
Looking forwards: Two experts predict the next 5 years in cyber
Cybersecurity leaders share their predictions for major changes coming up in cybersecurity: including better cybersecurity awareness training, and distributed security teams.
Read MoreCybersecurity researchers spend a lot of time trying to predict the future. But no matter how hard we work to lay out a clear picture of what’s coming next, the field of cybersecurity will always surprise us with developments we didn’t expect.
We asked Umer Khan (CIO and Senior VP of Software Engineering at Relativity Space) and Kirsten Davies (Founder of Institute for Cyber; three-times Fortune 500 CISO) to share one development they’ve observed in the field of cybersecurity over the last five years – something that has taken them by surprise.
For Umer, cybercrime-as-a-service platforms have been “one of the most surprising recent developments in cybersecurity.”
“These platforms have made sophisticated attacks accessible even to non-technical individuals,” he said, “transforming cybercrime into a highly organised and scalable business model.”
Ransomware-as-a-service (RaaS) is one of the most widespread examples of this – “where developers provide ransomware tools for a fee or a share of the ransom, and affiliates can use these tools to execute attacks without having any coding knowledge.” They often operate like legitimate businesses, providing customer support and profit-sharing schemes – and Umer cited Conti and REvil as platforms that have become popular by operating in this way.
Umer also noted a number of different forms of cybercrime-as-a-service that are breaking down the barriers-to-entry for cybercriminals, including:
“The most surprising part of this development,” Umer added, “isn’t just the availability of these services – but how professionalised and accessible they’ve become.”
As well as customer support, many platforms now offer subscription models, and some even include guarantees on the effectiveness of their services.
“This democratisation of cybercrime has made it more critical than ever for organisations to stay vigilant and adopt layered security measures to counter the growing variety of threats.”
Kirsten pointed out that we’ve seen a lot of shifts in defence across the last five years – “some have been great, some less effective.”
“What has been a delight is the broad adoption of innovative, startup technologies. For the longest time, it was only a handful of us CISOs who were giving startups an opportunity to test in our large environments,” she said.
Before, it was more common for CISOs of large organisations to stick to established or well-known tools, or build tools internally – although very few organisations “have the engineering power and headcount budget to build versus buy.”
Over the last five years this has changed: “We've seen a tremendous uptick in the adoption of innovative solutions (think Wiz, Abnormal Security, Halcyon, ClarOTy) at varying scales of deployment.”
And importantly, these solutions are coming from the startup ecosystem; “from companies which are largely pre-IPO, and many have remained as ‘stand-alones’ and not gone the route of being acquired by bigger companies to fold into their ‘platform of solutions’ – which is often the death knell for innovation (sorry, not sorry).”
The result?
“What we're seeing is the increasing influence investment and venture groups have on the shape, scale, and capabilities of our defences. We're seeing a rapid and positive evolution in the defenders' space, because these investment and venture groups are incorporating the voice of their CISO customer into their investment decisions, and the evolution and development cycles of the solutions themselves. It's really an exciting time to be a Defender and to partner with these innovative companies!”
We know – hindsight’s a wonderful thing, and we’ve got to look to the future as well as the past. In our next blog post, we ask Umer and Kirsten about the developments they expect to see in cyber by 2030.
Join us at Black Hat MEA 2025 to share your perspective and meet potential partners – and shape the future together.
Join the newsletter to receive the latest updates in your inbox.
Cybersecurity leaders share their predictions for major changes coming up in cybersecurity: including better cybersecurity awareness training, and distributed security teams.
Read MoreCompliance is a challenge for cybersecurity startups. Shift your focus and embrace compliance as an opportunity to differentiate your business and build trust.
Read MoreStartups in all industries should prioritise cybersecurity awareness and training right from the start. Find out how to build a culture of cybersecurity and create a resilient company.
Read More