One of the greatest challenges for cybersecurity teams is the constantly shifting security landscape. Evolving geopolitics, the resulting tension between economic progress and security, and the perceived cyber threat drives a lot of the negative perceptions around cybersecurity. However, while it is easy to get distracted by eye-catching headlines about cybersecurity lapses, cybersecurity capabilities are also being continuously enhanced with new and exciting technologies to help us address the ever-changing threat landscape.
Security is also as much about soft skills as the specialized technical skills typically associated with the field. According to Information Systems Audit and Control Association’s (ISACA) research, soft skills in communication, flexibility, and leadership represent the most significant skills gap identified by cybersecurity professionals.
In such a dynamic environment, it is always difficult to make predictions, but we can provide our insights about the future of cybersecurity for 2023 and beyond.
Cybersecurity will be the cornerstone of everything
Recently, we have seen a rapid acceleration of digital transformation in a short time that has forced organizations to manage disruptions to their business, such as the impact of remote work. Cybersecurity has always been a priority for some organizations but as security and risk management leaders handle the recovery and renewal phases from the past two years, we will see this focus expand. Cybersecurity is likely to become a top priority for all organizations operating in the digital economy.
Moving forward, instead of conducting periodic cybersecurity reviews, we see a future where organizations will shift to continuous automated cybersecurity. This will create an environment where it’s easier to make the best cybersecurity decisions earlier in the development of business processes and digital products. Cybersecurity will thus be truly built into everything organizations do, which is the right approach. This new culture of security will drive more cybersecurity automation which allows organizations to innovate and scale safely. The cloud provides an exciting opportunity to help drive this, and to secure data in ways that weren’t possible on-premises. For example, it will simplify the automation of cybersecurity tasks such as patching, logging, monitoring, auditing, and integration with existing toolsets.
As a result, we will see benefits to organizations and governments of all sizes, including improvements in data protection widespread. Around the world, the public is becoming more discerning about how personal data should be gathered, stored, and processed – and governments are responding by creating new legislation to protect personal data. By 2024, three quarters of the world’s population will have introduced or implemented data protection legislation, and large organizations are expected to budget US$2.5 million for investments into privacy technology, such as encryption, advanced access control, and more granular logging. This is why, Amazon Web Services (AWS) has prioritized data protection capabilities in the cloud since Day One.
New ways to address the skills gap
Cybersecurity professionals aren’t just needed for the workforce of tomorrow – there are millions of job openings ready to be filled today. There was a global shortage of 3.4 million cybersecurity practitioners in 2022. While the number of security threats continues to increase, we can be better prepared to address them by training today’s workforce in soft skills, cloud computing and security awareness.
We predict there will be a trend towards prioritizing diversity and finding new and innovative perspectives to recruiting cybersecurity professionals. We also predict that organizations that do this will outperform in cybersecurity compared to those that don’t. In practice this will mean prioritizing hiring people with diverse educational and career backgrounds, people from different cultures, and people who are neurodiverse to include diversity in the human brain and cognition. For us, diversity in cybersecurity is about more than just equality; it is about optimizing defensive and offensive capabilities by having access to the widest possible range of problem-solving abilities. Diverse hiring is a key part of our culture at AWS, and that means we also hire people for cybersecurity roles who do not have a background in cybersecurity.
There is also a growing recognition that the mounting costs of university education and lack of access to the right cybersecurity training can hamper the ability of economically disadvantaged individuals to access formal qualifications, limiting their involvement in the cybersecurity sector. This is why AWS Training and Certification provides a wide range of free and fee-based cybersecurity courses available in multiple local languages. In addition to the free foundational course, AWS offers advanced instructor led cybersecurity training which includes threat detection, data protection and strategies to secure computing workloads on AWS cloud, validated by the AWS Security Specialty Certification.
New technological horizons for cybersecurity
In 2023 and beyond, we predict that new and emerging technologies will continue to strengthen cybersecurity. These innovations will not only make existing cybersecurity processes easier and more efficient, but will drive new cybersecurity approaches for organizations.
Automation is rapidly emerging as essential to effective cybersecurity practices. Artificial intelligence and machine learning (AI/ML) approaches will extend this, adding a critical layer of automation to cybersecurity in cloud environments. Cloud-based AI/ML offers predictive capabilities derived from collected information that can play a significant role in making cybersecurity more proactive by identifying outliers and offering recommendations about how to address vulnerabilities.
Quantum computing will continue to develop rapidly and will become ubiquitous and applicable to practical use cases. In the long run, that will help make data more secure by prompting organizations to reconsider their current encryption algorithms and processes. We also predict that mechanisms such as multi-factor authentication (MFA) will become fully normalized as core components of practical cybersecurity across all organizations. Future MFA approaches will move towards biometric and multimodal forms of authentication. These approaches will greatly increase the security of authentication for organizations.
Stronger on the cloud
Wider access to cloud technology will allow organizations to build cybersecurity practices more effectively into their everyday operations. A range of cybersecurity tools are made available natively in the cloud and they are continuously updated to respond to the evolving threat environment, in line with industry best practices. At AWS, we are making significant investments to make it easier for people to gain the skills they need to grow their careers in cloud computing, including cybersecurity. Amazon is investing hundreds of millions of dollars to provide free cloud computing skills training to 29 million people globally by 2025. In the two years since we announced this commitment, AWS has helped over 13 million people gain access to cloud computing skills through our free workforce programs.
Cybersecurity is becoming a central pillar in how governments and businesses plan and execute new digital initiatives. Cloud computing tools will be at the forefront of helping organizations to adapt to the changing cybersecurity landscape and can play a particularly integral role in empowering organizations to leverage emerging technologies to safeguard society’s most important data.
By Phil Rodrigues, Head of Security Asia Pacific & Japan Commercial at Amazon Web Services (AWS)
