Businessman uses a laptop and holding virtual globe showing cybersecurity predictions

Expert Cybersecurity Predictions for the Next 5 Years

Looking towards the next 5 years, it’s not just network servers, money, or data we need to be concerned about in the cybersecurity space — it’s lives. In fact, one of the biggest questions circulating the cybersecurity landscape is how to protect people from being physically affected by malicious agents.

Cyberattack methods are constantly changing as criminals find new ways to automate breaches, crack strong networks, and target vulnerable systems. In fact, just last year, we faced an exponential increase in new attack vectors as the shift to remote work challenged traditional business operations. And this increase is only expected to rise in the coming years. From a growing need for intelligence-led security to increased infrastructure protections, organizations must look years into the future to stay ahead of the attacks of tomorrow.

Expert predictions for the next 5 years

Based on expert research, trends, and recent changes in attack methodologies, we believe the top contributors to mass cyber attacks in the years to come may be as follows:

1. Attacks on shared infrastructure

Cybercriminals are shaping user behavior by attacking a piece of shared or core infrastructure to “herd” data and users to another platform or provider that is more vulnerable or already compromised. These herding attacks force traffic toward less protected servers that can be easily manipulated by adversaries. Take, for example, BGP hijacking where Internet traffic is forced to take the “scenic route” from your computer to your banking website, perhaps via Russia or China. Likewise, Distributed Denial of Service (DDoS) attacks can be used to “shape” traffic and communications of a business towards a less-protected channel. In some cases, this channel can even be one that the cybercriminal has already tapped or is currently snooping.

Just take a look at what happened to In September 2021, the leading provider for US voice over IP (VoIP), experienced a DDoS attack where cybercriminals pretended to be the ransomware group ‘REvil’ to take advantage of Bandwidth’s shared infrastructure. The group successfully attacked their server, and demanded 100 bitcoins. That’s the equivalent of $2 million as of today.

2. Malware takeovers

It isn’t hard to predict a near-future event that causes a massive depopulation of internet-connected devices. This may mean events where Androids and iPhones become “bricked” by tampered malware code or buggy malware that prevents users from “factory resetting” their phone, or even worse, a widespread corruption of medical devices where heart pumps, dialysis machines, and medical tech become inoperable.

Some could say we are on the brink of a digital equivalent to the Irish Potato Famine of 1845 — but in this case, instead of potatoes, it’s iOS 15 users. If cybercriminals only have to target one particular version of iOS, the likelihood of a successful destructive malware event increases.

3. Cyber-kinetic attacks

While the use of traditional military force, or the threat of its use, has governed geo-political conflict for centuries, we are now seeing the emergency of cyber-kinetic attacks. These attacks on expository infrastructure, software, and industrial control systems could result in direct or indirect physical damage, environmental impacts, and even injury or death.

Take for example Triton malware, created to cause significant damage and loss of life to those who fell victim. The US Treasury Department brought sanctions against the Russian government after research identified them as the perpetrators of the malware. If digital warfare continues to escalate in this way, we will most definitely see a kinetic retaliation to a cyber attack.

4. Critical infrastructure targeting

If there’s anything we can learn from the past year, it’s that targeting critical infrastructure will continue to be a trend. It used to be that hospitals, schools, gas, power, food, etc. were a “no-go” zone unless you were a nation-state (ex. North Korea, China, or Russia). But those boundaries have since been crossed, and cybercriminals are attacking them with no mercy. Sadly, these industries are historically miles behind on their security protection and detection — making them especially easy targets for cybercriminals to exploit.

5. Specialization of criminal activity

Year after year, we see an exponential increase in the specialization of criminal activity, such as ransomware as a service. Cybercriminals are now working together connecting one specialized criminal operation to another, in the same fashion of a factory conveyor belt or a multi-leg relay race.

In fact, operations have gotten so sophisticated that there is even a customer support function for malicious payment interactions. Yes, that’s correct. Even digital criminals outsource their “customer support”. As a result, criminals are addressing and compromising more attack surfaces not just for money, but also for purposes of disinformation, destruction, and disruption.

6. An increase in automation by adversaries

Did you know that within minutes, cybercriminals can detect every vulnerability within a target system? Once they detect it, they have the option of automatically exploiting it, or sending it off to a team to do it for them. Automation is setting the tone for many global threat trends and patterns. In fact, some studies indicate that the fastest APTs begin a lateral movement in less than 18 minutes from the time they infect a system with malware or ransomware.

7. Improvements in regulatory control

Regulatory agencies are stepping up to the challenges of cyber risk mitigation and management as more companies endure breaches as a result of negligence and poor due diligence. Regulators want to be in a better position to prosecute “willful failure to remediate” vulnerabilities of businesses under their jurisdiction to more effectively protect individuals from attacks. And with the recent Biden Executive Order, Software Bill of Materials (SBOM), and software labeling, regulatory agencies are expected to expand their oversight function far more than they have in the past.

8. Cybercriminals leverage insiders

Watch out, your employees might just be the next victim of a malicious bribery attempt. Cybercriminals are now offering a percentage of the payout to employees who help provide critical information that is essential to attack. Surprisingly, the average payout percentage is quite small. According to research into “Initial Access Brokers” by KELA, the median compensation offered to employees who cooperate was $1,000 USD. Many of the prime targets are low responsibility individuals with high access — think receptionists, security guards, etc. In the next few years, it is important that businesses actively address the ‘outsized’ access rights problem, as well as establish an insider risk program to help investigate and detect anomalies.

9. Increased demand for tactical threat intelligence

As cyber threats become more targeted, SMEs need the help of threat intelligence analysts to learn how they’re being attacked or targeted, and how they can generate intelligence-driven security research to eliminate security risks at any stage. But simply subscribing to threat intelligence feeds is not nearly enough. Businesses need to allocate funds and time to producing tactical threat intelligence. With this kind of intelligence, there will be an awareness of APT campaigns at any level, along with focused discovery of which campaigns are targeting your company at any given time.

How to protect your organization from future cyber threats

Securing your network, applications and devices doesn’t happen overnight. And as we look toward the future, we can almost guarantee that the threat landscape will continue to challenge existing cybersecurity best practices. And, without proper visibility into your attack surface, you will always be at risk.

#Cyberattack methods are constantly changing. From a growing need for intelligence-led #cybersecurity to increased infrastructure protections, organizations must look years into the future to stay ahead of the attacks of tomorrow. #respectdataClick to Tweet

In the years to come, businesses need to prioritize and consider emerging trends to stay ahead of attacks and improve their existing cybersecurity risk management operations. Proactive solutions like quantified security ratings that help you understand your current vulnerabilities, to closing the communications gap in executive-level reporting, are all components that will help your organization and security team identify and mitigate risks well into the future.


Chief Research Officer at SecurityScorecard