In the fast-evolving world of cybersecurity, what was once cutting-edge can quickly become outdated. As we look ahead to the next five years, certain practices that are currently standard may soon be on their way out. Here’s a look at what experts on Reddit believe will fade into the background as new technologies and approaches take center stage.
1. The Decline of Traditional Passwords
While passwords have long been a cornerstone of cybersecurity, the rise of passkeys may soon diminish their dominance. With the implementation of more advanced methods like biometrics and physical tokens, traditional passwords could become relics, reducing the effectiveness of phishing attacks. However, as one user pointed out, never underestimate the human ability to mess things up, even with better tools at their disposal.
2. The Fall of SMS-Based Two-Factor Authentication
SMS-based two-factor authentication (2FA) is another practice likely to decline. Although it has served as an additional security layer, its vulnerabilities, such as SIM-swapping and intercepted messages, make it less reliable. More secure methods like biometrics or physical tokens are expected to replace SMS 2FA, offering stronger protection against cyber threats.
3. The Shrinking Role of Third-Party Assurance
Third-party risk management will evolve, with a push toward increased standardization and automation. While third-party assessments currently require significant time and resources, the payoff is often minimal. As tools like BitSight advance, they’ll streamline external attack surface assessments, reducing the need for traditional third-party assurance processes.
4. Automated Vulnerability Management and Patching
The tedious task of vulnerability management, especially the “patch all crits and highs in 30 days” approach, might soon be automated. As cybersecurity tools become more sophisticated, they’ll handle these tasks autonomously, freeing up human resources for more strategic work.
5. The End of Level 1 SOC Work
Security Operations Centers (SOCs) are also set for a shake-up. The entry-level SOC analyst role, primarily focused on triage, is already being phased out in many organizations. Automation and Security Orchestration, Automation, and Response (SOAR) tools are picking up the slack, leaving more complex tasks to higher-level analysts.
6. Phasing Out Phishing Simulations
Phishing simulations, while still valuable for employee awareness, might lose their importance over time. Some argue that these simulations often lead to complacency, as employees learn to ignore simulated threats but may still fall for real phishing attempts. Instead, more robust, behavior-based training methods could take their place.
7. The Move Away from Security Questions
Traditional security questions like “What’s your mother’s maiden name?” are expected to be replaced by more secure and personalized authentication methods. As social media makes it easier to find answers to these questions, the industry will shift toward multifactor authentication and AI-driven security measures.
8. The Decline of SIEM in Cloud-First Environments
Security Information and Event Management (SIEM) systems, particularly in cloud-first environments, might see reduced usage. As SaaS tools develop built-in reporting and automation features, organizations may no longer need to maintain large, expensive SIEM platforms like Splunk, opting instead for more decentralized logging solutions.
Conclusion
The cybersecurity landscape is constantly changing, with new technologies and threats reshaping how organizations protect their data. As these outdated practices fade away, the industry will continue to innovate, adopting more secure, efficient methods to stay ahead of cybercriminals. The next five years promise to be a period of significant transformation—stay tuned as the future of cybersecurity unfolds.
