evolution occur in the years up to 2030. “The last 10 years have been interesting, and we anticipate the next 10 years to be even more so,” he stated.
Bussa began by outlining the ways how the cybersecurity landscape has been radically reshaped during the past 10 years. These include advances in IT, such as the explosion in cloud services and Internet of Things (IoT) devices that have expanded the attack surface, privacy and data protection emerging as a much more prominent issue, the rise in cyber-attacks conducted by nation states and ransomware becoming more sophisticated and targeting large organizations.
With this in mind, anticipating further changes over the coming decade will be critical in preventing disruption to business performance and staying ahead of cyber-criminals.
The first expected trend outlined by Bussa is the increasing “balkanization” of the digital world in which enterprises operate. This is borne out of the competing interests of digital nationalists and digital globalists; those who want tight controls over the use of the internet and those much more comfortable with sharing data outside of boundaries.
For example, online filtering is heavily practised in certain digital boundaries, leading to scenarios where “consumers in one part of the world may be unable to access information in other parts of the world because of regulatory concerns.” Bussa added: “What the future of the internet looks like is an important backdrop for what cybersecurity leaders may need to contend with in the future.”
He also stated that technology itself may become balkanized: both in general IT and cybersecurity. This is a result of nation states increasingly developing their own technologies that are used only within certain geopolitical areas. Bussa said this phenomenon is already beginning to take effect and it “is certainly going to be a consideration for cybersecurity leaders, both to contend with the IT that’s being employed by their enterprises but also in the security technologies that they would employ.”
Another area cybersecurity leaders must consider for the coming decade is the likelihood of more regulation and regulatory complexity. Businesses are becoming increasingly digitalized, a trend further accelerated by the COVID-19 pandemic. Bussa noted that “regulators are going to continue to respond and try to understand the impact of these technology innovations on how businesses are moving forward, and this will likely be expressed as laws.”
Anticipating and preparing for these types of trends is therefore crucial to gaining an advantage over cyber-actors. In particular, he cited the need for the concept of “cyber-safety” to the come to the fore, with a broader focus on the “life, kinetic and high risk events that can harm an organization or its customers,” rather than just traditional IT security.
Organizational resiliency should be another focus for cybersecurity leaders, in light of the greater range of potential disrupters and threats, ranging from geopolitical issues to natural disasters and new regulations, according to Bussa. An example of this has been seen with the huge shift to remote working during the COVID-19 pandemic, which cyber-criminals have quickly sought to take advantage of.
Bussa concluded by stating that while many events cannot be predicted, cybersecurity leaders can take steps now to ready their organizations for future trends. However, this requires a fundamental shift in the role CISOs play. “Think about how you shift your role as a cybersecurity leader away from someone who’s going to be viewed as the scapegoat when things go wrong towards being a trusted advisor and guide to the organization by embracing a longer-term view and better understanding of what the future may hold,” he said.