As the technological world hurls into the 2020s and cybersecurity future trends become reality, many experts expect the industry to evolve rapidly. Among the paradigm shifts still to come from digital innovation, data protection is bound to change and expand beyond the capabilities of today’s most common tools.
Above all, expect artificial intelligence (AI) to take a bigger role in cybersecurity as the IT industry seeks more efficient ways to shut down attacks immediately — or even before they happen.
Hiring AI Cybersecurity Guards
In the near future, new AI-powered solutions will look for anomalies in enterprise systems while matching patterns in threat actor behavior to predict when attacks are coming, said Shashi Kiran, chief marketing officer at Quali, a vendor of cloud automation services. Companies will also use AI tools to analyze user behavior and dig through system logs to spot problems, noted Laura Lee, executive vice president of rapid prototyping at cybersecurity training vendor Circadence. Lee said she expects AI-powered cybersecurity training to become more common as well.
In addition, AI systems will soon be able to analyze data from multiple sources, provide virtual assistants with special knowledge in cybersecurity and assist with penetration testing. In the coming decades, the “full scope of AI will be brought to bear in cybersecurity training environments to provide intelligent advisers, feedback and an AI adversary to practice against,” Lee added.
Planning for Obsolescence
Newer AI systems should provide capabilities that traditional antivirus products can’t. Many current security products focus largely on signature-based detection or analytics from patterns of suspicious activity, said Jason Rebholz, senior director of strategic partnerships at cybersecurity vendor Gigamon.
“With the emergence of AI, the basic decision-making can be offloaded to software,” he added. “While this isn’t a replacement for the analyst, it provides more time for them to perform more advanced decision-making and analysis, which is not easily replaced with AI.”
An AI-Driven Coding Evolution
Some security experts see big things for AI, with a sort of evolution built into its abilities.
“Imagine a world where cyberdefenses adapt and evolve with no human intervention,” said Kathie Miley, chief operating officer (COO) at Cybrary, another cybersecurity training company. “By putting AI into practice with evolutionary algorithms, software will also be able to assess current state, improve upon itself or kill off components no longer ideal for survival.”
Miley offered the example of a developer who accidentally creates a program with a structured query language (SQL) injection vulnerability: “AI will catch it and correct it with no human involvement, because it knows [the vulnerability is] dangerous to the application’s survival.”
Unfortunately, AI-trained systems won’t be exclusive to defenders. As Miley noted, threat actors “will be able to use AI to evolve their attacks without lifting a finger. It’s a race to who is stronger — the good guys or the bad guys.”
Why Cybersecurity Future Trends Won’t Exclude Humans
But even as AI takes a more central role in many organizations’ cybersecurity efforts, the need for qualified cybersecurity professionals will not diminish.
“Until AI evolves and wipes out humans, there will always be a place for people in the cybersecurity field,” Miley said. “Regulations, compliance, ethics and needs will need to be determined by us carbon life forms. However, tasks such as monitoring attacks and coding errors — and even coding itself — will certainly be automated at some point in the near future.”
Miley added that she sees a strong demand for security architects and governance, risk and compliance professionals in the coming years.
How AI Will Help Bridge the Skills Gap
New ways of automating some cybersecurity functions will help the industry bridge the cybersecurity skills gap that’s been growing since 2014. A recent Cybersecurity Ventures report forecast a shortage of 3.5 million open cybersecurity positions by 2021.
Bret Fund, founder and CEO of cybersecurity training academy SecureSet, argued that automated tools will require more refined skill sets.
“We will still have an education problem that will be exacerbated by the new skills required to interpret and analyze AI,” he predicted.
In addition, many small and medium-sized businesses will adopt AI tools more slowly than large enterprises will, meaning plenty of cybersecurity jobs will be available, Fund added.
Cybersecurity Workers: Seize the Day
Lee noted that demand is growing for cybersecurity workers with data science expertise as organizations look to maximize the value of the data they collect. She said she also foresees a shift in cybersecurity jobs that will “place soft skills and strategy at equal importance as required technical skills.”
Cybersecurity analysts, penetration testers and incident response professionals will be popular with job recruiters for several years, she added. However, those jobs may be changing, with more workers “expected to carry competencies in strategic thinking, creativity, problem-solving, working in teams and reporting alongside business objectives.”
Augmenting Automating With a Human Touch
According to Cesar Cerrudo, chief technology officer (CTO) of cybersecurity and penetration testing vendor IOActive Labs, paint-by-the-numbers cybersecurity jobs will soon be a thing of the past.
“Jobs that consist of repetitive tasks and tasks that don’t require creativity will disappear,” he said. “Having broad knowledge on past, latest and upcoming threats, along with broad vision in cybersecurity, will be required to achieve better results. You can’t properly secure a technology without anticipating what it will look tomorrow or in the next year.”
As technologies and their security measures carry us into 2020, forecasting threat trends will be the name of the game. Machine learning won’t replace the cybersecurity workforce any time soon, but get ready for a new face (or lack thereof) on your security operations center (SOC). Developing a broader skill set now and keeping an open mind will help you best prepare for the security industry of the future.