Cybersecurity: Poised for a Giant Leap Forward

SC Media, March 2, 2020, with comments from Atiq Raza, Satya Gupta & Willy Leichter

Cybersecurity has been around a long time, for the most part living a long life with decent health. But the industry is now whole-heartedly ready for transformation. The industry has experienced incremental change over the years with an influx of products with varying degrees of effectiveness. But the rising complexities organizations face call for something groundbreaking.

The cybersecurity market is already doing well in the current economy, and its forecast is promising for the next few years. Certainly the need for good security only increases. The expectation is the market will grow from $184.19 billion this year (2020) to $246.26 billion in three years (2023), according to a MarketsandMarkets report.

Atiq Raza, chairman and CEO at Virsec told SC Media, “The cybersecurity market continues to be robust, attracting investment and a steady stream of ambitious startups. There continues to be a perfect storm of rapid changes in technology (such as the cloud and mobility), an ongoing cyber arms race against well-funded adversaries and a range of new global privacy laws with increasing teeth.”

The Big Gorilla - Ransomware

2019 showed us ransomware could be taken to a whole new, unimaginable level and is likely to do the same in 2020. Ransomware has evolved from the days of WannaCry and NotPetya where bad actors froze users’ computers and demanded ransomware to restore data. That was certainly bad enough. But now, and especially after some organizations stopped paying the ransom, the attackers have upped the ante considerably by adding blackmail and extortion to the threats.

Virsec VP Willy Leicther comments, “Companies have sunk resources into cloud security as well. “The move to cloud deployments and containers fundamentally changes how security needs to be built, but the security industry has been slow to shift away from legacy, perimeter security models.” Willy who also pegged industrial control systems and runtime memory protection as investment hotspots.

In response to such threats and seeing victim counts going into the billions, spending on cybersecurity has gone up. According to Forester, spending on security services have passed product investment in 2018 and 2019. Gartner says security services will represent half of security software during 2020.

“Many companies find a shortage of pre-trained security experts and have invested more in training staff internally,” states Leichter. “Well-trained and up-to-date security analysts are scarce and command premium salaries.”

Increase Risk Motivates Spending

Organizations consider various options when assessing risk. Willy Leichter advises that “calculating risk as technology continues to change rapidly is challenging. At the end of the day, every organization has to make direct or indirect calculations of their risk tolerance to guide their security spend.

“The move toward a risk-based model has drawn the interest of the insurance industry, which, sniffing both opportunity and self-preservation has gotten “more actively involved in vetting security technology and an organization’s security posture when underwriting cyber insurance policies,” comments Leichter. “This industry is probably best suited to set a monetary value on risk.”

Ongoing Challenges and Old Mindsets Present Stumbling Blocks

While in theory business welcome progress and innovation in ways to secure their networks, servers and applications, historically many have acted too slowly. Hence, attackers have gained such a strong foothold. Some of the slow pace is in the mindset. Old perspectives are hard to shake.

“Stumbling blocks in security They “tend to be as much about mindsets as technology. Most security technology has been built around a perimeter mindset, and gathering massive amounts of data about known threats,” says Satya Gupta, co-founder and CTO, Virsec. “Attackers are increasingly adept at bypassing perimeter security, and targeting applications during runtime, leaving few clues behind.”

Organizations suffer, too, from creeping response times (well, relatively speaking).  They’re “too slow to effectively stop most attacks before damage is done,” he says. “Security tools need to keep moving towards real-time detection of attacks without prior knowledge.”

Further resources:

White Paper: Making Applications Truly Self-Defending

Their Story |Virsec | A Conversation With Willy Leichter

Security Guy TV Episode 1486, RSA 2020 Interview with Willy Leichter

Prediction Series #2: Companies are unprepared for cyber attacks that continue to threaten ICS/SCADA systems

What Keeps CEOs and CSOs Awake at Night?