What are your biggest cybersecurity concerns in the next 3-5 years?

There are certain specifics when it comes to industry vertical you're engaged with, (e.g. payments related sophisticated cyber frauds when it comes to Fintech or OT/Cyber Physical security when it comes to Energy /Oil & Gas industry) but there are 3 developing concerns for most verticals;

1. With maturing cloud adoption & digital transformations, attack surface has seen expansion to new frontiers. Knowing location and criticality of information bearing assets across multi-cloud accounts and on-premise DCs is an arduous challenge. This needs to be done so that scarce security resources can be allocated for safeguards in accordance to information's business criticality. This needs investments in appropriate asset inventory tools and merging of the business continuity management's business impact analysis (BIA) within the security governance / CISO function. BIA is foundational now. 

2. If you are in an organisation that actively develops software for internal consumption or online e-commerce sales (retail, banking, b2b etc.) your developers are probably already engaged with Copilot for Github or other AI enabled application development platforms (Builder.ai , Appy Pie etc.). Shifting left security assessments within the DevSecOps cycle 'efficiently and effectively' is now a complex, yet a mandatory concern.

 3. Businesses are adopting use cases for AI with or without security involvements. Most of the use cases require opening up your internal information repositories to existing LLM models for making them organisation specific. While doing so, confidential and sensitive data is getting published for unauthorised users to view. Ensuring data protection (calypso ai or Deep keep etc.) while publishing internal repositories for LLMs will be a major concern.

Gartner has a good writeup on this subject titled: “Innovation Guide for Generative AI in Trust, Risk and Security Management”, Take a look at it.

I have recently published a newsletter titled ‘Upgrade to Functional CyberSecurity’ on my LinkedIn account. You may want to read it.

Hope it helps.

We're focusing on three key areas:
1. Scaling our Security Culture program to new business objectives and technology landscapes so we have enterprise engagement and awareness of new threats.
2. Integrating our operational technology/cyber-physical operations into the full security program stack.
3. Enhancing Information Security's brand as a revenue accelerator by showcasing the business value of "Speed of Trust" in the protection, resilience, and recovery of business operations.

1. Dealing with malware and exploits
2. Securing credentials against phishing and other hacking attempts.