Security of critical infrastructure
Of course, the hot topic of the year and even the next few years in Russia will be the security of critical infrastructures. This will be fostered primarily by compliance. Many companies will undertake categorization of their infrastructures. Those who are on the way or have already done it not just “for a tick” will learn a lot about themselves and rethink the approach to security. As a result, companies that have secured the budget for the process will seriously improve their security, and those who failed, will be forced to limit themselves to writing a new pile of documents, leaving the company's infrastructure in a vulnerable state.
Vendors and integrators are doing their best to make complex technologies previously used only by the most advanced customers finally enter mass market. As a result, various product bundles, out-of-the-box integrations and even service packs emerge, making even complex services very understandable and easy to run. (Commodity - goods of mass demand / consumption).
Generation Z, digital people
The arrival of generation Z employees (born after 1995) brings many challenges to cybersecurity units. These employees do not accept restrictions: by types of devices, locations, working hours and tools. On the one hand, there are subconscious attempts to perceive their requests as the whims of people who do not have experience. On the other hand, security professionals need to be flexible because these same employees bring business ideas that people born before the Internet are not able to produce.
Security of technological infrastructure segments
The attention drawn to the security issues of the critical infrastructure has prompted many customers not only to carry out formal procedures of categorization, but also to look deeper. The practice of penetration testing has shown that most technological networks are vulnerable and often accessible from office networks. Customers are ever less aware that such vulnerabilities expose businesses to significant risk, and every day come up with more and more budget justifications for securing industrial segments of their infrastructure.
Digital transparency, quality of information about cybersecurity
The complexity of the infrastructure and the dynamics of its changes lead to a situation where even owners have no idea about its current state. The lack of integration between monitoring tools and protection tools only makes the situation worse and leads to uncontrolled risks and real incidents. In the coming year, employees of cybersecurity units will pay more attention to cybersecurity Analytics and will begin to monitor vigilantly the state of infrastructure and the shadow use of IT.
A timeless classic
Many companies have well resolved basic issues of cybersecurity related to technological methods of attacks. This does not at all mean that social engineering technologies will be less effective. Attackers will always be inventive and, making minimal changes in the techniques of attacks, will continue to achieve their goals. In this regard, it is not enough to lean on previous knowledge on employees’ awareness. It ought to be periodically refreshed and one should remind that lack of attention of one employee can lead to huge consequences for the whole company.
Security for wearable devices
The topic of security of various trackers and smart devices attracted a lot of interest in press and professional community. At the same time, very few have reached the solution of the problem. The topic will continue to be heard, but will remain at the level of conversations.
National cyber weapons
More than 130 states have units refining the skills of cyber warfare. Some countries don't even conceal this facts. Therefore, we must be aware that if a company falls into the sphere of interests of such units, it will be extremely difficult to resist the attacks, almost impossible. In this case, monitoring and proper response to incidents are measures that will minimize the consequences. Moral readiness to attack of a superior force is a modern reality!
Cyberresistance, interaction between IT and Security
Many attacks are aimed at disrupting the health of an infrastructure. This leads to the fact that cybersecurity attracts more and more attention of IT heads. Next year we expect an increase in the number of projects collaborative for IT and security departments, as well as an increase of security cost items in IT budgets.
In 2018, largest Russian companies launched big data security projects. But every day the topic becomes more relevant not only for the giants, but also for a much wider audience. After all, the number of those who realized that they can no longer deal with protection of an ever-growing amount of information is only increasing. Ever-increasing speed of data transmission channels, including mobile, makes this task even more ambitious.
What a forecast without the topic of artificial intelligence? AI technologies are increasingly penetrating both the defense tools and the attackers’ gear. Nobody is any longer surprised by presence of machine learning technologies in the products of market leaders. In 2019, both the level of penetration of AI technologies into cybersecurity products and the adaptation of these technologies in customer infrastructures will significantly increase.
Hunger on the cybersecurity labour market
Increasing interest towards cybersecurity only increases the personnel shortage in the market. Next year the situation will not change much. We recommend growing staff within the company, using mentoring programs, training of employees of related departments, primarily IT, and hiring young professionals.
In General, the forecast for 2019 on cybersecurity is positive: we forecast double-digit growth and increased interest in cybersecurity on the part of business.