Forecasting the future is always a challenging task. There are six prominent trends for the next five years that stand out as top priorities. It will be intriguing to revisit this article in 2029 to evaluate its accuracy. In the meantime, the six key trends, in no particular order, are:
Preparing for the post-quantum cryptographic migration, which involves increasing awareness among top management to allocate adequate resources.
It will be crucial to identify where cryptography is utilized within the organization, which can be in various areas such as libraries, IoT, communication protocols, storage systems, and databases. Prioritizing systems for the transition and clearly identifying critical systems will be essential.
Managing the transition effectively is also vital to prevent disruption within the organization. Hybrid protocols, combining classical and post-quantum cryptography, could be a viable option to allow clients to transition at their own pace.
Testing will be mandatory, although setting up a realistic test environment may be challenging. Determining the optimal migration timing will also be difficult, even with government guidelines in place.
Finalizing oversight of operational technologies (OT), enhancing their cyber resilience, and integrating them into existing cybersecurity operations.
This convergence began over a decade ago and is still ongoing. OT cybersecurity must address human safety concerns and involve close collaboration with engineering teams.
Utilizing artificial intelligence (AI) for monitoring abnormal behavior and supporting advanced persistent threat hunting will be crucial. Some legacy systems may lack necessary features for direct information collection, making an intermediate security system necessary.
Implementing a layered defense strategy and moving towards a zero-trust architecture can help reduce the attack surface.
Enhancing cybersecurity fundamentals, including identity management and network micro-segmentation, and promoting zero-trust architecture while enabling automated threat response.
This involves implementing robust identity and access management that enforces least-privilege principles and multi-factor authentication.
Utilizing policy-based automation for access management can make it more dynamic, transparent, and enforceable. Continuous monitoring and real-time analytics should be used to detect anomalies and unauthorized activities.
Developing cybersecurity strategies for artificial intelligence pipelines (AIOps) and building a business case for AI-based cybersecurity, such as zero-day attack detection.
This dual focus addresses the increasing complexity of cyber threats and the widespread use of AI. As AI continues to transform the landscape, adhering to international and domestic regulations will be crucial for compliance, resilience, and trustworthiness.
Adhering to evolving regulations to ensure global compliance, particularly regarding privacy, critical infrastructure, and business continuity.
As stricter regulations like GDPR, CCPA, NIS2, CISA guidelines, and DORA are adopted, organizations must integrate these requirements into their security posture.
Collaborating closely with third parties, including identifying their Software Bill of Materials (SBOM) and communicating vulnerabilities along the supply chain.
Understanding dependencies on third parties and the broader interdependencies of the ecosystem as an organization matures will be critical. This collaboration will be essential as the global enterprise landscape becomes more interconnected.
In conclusion, while predicting the near future remains challenging, these six top priorities will be crucial for organizational resilience. Looking ahead, there may be challenges on the horizon. Let’s hope they are not the next threat!
Pierre-Martin Tardif is a member of the ISACA Emerging Trends Working Group. With extensive experience in IT and cybersecurity, he is based in Quebec, Canada.
