Security services, IoT, integrated platforms, GDPR, skills shortage, detection and response, machine learning, automation and orchestration are just a few of the key themes in a vast array of industry analyst predictions about the changing security landscape for customers and vendors in 2018. Following are just a few of these predictions that highlight how cybersecurity can significantly disrupt or enable business.
With countless security solutions, and the ever-evolving threat actor, organizations face challenges determining what is best for their infrastructure to most effectively mitigate risk while also reducing complexity. According to IDC, “By 2020, 30% of security spending will be on vendors that provide an integrated platform approach to security.”1 How threat information is consumed from security solutions and acted upon can also be a significant challenge due to the massive volume generated. IDC also notes that, “By 2020, 50% of security telemetry will be made more useful via the use of machine learning and cognitive software, which will ingest and curate it into actionable and intelligent data at record speed.”1 Gartner predicts that, “By 2021, requirements for greater efficiency in threat response will drive 20% of buyers to heavily weight automation in buying criteria.”2
The security skills shortage also presents significant risk to the future of cybersecurity; and the issue traverses new technologies like those of the cloud market that are rapidly being adopted and implemented. As noted by Enterprise Strategy Group (ESG) analyst, Jon Oltsik in a December 2017 blog post on what’s ahead in 2018, “According to a recently published ESG/ISSA research report, 29% of organizations have an acute shortage of cloud security skills. Because of these issues, ESG’s cloud security guru Doug Cahill tells me that organizations are not setting up the right security policies, processes, or controls for the cloud. This will inevitably lead to lots of easily-exploitable vulnerabilities, data breaches, and regulatory compliance violations. To alleviate this risk, CISOs will have up their game in 2018, work in lock-step with cloud developers and DevOps groups, surround cloud with the right policies, develop collaborative processes, and build a cloud security controls architecture.”3
To help with the security skills gap, organizations of all size are moving aggressively towards security services. According to Gartner, “By 2021, at least half of small and midsize enterprises will use managed services to secure their infrastructure, up from less than 20% today.”4
With the proliferation of connected devices, IoT attacks are another area of urgent concern due to the uncertainty of the security threat and its impact on the global market. According to Forrester, “More IoT attacks will be motivated by financial gain than chaos.”5 Forrester suggests “Assess IoT attack vectors, compliance risk, and organizational readiness”5 in order to take action against this threat.
Finally, the aggressive threat landscape has spawned an increase in global compliance and regulatory requirements. The General Data Protection Regulation (GDPR) in the European Union (EU) is having an immediate impact on the global economy and how businesses engage, shining a bright light on personal data and privacy. This too is affecting the way security companies address insider threats. According to Forrester, “Firms too aggressively hunting insider threats will face lawsuits, GDPR fines.”5 This is in part due to more stringent rules around privacy rights in the workplace. Forrester suggests companies “Create privacy rules of engagement for employee monitoring.”5
As cybersecurity continues to evolve and mature, so does the threat actor, preying on the vulnerable and/or passive. It is no longer a question of if, but when a breach will occur and what impact it will have on consumers, communities and businesses. Personal data and privacy is at the forefront of the security evolution, and without keeping a keen eye on the threat itself and how it is being address, organizations could open themselves up to devastating consequences. Security is not a zero-sum game, but vigilance and education can help overcome the gap that exists between vulnerability exposure and protection. Knowing your business risk is an essential step in preventing the unknown breach.
1IDC FutureScape: Worldwide Security Products and Services 2018 Predictions, Sean Pike, Duncan Brown, Christina Richmond, Martin Whitworth, Robert Ayoub, Frank Dickson, Robert Westervelt, October 2017, IDC #US43159217
2Gartner, Predicts 2018: Security Solutions, Dale Gardner, Deborah Kish, Avivah Litan, Lawrence Pingree, Eric Ahlm, November 15, 2017
3Enterprise Strategy Group, A Few Cybersecurity Predictions for 2018, Jon Oltsik, December 14, 2017, http://www.esg-global.com/blog/a-few-cybersecurity-predictions-for-2018
4Gartner, Predicts 2018: Infrastructure Protection, Lawrence Orans, John Girard, Adam Hils, Greg Young, Dionisio Zumerle, Jeremy D’Hoinne, Earl Perkins, November 20, 2017
5Forrester, Predictions 2018: Cybersecurity, Andras Cser, Jeff Pollard, Merritt Maxim, Josh Zelonis, Joseph Blankenship, and Heidi Shey, November 7, 2017