One of the greatest challenges for cybersecurity teams is the constantly shifting security landscape. Evolving geopolitics, the resulting tension between economic progress and security, and the perceived cyberthreat drive a lot of the negative perceptions around cybersecurity.
However, while it is easy to get distracted by eye-catching headlines about cybersecurity lapses, capabilities are also being continuously enhanced with new and exciting technologies to help us address the ever-changing threat landscape.
Security is as much about soft skills as the specialised technical skills typically associated with the field. According to research by the Information Systems Audit and Control Association, soft skills in communication, flexibility and leadership represent the most significant skills gap identified by cybersecurity professionals.
In such a dynamic environment, it is difficult to make predictions, but we can provide our insights about the future of cybersecurity for 2023 and beyond.
First, cybersecurity will be the cornerstone of everything.
Recently we have seen a rapid acceleration of digital transformation in a short time that has forced organisations to manage disruptions to their business, such as the impact of remote work.
Cybersecurity has always been a priority for some organisations, but as security and risk management leaders navigate the recovery and renewal phases from the past two years, we will see this focus expand. Cybersecurity is likely to become a top priority for all organisations operating in the digital economy.
Instead of conducting periodic cybersecurity reviews, we see a future where organisations will shift to continuous automated cybersecurity. This will create an environment where it's easier to make the best cybersecurity decisions earlier in the development of business processes and digital products. Cybersecurity will thus be truly built into everything organisations do, which is the right approach.
AUTOMATION EDGE
This new culture will drive more cybersecurity automation, allowing organisations to innovate and scale safely. The cloud provides an exciting opportunity to help drive this, and to secure data in ways that weren't possible on-premises. For example, it will simplify the automation of cybersecurity tasks such as patching, logging, monitoring, auditing and integration with existing tool sets.
As a result, we will see widespread benefits to organisations of all sizes, including improvements in data protection. Around the world, the public is becoming more discerning about how personal data should be gathered, stored and processed -- and governments are responding by creating new legislation to protect personal data.
By 2024, governments representing three-quarters of the world's population will have introduced or implemented data protection legislation, and large organisations are expected to budget more for investments in privacy technology, such as encryption, advanced access control, and more granular logging. This is why Amazon Web Services (AWS) has prioritised data protection capabilities in the cloud since day one.
New ways to address the skills gap are also emerging. Cybersecurity professionals aren't just needed for the workforce of tomorrow -- there are millions of job openings ready to be filled today. There was a global shortage of 3.4 million cybersecurity practitioners in 2022. While the number of security threats continues to increase, we can be better prepared to address them by training today's workforce in soft skills, cloud computing and security awareness.
We predict there will be a trend towards prioritising diversity and finding new and innovative perspectives when recruiting cybersecurity professionals. We also predict organisations that do this will outperform in cybersecurity compared to those that don't.
In practice this will mean prioritising hiring people with diverse educational and career backgrounds, people from different cultures, and people who are neurodiverse to include diversity in the human brain and cognition.
For us, diversity in cybersecurity is about more than just equality -- it is about optimising defensive and offensive capabilities by having access to the widest possible range of problem-solving abilities.
Diverse hiring is a key part of our culture at AWS, and that means we also hire people for cybersecurity roles who do not have a background in cybersecurity.
There is also a growing recognition that the mounting costs of university education and lack of access to the right cybersecurity training can hamper the ability of economically disadvantaged people to obtain formal qualifications, limiting their involvement in the cybersecurity sector.
This is why AWS Training and Certification provides a wide range of free and fee-based cybersecurity courses available in multiple local languages.
NEW HORIZONS
In 2023 and beyond, we predict that new and emerging technologies will continue to strengthen cybersecurity. These innovations will not only make existing cybersecurity processes easier and more efficient, but will drive new cybersecurity approaches for organisations.
Automation is rapidly emerging as essential to effective cybersecurity practices. Artificial intelligence and machine learning (AI/ML) approaches will extend this, adding a critical layer of automation to cybersecurity in cloud environments.
Cloud-based AI/ML offers predictive capabilities derived from collected information that can play a significant role in making cybersecurity more proactive by identifying outliers and offering recommendations about how to address vulnerabilities.
Mechanisms such as multi-factor authentication (MFA) will also become fully normalised as core components of practical cybersecurity in all organisations. Future MFA approaches will move towards biometric and multi-modal forms of authentication, greatly increasing the security of authentication for organisations.
(To read more or download the ebook "Security Predictions in 2023 and Beyond", visit http://bitly.ws/xQiQ)
Phil Rodrigues is head of security for Asia Pacific & Japan (Commercial) at Amazon Web Services.