As we all know, one of the main jobs of any Cybersecurity Professional (well, it technically depends upon their exact title) is to assess the current Cybersecurity Threat Landscape, see what threats are present and try to look into their Magic 8 balls to see what the future could hold.
Also, they are tasked with trying to figure out the launch vehicles that the Cyberattacker uses deploying their malicious payloads, as well as trying to get into their mindsets as to what motivates to do what they do (remember, there is still a severe shortage of skilled Cybersecurity workers – thus, there is a movement to transform them from the “Dark Side”).
But very little attention has been given on looking at those business factors which drive organizations to have a greater need for beefing up their lines of defense. In other words, what are those economic (and even technical, too) variables that make a business need to spend more on Cybersecurity? This is the focal point of this blog, so here we go.
Here are the top 5 factors:
1)The increased usage of Business Intelligence (BI) and Analytical Tools:
Yes, these are all buzzwords that we hear about a lot today. And what we even hear more often than not are the usage of Artificial Intelligence (AI) and Machine Learning (ML) tools. Long story short, these are not really newer forms of technologies; rather, they have been around for decades actually. But we have not seen mass deployment of them until now. The idea with these two tools is that they can mimic the learning and decision-making habits like how we do everyday in our lives. But when it comes to Cybersecurity, their main objective is to try to learn what the current threat vectors, and from there, try to predict what future variants could look like. Also, another envisioned application of AI and ML is that for task automation. Two prime areas for this are Threat Hunting and Penetration Testing. In this, there are a lot of repetitive tasks that could be automated, which can greatly ease the workload of both Threat Hunters and Pen Testers alike. But keep in mind also, the Cyberattacker is fully aware of the use of AI and ML, and they too, are exploring them for nefarious uses.
2) Heavy adoption rate of the Cloud:
This is a technology that will never go away, and its going to keep increasing in size and complexity, primarily driven by the growth of Microsoft Azure and the Amazon Web Services (AWS), the largest Cloud Providers in the world. At first, many businesses and corporations were hesitant to move their On Premises Solutions to either one of these, but with the cost of Security becoming almost cost prohibitive for this, the Cloud is now becoming a very viable option. One of the main catalysts is that Cloud Providers in general are also taking Cybersecurity very seriously, and because of that, they have spent an unbelievable amount of money to provide Security for their customers at a fraction of the cost it would be otherwise. Organizations are also starting to realize that Cybersecurity is a full time in of itself, so why not farm that off to a Cloud Provider so that they can stay focused on making revenue??? Also, as mentioned earlier, AI and ML can also be expensive tools to deploy (at least for now) for SMBs, but the Cloud Providers can provide this option also for a fractional cost as well. Plus, many organizations are now opting for the Hybrid Cloud Platform (which is essentially a combination of the IaaS and PaaS Infrastructures), which combines the use of rented hardware and software applications. So, when a company opts to move their entire IT Infrastructure to this kind of platform, they can do so with Security being one of the number goals at the very beginning, rather than as merely an add on to a legacy system (such as an On Prem solution).
With this basic concept, we are asking the fundamental question: “Are we really whom we are that we claim to be?” And we all know it has been the password that has been the primarily vehicle for this, and with all of its flaws, it will never die. So, the important thing to keep in mind is how to create a solution which not only incorporates the usage of passwords but also, other Security mechanisms, such as Biometrics? These are known as Two Factor Authentication (2FA) tools, but even these are not proving their worth as much now. So, businesses and corporations are now looking at making use of what are known as “Multi Factor Authentication” (MFA) which makes use of more than two layers of authentication. This could include the use of Passwords, Biometrics, and an RSA Token.
4) The Internet of Things (IoT):
This is yet another buzzword that we will be hearing a lot about in 2019 and well into the future. The IoT is a very complex sort of technological infrastructure, but the main idea here is that we will be connected to objects on a daily basis that we interact with most in both the physical and virtual worlds. The idea with the IoT is to automate the activities that we do in our daily lives. For example, there are now “Smart Cars” that can literally drive themselves from input that you provide onto a computer. The problem with this is that there is a lot of interconnectivity involved here, and there has been very little thought in how to secure all of this. Not only this, but this increased level of connectivity has also greatly increased the attack surface for the hacker. While Corporate America is starting to quickly adopt an IoT infrastructure into their overall environment, especially when it comes to enabling a remote workforce. But over time, Cybersecurity will become a critical issue for the IoT. In fact, it is expected that Cyberattacks to IoT Infrastructures will increase at an astounding 600% just this year alone.
5) Increased Regulatory Oversight:
Not only just here in Corporate America, but other companies, such as those in Europe are now being put into under the microscope of the what is known as the “General Data Protection Regulation”, or “GDPR”. The financial penalties for not coming into compliance can be quite stiff. Although there has not been any movement at the Federal level for compliance recently, the states have started to take action, and more information about that can be seen at the link below:
Even other countries around the world are starting to adopt much stricter and harsher Compliance Regulations, such as Thailand, China, and even Vietnam. More information about this international movement can be seen here:
My thoughts on this?
Well, there you have it, the top 5 drivers for Cybersecurity so far for 2019. While all of these are no doubt important, I think the two top ones will be that of the IoT and the increased level of Regulatory Compliance. But in the end, it will be IoT that tops out the list, as government agencies can be slow in their audit procedures.
Remember, the IoT is going to be a huge and very expansive thing. It’s highly anticipated that it will not just connect us to our personal interactions, but also to other areas in our lives, such as public transportation, the medical system, critical infrastructure, you name it.
To me, although I have been involved with technology for a very long time, the IoT is a very scary thing. The reason for this is that if one connection fails, this could have potentially a cascading effect on all of the interconnection as well, thus bringing the things and the items that we take for granted everyday come to crashing halt.
It’s like the “Smart Car”. If one electronic gadget fails, that could affect everything else, thus rendering your automobile totally useless, especially at a time when you need it the most.