We live in an era where cyber-attacks come part and parcel with doing business. Companies are routinely hit with attacks big and small and as a result their customers are feeling the impact as well. While your company may not have suffered a major security attack yet, it doesn’t mean it won’t. Cyber-attacks have never been more prevalent or dangerous – and they could end up costing your company millions of dollars and potentially scores of customers.
These trends are leaving IT departments, within businesses, that are tasked with endpoint defense, investigation and remediation, filled with dread and they are looking for ways to get ahead of the problem. Based on conversations I’ve had with customers and partners over the past several months as well as talks taking place at a slew of industry events, here are some of the things I have noticed about the state of enterprise security today – the good, the bad, and the ugly.
The skills shortage is real
The enterprise security industry is remarkably deficient in qualified workers at a time when we need them the most. If predictions hold, cybercrime damage will top $6 trillion annually by 2021, which is almost 10% of the world’s economy. But nearly as troubling is the skills shortage. At the RSA Conference in April, John Stewart, senior vice president, chief security and trust officer at Cisco, pointed out that by 2020, there will be 3.5 million open cybersecurity positions, and for every job that is filled, two more open up. Compounding the problem is a serious lack of diversity. For example, women only account for 11% of cybersecurity employees.
Now for the good news. Awareness breeds action, nearly every company that I speak with is working to make cybersecurity an attractive field for workers of all races and genders. There is also tremendous potential for career advancement. Cybersecurity is an area ripe for a diversity makeover as it faces a period of rapid growth.
Automate to meet the challenge
While we will always need human power in cybersecurity, the skills shortage will require additional firepower as well. Digital threats are simply multiplying too quickly to address them solely with manual interventions. 2017 was the worst, in terms of cyber-attack volume, security vulnerabilities were up 20% year-over-year.
New automated solutions hold promise by successfully running health and security checks across all points and configurations. They can issue routine updates seamlessly and they do so quickly and efficiently so that human workers are free to focus attention where it is needed most. As a result, systems become more secure and resources are used wisely. Whether it’s zero-day exploits, ransomware attacks, malware, or other issues, look for the tools and products that let you automate the tackling of these issues where they occur – at the endpoints.
Visit DATAx Singapore on March 5–6, 2019
Play well with others
One thing that is particularly heartening in this age of ultra-competitiveness is the way some of the biggest names in security are coming together to fight the threats facing our businesses worldwide. Because the impact and associated costs of cyber-attacks are so severe, organizations are putting aside competition to work for the greater good. Consider the new Cybersecurity Tech Accord, more than 30 companies have signed on to "improve the security, stability, and resilience of cyberspace." Microsoft president Brad Smith described this international effort as a sort of Digital Geneva Convention to bring the number of malicious cyber-attacks down. It attests to the fact that organizations recognize that a much bigger threat exists in the security industry than simply losing market share.
One of the messages I consistently hear is that the "winners" in the industry recognize that they have to play well with others. This means offering open APIs to integrate multiple security solutions together. With so many available security options, every organization is going to run different combinations and configurations of software, applications, and tools coming from a vast number of vendors. If your company doesn’t have APIs and/or isn’t willing to integrate multiple solutions into your product, the company is going to be left behind. More cooperation results in more customer choice, which is ultimately a very good thing for the industry to continue to progress and innovate.
Machine learning and AI
Artificial intelligence (AI) and machine learning are words that vendors feel that they have to use to attract attention – whether these are a legitimate part of a solution or not. Consensus is that AI and machine learning is where the industry is headed. Representatives from OpenText recently noted that 12% of enterprises have already adopted AI-based security analytics. This shows a solid move toward AI adoption, but it also says it’s still a little early.
There is a lot of big talk and thinking taking place, but the reality is that people are just starting to dip their toes into the AI waters. As the need for smart automation grows, expect AI and machine learning development and adoption to accelerate, particularly in the endpoint security space. Uses and applications will also become much more sophisticated.
Lack of differentiation
While there is a lot of forward thinking occurring in terms of how enterprise security technologies will evolve to deal with the increasing number and ever-changing nature of cyberthreats, there has not been a lot of true product differentiation recently. I hear the same buzzwords and language repeatedly used to describe offerings, even when those offerings are markedly different from one another. While this demonstrates that the industry is largely aligned on what’s important, there’s no sense of what makes a company unique or special.
In the real world, today’s buyers are having to work hard to get past the hype to figure out what a product actually does, what it looks like, where it excels, and where it falls short. This could ultimately extend product evaluations and sales cycles as companies uncover the real use cases for different vendor products. Moving forward, I would encourage companies to break free a bit to highlight their true differentiators so that we see more clear standouts from the growing crowd of vendors.
2019 will be a big one for enterprise security as new solutions are introduced, existing solutions are refined, and bright minds enter the field to build the products of tomorrow. Hang on to your IT department hats because it looks to be a wild and exciting ride!