NOVEMBER 17, 2021

Top Cyber Influencers Offer Future Cyber Predictions for 2025 & Beyond

Another eventful year in the cybersecurity world has almost come and gone! Of course, 2021 will long be remembered for the top cyber attacks of the year – such as SolarWinds, Kaseya, and Colonial Pipeline – some of which involved prominent ransomware gangs. With cyber threats continuing to escalate and having an impact on major critical infrastructure including hospitals, oil and gas industries, transportation and more, we don’t need to just look at the year ahead - we need to really think hard about cyber threats heading our way in the next 5 or 10 years.

We did just that by asking some of the industry’s most influential thought leaders for their predictions for 2025-2030 to really hone in on what needs more focus in the years to come. Here’s what they had to say:

  • Prediction: “Securing Blockchain, Crypto and the Metaverse”
    By: Marcus J. Carey, Enterprise Architect, ReliaQuest, and Author of “Tribe of Hackers”
  • Prediction: “Shifts Towards Cyber Insurance, More Cybercrime Marketplaces, AI Supplements SOC Teams”
    By: Daniel Miessler, Head of Vulnerability Management and Application Security, Robinhood
  • Prediction: “Increase in Killware and Remote Warfare via Drones”
    By: Deb Radcliff, Strategic Advisor, CyberRisk Alliance & Author of “Breaking Backbones: Information Is Power. Book I of the Hacker Trilogy”
  • Prediction: “Cyber Wakeup Calls Ignored & The Need for More Cohesive Security Strategies”
    By: Ira Winkler, Author of “You CAN Stop Stupid: Stopping Losses from Accidental and Malicious Actions”

We also included predictions from Deep Instinct’s co-founders Guy Caspi, CEO and Nadav Maman, CTO, to understand how deep learning can help with cyber threat prevention. Here’s what our experts shared:


#1: Increase in Cyber Terrorism and Malicious AI

Guy Caspi, CEO and Co-Founder of Deep Instinct

I believe we will see more terrorist organizations globally using force through cyber means. Today, terror organizations are still focused predominantly on information warfare, and things like DDoS and defacement. With cyber capabilities continuing to trickle down, I don’t believe it’s far-fetched to think of attacks on critical infrastructure, transportation, healthcare and more carried out by terrorists. This will be a new ball game in terms of the level and breadth of the threat. With AI and traditional ML becoming a commodity, I’m sure we’ll see AI used and adopted widely by attackers of all levels, and not just adversarial AI for evasion. By leveraging AI tools and capabilities, attackers will improve the scale, success and effectiveness of their attacks.


#2: Securing Blockchain, Crypto and the Metaverse

Marcus J. Carey, Enterprise Architect, ReliaQuest and Author of “Tribe of Hackers”

In the next 5-10 years, I see most companies doing crypto payments and people will need to understand these better, as scammers will be coming after corporate crypto wallets. Cybersecurity pros need to pivot into Web3 to operate in the blockchain. Big brands will continue to use NFTs, and companies like Disney and Marvel will have a NFT with IP that people will want to buy.

Along the same lines, attackers are already operating in Web3 with ransomware attacks that leverage bitcoin and cryptocurrency. In fact, attackers have been super savvy in crypto for a while now, so we need to threat hunt and identify bad actors in the cryptocurrency space, through the blockchain. If companies are receiving crypto money, attackers will try to access these wallets. We may have cash in the bank currently, but in the near future, these digital wallets - also known as hot wallets - will be a major target for attackers who aim to steal the currency out of them since they live on computers. The reason why cold wallets are important is because attackers will look for hot wallets on the network and some people might want to store cold wallets in a safety deposit box.

In the realm of quantum cryptography or quantum computing, I see a major algorithm getting broken. I could also see a major event such as a major vulnerability in the blockchain. Right now, the crypto is strong enough to make the blockchain secure, but we will see people breaking this in the next 5 years. We should expect this to happen, as well as the recovery.

I really think innovation is dead in cyber. In the future, we’ll see the whole space collapsing into Managed Detection and Response (MDR) where everyone outsources incident response and management. The MDR play is here to stay, and many cyber companies will offer software and MDR co-management. Unfortunately, enterprises have bought a lot of cyber products that they just can’t manage and they need help. That’s why we will see MDR and Extended Detection and response (XDR) take over.

Lastly, cybersecurity folks have been slow to adapt and pay attention to Web3 technology. I would encourage cyber pros to get involved in metaverse, Web3 and crypto. Your Facebook will become a virtual reality with your Facebook friends. Believe it or not, people are already building real estate and selling it in Web3, so security pros need to pay attention and adapt to this new world. Most businesses are going to enter Web3 as well. For instance, Nike put a patent/trademark to operate with digital shoes. And guess what, car brands will do the same - concept cars will be designed and driven in a metaverse. With all this innovation on the horizon, we need to be prepared!


#3: Machine Learning Adaptation, MFA Bypassing & EDR Shortcomings

Nadav Maman, CTO and Co-Founder, Deep Instinct

In the coming years, there will be wide usage of machine learning adaptation across the attack landscape, specifically for advanced phishing attacks that will target organizations’ users across multiple different applications, not necessarily using e-mail. Attackers will put a significant effort on building organizational employee mapping, based on crawlers on social networks, blogs and forums, and collective points of interest, and build more robust and targeted successful campaigns, which will target the users in multiple area, by a simple usage of ML and much impressive results.

We’ll also see next generation authentication bypassing mechanisms. With multi-factor authentication (MFA) widely being adopted today and the fact that Google is going to define it as mandatory in their Gmail accounts, hackers will have to get their access on the users’ mobile devices to get access to strategic assets. There is going to be much more value in attacking mobile devices to carry out these targeted attacks.

The sophistication level of attackers is going to put organizations in a position in which humans won’t be able to hunt threats anymore and the complexity of this will require AI-based cyber analytics that look at the entire organization over multiple signals (device, user, network etc.) across the board, which is not being provided by any vendor today. The level of required algorithms dealing with such a massive amount of data with multiple data sources will continue to be in our top focus.

I do believe that at some point, mid-size organizations, as well as enterprise organizations will realize that EDR is not a good solution against ransomware attacks. The impact on the Total Cost of Ownership (TCO), the operational damage and especially the impact on brand awareness, will cause organizations to put more focus on prevention and deal with these threats more proactively. It cannot be that a specific threat like ransomware will be in discussion for another additional 5-10 years.


#4: Shifts Towards Cyber Insurance, More Cybercrime Marketplaces, AI Supplements SOC Teams

Daniel Miessler, Head of Vulnerability Management and Application Security, Robinhood

In the future, I see the cybersecurity landscape moving more towards its inevitable destination, which is something like insurance and accounting. I know, it’s not sexy. Security has always been about magic and wizards, and that's exciting, but not stable or predictable. Businesses need stability from security so they can have all their risk be business risk. So, we can expect more cyber insurance, more continuous testing of security state, and more continuous validation of the ability to recover from catastrophic events.

Adversaries will continue to get better, and most of that gain in ability will come from coordination. The recent impact from ransomware didn't come from better hacks or better attacks; it came from unifying threat actors with tooling, with methods of finding victims, with methods of receiving payment, etc. -- with all of that turned into marketplaces. We should expect more of the same.

There will be surprises, but it's hard to say what they'll be, with it being the future and all. I think we can expect increasingly large impacts to availability for major pieces of infrastructure, not necessarily due to an active attack, but perhaps due to the sheer size of our systems. An attack or outage at AWS, for example, would be internet-shaking, and people don't expect this to happen simply because they've never seen it.

I don't see AI replacing SOC analysts anytime soon. It's true that AI will start taking on more of a SOC analyst's work, and it'll be able to do more and more of what a human can do---eventually moving from a Tier 1 to a Tier 2 analyst in functionality. And it'll be able to do it at scale, which is what really matters. But such implementations will still have many faults that require human oversight. So, for the foreseeable future, you won't see humans being laid off, or fewer humans being hired, in the SOC analyst space. Instead, you'll see AI as a supplement to what people already have.


#5: Increase in Killware and Remote Warfare via Drones

Deb Radcliff, Strategic Advisor, CyberRisk Alliance & Author of “Breaking Backbones: Information Is Power. Book I of the Hacker Trilogy”

In the next 5-10 years, I think we will see an increase in remote warfare via drones, which will open up new drone signals and control hacks. Even the military are starting to leverage these techniques already. If these become weapons of mass destruction this will be the next place bad guys will use to monetize and hold businesses hostage. I include a lot of this in my cyber thriller, “Breaking Backbones: Information is Power.” I also see the advancement and a new era of more killware against smart, self-driving cars (also in my book), medical devices, and other smart devices that can be used to kill and harm people physically. Sadly, ransomware operators don’t care if they are killing people.

I would love to see ransomware come to an end. Criminals are shooting themselves in their own feet by exfiltrating data and going back on their agreements after ransoms are paid and rehacking the same targets again and again (triple extortion). I recently did a survey on my LinkedIn and 80% of respondents said that if they knew the data was still going to be used against them after paying, then they wouldn't have paid - not to mention, you may have to pay for multiple crypto keys which are now out there and resold. Between that and new laws coming out against paying ransoms, people will stop paying ransoms and the revenues will dry up for the bad guys. Another extraordinary thing we will see is the coalescence of all the misinformation campaigns used against average people because it’s working to influence populations to behave badly and shift power to the autocrats. China’s global espionage campaign in swing now, gathering all the data it can on every human on the planet, may lead to China trying to control the entire Internet ultimately.

Digital transformation, a term marketers love, is actually just an overhyped buzzword for moving to the cloud and has been expedited in timing because of the pandemic and remote work. More apps are getting hacked in the cloud with leaky buckets, etc., as Developers make their own cloud networks to build to. The cloud will be where attackers turn most of their attention to in the future. Supply chains will be impacted more regularly as a result. Lastly, I would like to clarify that most hackers are good guys and bad guys are bad guys. Hackers do not deserve the reputation of being bad guys.


#6: Cyber Wakeup Calls Ignored & The Need for More Cohesive Security Strategies

Ira Winkler, Author of “You CAN Stop Stupid: Stopping Losses from Accidental and Malicious Actions” and CISO of Skyline Technology Solutions

When we look at the Colonial Pipeline attack earlier this year, we need to ask ourselves: why is this attack any different than Code Red, Nimda or even the Morris worm? Why didn’t anyone stay awake after those so-called wakeup calls? We keep hitting the snooze button on all ransomware attacks which have all been called, "wakeup calls". Colonial Pipeline was a pimple on our ass compared to the damage WannaCry did and nobody seems to remember it. Gas shortages were nothing compared to hospitals shutting down in the UK with WannaCry, among other impacts throughout the world. The cyber industry has such a horrible memory in acting like Colonial Pipeline was worse than WannaCry -- which was not the case. Ransomware is the same as the Morris worm at the end of the day. There is no revolutionary new attack so to speak - it’s just an evolution – simply just a progression of using available technologies to refine malware.

The problem is that for the last two decades, we have seen complete stagnation in how we fix, "The user problem". We have this ridiculous saying about humans becoming, "The Human Firewall". You should be fired as a leader if humans are your last line of defense. Many people tried to portray the SolarWinds hack as a user issue, since the attack happened because an "intern" set a bad password. Your entire security posture should not crumble because of a single bad password. We need a stronger security strategy in place to prevent these attacks from happening in the first place.

The "Stupid" in the title of my book, “You CAN Stop Stupid: Stopping Losses from Accidental and Malicious Actions,” refers to stupid security professionals who don’t realize a user will take an action that could result in loss, without anticipating and mitigating the potential loss. We need to move away from the idea that a user will somehow prevent attacks. I would like to see a movement away from vendor-induced pontifications and a movement towards creating secure environments (potentially zero trust) which are cohesive and not just a buzzword. In cybersecurity, we have this snowflake attitude that we are the only profession that has to deal with user error. If you look at other disciplines like safety science, if a user injures themselves or otherwise causes loss, that is a failure of the entire system. I guess it’s more of a hope than a prediction to stop addressing problems with tactics and instead address them with better, more cohesive security strategies.

Regarding the potential for a cyber doomsday or similar, here is the reality of the situation as I see it: there will likely be massive cyber attacks in one way or another in the future - much like all of Facebook going down. Can someone get into a power grid and do bad things? Yes. However, people need to realize there is resiliency. I do not think in the next 5-10 years, we will be put back into the stone age or see a “digital Armageddon.”

Preparing for the Future

While we know predicting the future can be futile, being prepared isn’t. There are many attainable steps organizations can take to not end up front-page news. As we head into 2022, there are many challenges we face, but one thing is for sure: the importance of cybersecurity continues to grow not just year over year, but well into the future. And with each technology revolution - AI/ML, crypto, metaverse, Web3, and more, we need to innovate just as fast with cyber threat prevention technologies as well. We would love to hear your predictions to see how they stack up against these industry influencers and experts!

Reach out to us on LinkedIn and Twitter to share what you are seeing in your 2025-2030 crystal ball.