You would be an unusual person if you have not been aware of cybersecurity in 2017. It was a year that truly brought home the level and breadth of cyber attacks against some of our both established and emerging industry players, including Equifax and Uber. Early in the year the massive ransomware attack, WannaCry, hit globally and without mercy; Symantec recording 80,000 exploits per hour at its peak.
The cybersecurity landscape has both evolved and expanded in the last few years. During this time, cybercriminals have honed techniques and tested out new scenarios, to increase both sophistication of attack and success rate.
Methodologies like phishing and spear phishing have become the weapon of choice for the successful cybercriminal. In 2016/17, Symantec recorded that over half of emails received were spam and the Anti-Phishing Working Group (APWG) saw a “constant stream” of phishing attacks in 2017, with a movement that included the use of social media as well as the more traditional email.
According to the Gemalto Breach level Index, in the first half of 2017 alone, 1.9 billion data records were breached. The costs of such breaches to industry are staggering. In the Ponemon Institute’s report “Cost of Data Breach Study 2017” they found that the average cost to an organization of a data breach was $3.62 million, with each record being breached, costing, on average, $141 but with industries such as healthcare costing significantly more.And the cost of a breach impacts an organization deeply, affecting company standing, customer trust, and ultimately share price.
When Equifax announced the cyber breach on September 7, 2017, their share price crashed by around 38% and has yet to recover to pre-breach levels. The management of companies suffering breaches is also impacted by a cyber-attack. The CEO of FACC Operations GmbH was sacked after a major ‘whaling attack’ that cost the company 50 million Euros.
The size and breadth of cyber attacks, which hit companies across all sectors and of all sizes, are doing one positive thing: it is raising awareness. The size of breaches makes them highly newsworthy and attacks like WannaCry and Petya make the mainstream news across the globe.
This awareness is also being reflected in updates to major regulations and laws, such as the EU’s General Data Protection Regulation (GDPR) set for implementation on May 25, 2018, and the financial industry sector Anti-Money Laundering (AML) version 4 which came into force this year.
All of this disruption is happening within a changing enterprise environment, driven forward by digital transformation challenges, such as Cloud computing, serverless architecture, and expanded digital identity use cases. All of these changes coming under the watchful eye of the aforementioned regulatory frameworks as well as the cybercriminal. However, this alignment of planets has created a buoyant marketplace for cyber security companies to fight back.
Cyber Security Fights Back
Research is showing that the market for cyber security solutions is growing by a CAGR of over 10% with a market likely to be worth $173.57 billion by 2022. This is being attributed to the increase in cyberattacks across all industries, to the movement of operations into the Cloud, and as we introduce the IoT across our infrastructure.
To combat the ever-changing cyberattack landscape and the morphing attack surface, cybersecurity companies are fighting back with innovation. Cybersecurity companies are emerging and more-established firms are innovating specifically to tackle the complicated profile of a modern cyberattack.
The use of technologies such as Artificial Intelligence (AI) and machine learning are helping to bridge the gap between attack and defense. Innovation in the way security is serviced is also helping to adjust the balance.
Just as cybercrime is utilizing ‘Malware as a Service’ to make cybercrime a more accessible activity, cybersecurity organizations are also offering managed services to ensure that the best security is available for all organizations, irrespective of their size.
This heady mix of fast market growth, coupled with technology and service solutions, has created a storm in the investment community. In 2016, investors injected a record $3.1 billion into 279 security startups. And investment continued to grow for cybersecurity in 2017, with firms like Bastille receiving $27 million, Quadium reaching $40 million investment, and Threatstack $45 million amongst a large mass of investments into the sector.
As well as private investment, government’s across the world are also investing in the cybersecurity ‘workforce’ and technology of the near future. For example, the UK is investing $1.9 billion over the next 5 years, and the EU is publishing a report asking for an injection of cash to ‘bolster’ cybersecurity efforts.
The investment into cybersecurity is allowing firms, both startup and established, to innovate around not only the type of techniques and technologies used to thwart attacks, but also the way that these technologies can be used and made more accessible to all.
Cybersecurity is an issue that has touch-points across industry sector and size, and that affects each of us, including as individuals. The investment we are seeing going into cybersecurity in the last two years will be sorely needed to add the level of innovation in solution and training of the workforce to ensure that we can stem the tide of cyberattacks.
Latest posts by Marion Godrix (see all)
- Cybersecurity: machine learning to be the main focus in 2018 - 26 January 2018
- Cybersecurity: Five vulnerabilities you shouldn’t ignore - 25 January 2018
- [INFOGRAPHIC] Data security: 99% of employees ignore good practice - 24 January 2018