The Gurus spoke to Robert Hann, VP of Technical Solutions at Entrust, about the future of IT and the challenges these developments pose to security teams and business leaders globally.
What do you think will be the most significant changes in the IT industry over the next 5-10 years?
I believe the three most influential and interconnected evolutions that will transform the IT industry throughout the next decade are AI, Robotics and Quantum Computing. The last decade has seen the advent of “consumable” AI, triggering mass adoption and application in our business and personal lives. The pace of AI maturity as it enters its eighth decade has led industry experts to name this the “intelligent era” and I wholeheartedly agree.
Until the last ten years or so, we would largely categorise robots as “reactive” with mostly industrial applications in areas like manufacturing or warehousing. I recall my first job as a Chocolate Engineer in the mid 90’s where I was wowed by robotic packaging systems and couldn’t even imagine then how we now apply robots to achieve huge efficiency and quality advances across our industries today. With the Autonomous capabilities that AI/ML is making real, ever more impressive applications for robots are now applied and most notably in our digital landscapes with Agentic AI poised to re-architect the workforce in the years ahead.
Autonomous AI agents as our workforces or perhaps as the foot soldiers to decentralised applications in a Web 3.0 world, represent perhaps the most disruptive technology to transform IT, our industries and how businesses operate. At an individual level, this will change how we interact with each other as citizens, with our governments, perform our jobs and consume goods and services. Throw in the advent of Quantum Computing in this same timeframe and we should expect to realise both superpowered AI and superpowered autonomous machines.
This transformation comes with immense responsibility from our business, IT and especially cybersecurity professionals to keep data safe and their colleagues, friends and family members protected from fraud and intrusion of privacy. Verified Identity, access permission controls, data encryption are all challenges for the cybersecurity industry in a world of autonomous machines!
With AI evolving rapidly, what new cybersecurity challenges will IT professionals need to tackle?
It is already abundantly evident that AI is both a force for good and bad. Where the adversary possesses equivalent superpowers, the Captain America of the modern cybersecurity team must neutralise their nemesis by also using AI in layered and more sophisticated ways. To name a few examples of how we are using AI as a greater defense for cyber risk and resilience, we see AI-driven capabilities from leaders in threat detection/response, behavioural analysis in machine/user authentication, predictive analytics for vulnerability management, endpoint security, automated threat intelligence, information sharing, and deepfake detection.
The increasing deployment of deepfakes highlights a concerning trend where AI, in the hands of sophisticated fraudsters, produces convincing deepfakes of people and their voices. This has led to numerous financial losses as demonstrated by Arup’s headline fraud case. Referencing Entrust’s own 2025 Identity Fraud Report, there is a deepfake attempt every 5 minutes. However, in a classic good versus evil showdown, AI also delivers the most effective defense by detecting subtle differences between authentic and synthetic IDs and in the ID document verification as part of the onboarding stage.
As technology continues to advance, which ethical considerations do you think will become most pressing?
While leveraging AI technology to combat fraud, enhance cyber resilience, revolutionise business operations, and accelerate discoveries in fields like drug development, material science, and healthcare, it is crucial to prioritise ethical considerations. Ensuring that AI systems are transparent, accountable, and effectively trained and retrained to mitigate bias is essential for maintaining public trust and ensuring fair and equitable treatment of individuals, whether as employees or citizens.
Large language models (LLMs) are just beginning to deliver for enterprises as organisations test and scale to realise their productivity and creativity potential. Thankfully, save for more rigor, some advanced data authenticity approaches and monitoring for malware injection, our tried and tested data-centric security and data privacy best practices apply. Notably, while cybersecurity professionals do not have to tackle AI ethical issues or the inherent biases in LLMs born from their internet and enterprise data training, the cybersecurity community can benefit from addressing these biases. This calls for, among other things, a “human in the loop.” The interaction between humans and agentic AI (AI systems and models that can act autonomously) poses identity management challenges, such as using public key infrastructure (PKI) to verify an AI agent to the systems it needs to interact with, as well as dynamic access controls around context and privilege timeouts. Therefore, a human in the loop is essential for robust cyber defenses.
Even more challenging questions will emerge in the next 5-10 years as commercial use of Quantum Computers begins, making our current AI applications and defenses seem rudimentary. Around that time, we may start to answer Alan Turing’s question from 1950, “Can machines think?” with a “Yes, in more ways we are prepared for.” Note that I am not predicting fully conscious, sentient machines, like those in Terminator and Skynet. However, with such significant advances, human oversight and the skills needed to provide such controls while not stifling autonomy, will likely be the kind of expertise we see on the resumes of our children.
What cybersecurity skills will be most valuable for IT professionals to develop in the face of these emerging threats?
It’s clear that AI will dominate the skills list, but it’s not just about having AI knowledge. It’s about integrating intelligent and autonomous systems into business workflows to support decision-making and innovate with large language or quantitative datasets. However, AI is a double-edged sword. Our adversaries are equipped with AI but are not constrained by budget, legal, and ethical factors and will use it against us far beyond phishing and deep fake scenarios for ID compromise led attacks. Therefore, the cybersecurity community must upskill in network security, threat detection, post-quantum ready encryption, and uncovering vulnerabilities to minimise zero-day scenarios.
Quantum computing skills will also be crucial in the next decade, both defensively and in application. Quantum programming languages and hardware will be new to most, and when combined with AI (QAI) to tackle sophisticated problems, our adversaries will be right there with us.
The advent of quantum computing is a wake-up call for the cybersecurity industry. Every organisation must immediately begin migrating from classical public key cryptography to post-quantum cryptography (PQC). This is no easy task, given a long history of laissez-faire focus and spotty visibility across digital certificates, crypto libraries, protocols, keys, and algorithms. To clarify for the non-technical, the crypto assets we refer to are not bitcoins or fungible assets, but the ones that are the very fabric of data security. IT professionals must first learn to find these assets across complex landscapes of products, services, cloud environments, and code. PQ Readiness support and advice will be in great demand as much as skills in crypto agility, both as a post-quantum cryptography migration step and defense mechanism.
We haven’t witnessed anything as transformative in cryptography in 50 years as this fundamental shift across our IT infrastructure. This will catch some business leaders off guard in the next 2-3 years with a 2030 migration deadline looming. Once discovered and the PQ vulnerable assets migrated to PQC, AI will help keep that continuous crypto inventory accurate and use crypto agility to mitigate threats.
What are the biggest threats posed by quantum computing to current encryption methods, and how can organisations prepare?
48 years ago, MIT colleagues Ron Rivest, Adi Shamir, and Leonard Adleman invented the RSA algorithm and it remains the Swiss Army knife of public key encryption today. RSA’s primary vehicle for usage is PKI which issues the digital certificates used so extensively to protect data and provide trust across infrastructures. Other successful public key algorithms have come along, such as Elliptic Curve (ECDSA, EdDSA) in 2004, which have gained adoption such as for bitcoin or biometric passports, but none are as universally adopted as RSA.
The sheer number of instances of public key encryption in use today is impossible to quantify. To give a sense of scale, a single major organisation can easily have hundreds of thousands, as it forms the backbone of their data and identity-centric security strategies. By 2030, the millions of these encryption instances – embedded into chips, networks, applications, cloud, operating systems, and code etc – must be migrated to PQC. Given the scale of this endeavour and the time it takes to discover, test and migrate to PQC, organisations have turned to Entrust as the pioneers of PKI and hardware security modules (HSMs) over 25 years ago.
An interesting use case which we are running at scale with multiple financial institutions in Europe right now is using our PQ Ready time stamping authority to add PQC protection to long life digital assets such as contracts and blockchain ledgers i.e. for smart contracts. This solution is addressing one of the two immediate quantum threats which is harvest now-decrypt later where an adversary, a patient one, steals encrypted assets ready to decrypt or manipulate them later. The other threat, long life connected devices such as cars, is another where our PQ ready solutions are already in play.
Trust infrastructures like PKIs and their HSMs are long-term investments, which is why organisations must future-proof today to ensure a smooth transition to the quantum age when the time inevitably comes. As any boy scout would say, ‘be prepared’!
