While trying to predict the future is a futile endeavor, it is possible to look at current and emerging trends and make an educated guess as to what the future looks like. Activities of the present and the past can also help inform those predictions. In this article, we will take a look at three current and growing trends that will likely help shape the cybersecurity landscape of the future.
Software Supply Chain: Complexity and Regulation
One current trend that is nearly impossible to ignore is the growing concern about the software supply chain and the realization of just how complex and fragile the current ecosystem is. The ability of the software supply chain to severely damage the broader industry — everything from the Open Source Software (OSS) ecosystem to vendors such as SolarWinds — has quickly become apparent.
We’ve now seen a robust cybersecurity Executive Order (EO) with an entire section dedicated to the software supply chain. We’ve seen a White House software supply chain summit with many technology leaders and industry organizations present.
Subsequently, we now have a published OSS Security Mobilization Plan from The Linux Foundation and OpenSSF. NIST has published comprehensive updates to its flagship Cybersecurity Supply Chain Risk Management (C-SCRM) guidance, which includes sections for OSS as well as third-party service providers such as Managed Service Providers (MSP) and Cloud Service Providers (CSP).
With all of these factors considered along with the blatantly obvious convergence between software and our daily lives, it would be difficult to argue that we won’t see drastic changes to the software supply chain. We are and will continue to see emerging best practices, as well as efforts by the government to try and regulate the safety and security of its environments and their stakeholders.
One quick example is the Federal government’s plans to require self-attestation adherence to the NIST Secure Software Development Framework (SSDF) from NIST.
Cybersecurity as a Business Leadership Function
We have long heard calls for cybersecurity to have a “seat at the table” when it comes to the C-Suite and among organizational leadership. We’ve seen an increase in companies seeking Chief Information Security Officers (CISO) and vCISOs, particularly in the Small and Mid-Sized Business (SMB) market.
Now, we have calls from the Security and Exchange Commission (SEC) to require publicly traded companies to disclose the presence of cybersecurity leadership in their board makeup. We’ve also seen the CISO role evolving into more broad security-oriented roles such as Chief Security Officers (CSO) in some organizations.
These factors make it very likely that cybersecurity will continue to become a business requirement, especially as organizations evolve to continue to use technology as a business enabler. We now live in a digitally-driven society, with more than half of global Gross Domestic Product (GCP) tied to digital platforms.
Failing to secure this system risk will be absolutely devastating to global economies and it is a siren call being sung by groups such as the World Economic Forum (WEF) and Digital Directors Network (DDN), and others.
Cyberwork Workforce Shifts
Anyone who has been in cybersecurity for some time or who has actively sought cybersecurity talent can attest to the challenges and shortages we face as an industry. Organizations such as ISC2 release studies every year that point out the dire state of the cybersecurity workforce and the consequences this shortage has on securing digital efforts such as those discussed in the two previous sections.
That said, despite this knowledge, our hiring and talent management practices haven’t changed. We still widely require traditional academic credentials and extensive years of experience. I suspect we will see this change, with modern tech companies already starting to strip traditional degree requirements. Avenues of non-traditional tech education continue to prosper, with organizations such as Udemy, KodeKloud, and Pluralsight thriving.
We will see significant amounts of people looking to transition careers, especially with climbing inflation, and seek industries with better pay and benefits. Cybersecurity needs to take advantage of this reality by dropping antiquated hiring practices, allowing a bigger tent, and welcoming lifelong learners with open arms. Diversity of thought, backgrounds, and experiences will ultimately lead to more resilient systems, and that’s what we’re after.
Want more cybersecurity insights? Visit the Cybersecurity channel:
