+1 877 312 2988
Sign Up Contact Us

During the last couple of years, most enterprises have been accelerating the pace of their digital transformation based on the adoption of leading-edge ICT technologies like cloud/edge computing, Big Data and the Internet of Things (IoT). At the same time, organizations are still suffering from security attacks, which are among the most important barriers in the implementation of their digital transformation agendas. Earlier this year, the famous “Wannacry” ransomware attack affected major organizations all around the globe, such as UK’s NHS (National Health Service). Another example was a fraudulent cyber attack against the SWIFT international transactions system that took place in February 2016 and resulted in the theft of $81 million from the Bangladesh Central Bank. These attacks highlight the vulnerabilities of modern cyber infrastructures, as well as the importance of cyber security as an integral element of an organization’s digital transformation strategy. It is important to understand the main drivers and trends in future cyber security solutions to make the most of security investments.

Drivers of Future Cyber Security

The expanding scope and sophistication of cyber security systems is based on the following:

Technology Evolution 

Enterprise IT infrastructures are gradually growing in size and complexity, as a result of the introduction of new technologies like cyber-physical systems (CPS) and the IoT. These paradigms are typically based on systems and devices that bridge the physical and digital worlds, such as sensors, smart machines, connected cars, robots and more. While these systems provide opportunities for enhanced productivity and improved decision making, they also broaden the scope of potential vulnerabilities. For example, a large-scale Distributed Denial of Service (DDoS) attack that exploited vulnerabilities of IoT devices took place last year and affected major Internet sites like Amazon, Twitter and Spotify.
 

Regulatory Complexity

Nowadays several organizations operate in complex regulatory environments, which impose a need for compliance with many security regulations and standards. For instance, U.S financial organizations must adhere to regulations associated with the Payment Card Industry Data Security Standard (PCI DSS), the Sarbanes-Oxley Act of 2002 (SOX, P.L. 107-204), the Gramm-Leach- Bliley Act, the Financial Services Modernization Act of 1999 and more. Cyber security systems are evolving in order to support organizations in their alignment to the required regulations and standards.

Sophistication of Attacks 

Over the years, cyber security attacks are increasing in sophistication through becoming asymmetric and less predictable. For example, ransomware attacks have been added to the list of phishing, DDoS and social engineering attacks, while the methods used by cybercriminals are constantly evolving based on the use of advanced sniffing and encryption techniques.

Limited Resources

Many businesses lack the resources, expertise and equity capital needed in order to cope with modern cybercrime. This is particularly the case with SMB (Small Medium Businesses) typically on the hunt for cost-effective solutions.

Emerging Cyber Security Solutions and Services

Driven by the above factors, emerging cyber security solutions feature the following characteristics:

Security Automation and Intelligence 

The automation of cyber security solutions is key to coping with the growing number and sophistication of cyber security threats. This gives rise to the implementation of machine learning systems, which are able to detect attack patterns in a fully or semi-automated fashion. There is also a trend towards employing deep learning and artificial intelligence technologies to identify indicators of complex attacks, which are hardly identifiable based on conventional machine learning.

Cyber Security Datasets and Data-Driven Approaches 

The collection of security-related datasets is becoming very important for the development of future cyber security systems. These datasets are a key prerequisite for training and validating the data-driven systems, including machine learning and AI algorithms. Without large amounts of data about the operation of the cyber assets and the attack incidents against them, the deployment of security automation and intelligence isn’t possible.

Standards 

Standards development organizations tend to incorporate latest technologies and best practices in their work. So standards-based solutions are usually more effective in increasing the cyber resilience of modern organizations. The latter need to adopt and implement not only conventional and well-established standards (e.g., the popular ISO27001), but also emerging ones such as the Industrial Internet Consortium Security Framework (IISF). The latter provides a blueprint for securing CPS systems in the era of Industry 4.0.

Integrated Policies for Cyber and Physical Security 

As part of the integration of IoT and CPS systems there is a close interaction between cyber and physical systems, including an inter-play between their security mechanisms. For example, electronic access gates and CCTV (Closed Circuit Television) systems are increasingly used as primary physical security technologies. This close interplay is gradually leading to an integration of physical and cyber security measures and related policies. Sectors that operate both cyber and physical infrastructures (e.g., energy, transport, buildings) have the leading role in this integration.

Vulnerability Databases 

Following many years of collecting information and knowledge about cyber threats, the cyber security community has established a range of vulnerability databases, which are used to maintain and disseminate information about known security vulnerabilities. NIST’s National Vulnerability Database is one of the most popular databases of this category, which provide developers and deployers of cyber security systems with the means to automatically access up-to-date information about cyber threats. This is important because of the need to support the collection and processing of large amounts of data towards security automation and intelligence.

Managed Security and Security as a Service 

There is a surge of security solutions that are offered based on the Security-as-a-Service paradigm or as a pay-as-you-go option. Typical examples are the popular Managed Security Solutions (MSS), which are a primary choice for SMBs and other organizations that operate based on constrained budgets. Solutions for small organizations come with easy web-based interfaces for their configuration, which makes them appealing to employees with low security expertise.

Decentralization and Blockchains 

The advent of the BitCoin cryptocurrency has revealed the capabilities of the distributed ledger technology towards decentralizing and securing transactions across IT systems and devices. Distributed ledger technology is currently exploited as a secure, privacy preserving and anti-tempering infrastructure in a wide range of applications beyond financial transactions and it’s therefore likely to become mainstream in the years to come.

Equipment vendors and integrators of future ICT solutions should closely monitor these trends and integrate them in their products and services. Security should no longer be seen as a defensive investment with limited ROI, but rather as an indispensable and integral element of any cyber infrastructure. As such, it should be placed at the very top of the digital transformation agenda.