Executive Viewpoint 2017 Prediction: Nyotron – Four Security Predictions
1. Increase in Attacks’ Complexity and Methodologies
Creativity and technical evolution on the offensive side has proven to be much faster than defense. In fact, we learn that any progress made by cyber security solutions, has a similarly “positive” effect on attack techniques and offensive methods. We estimate that approximately 10 percent progress on the defensive side will simultaneously compel attackers to improve by 20 percent. The reason? The nature of point solutions, which resolves one problem, also provides great motivation for the attackers to develop more destructive (and sophisticated) attacks.
2. Fewer Solutions – Less Defense
After numerous busy years of cyber security investments, new initiatives, thousands of new companies and developments – investors are more cautious when examining new, young companies. At the same time, organizations realize they can’t buy an infinite amount of products. Hence, we expect to see fewer solutions, and therefore, less defense.
3. Higher Cost of Damage
While there are thousands of cyber-security companies, correspondingly, there are also thousands of point-solutions. In a world of rapidly-evolving threats, the technical viability (life-span) of a point-solution is disturbingly limited to one to three years. The time it takes cybercriminals to outsmart a point-solution is only limited by their awareness of it. When solutions are on the market for several years, it’s safe to assume that creative hackers have already developed more sophisticated techniques. And in light of an anticipated decrease in new cyber security companies and solutions, that ultimately leaves tomorrow’s threats unresolved. Unfortunately, we are about to face a “deadly encounter” — fewer solutions in the market combined with smarter hackers. The outcome will be clear: more “successful” attacks that are increasingly destructive and entailing a significantly higher cost of damage to the victim organization.
4. Less “Autonomous” Security
More large-scale, sophisticated enterprises will acknowledge a growing need for external help. The tendency to keep security “inside” will be proven wrong and inefficient. We can see a significant increase in adoption of external services, mainly due to lack of human expertise. In fact, external security services are becoming more essential. As threats become more targeted, strategic and advanced, attacks turn into campaigns. Organizations, large as they may be, turn into components of a larger body – a sector, state, or even a target on a hit-list. For such organizations, surviving these threats autonomously are small to none. Service providers, on the other hand, have a huge inherent advantage – they can see a bigger picture.