The evolution to digital business strategies and an increased awareness of emerging cyber threats will boost global security spending by 8 percent in 2018 to reach $96.3 billion, research firm Gartner predicts. Yahoo’s recent shocking revelation that up to 3 billion user accounts were hacked in 2013 is a reminder to all organizations that security spending is a worthy investment.
“Overall, a large portion of security spending is driven by an organization’s reaction toward security breaches as more high-profile cyberattacks and data breaches affect organizations worldwide,” said Gartner research director Ruggero Contu.
Recent global cyberattacks such as WannaCry, NotPetya, and the Equifax breach have increased awareness among organizations of the importance of investing in cybersecurity. This is validated by Gartner’s 2016 security spending behavior survey which found that 53 percent of organizations cited risks as the number one driver for overall security spending.
The highest percentage of respondents said that a security breach is the main security risk influencing their security spending. As a result, Gartner predicts that security testing, IT outsourcing and security information event management (SIEM) will be among the fastest-growing security sub-segments driving growth in the infrastructure protection and security services segments.
Research firm Canalys found that cyber threats fueled 9 percent growth in global IT security spending in Q3 2017 to reach US$8 billion. Content security was the fastest-growing segment, with investment up 13 percent year on year, according to Canalys. Network security grew 8 percent, while security management increased by 5 percent.
“High-profile ranswomware attacks and increasingly sophisticated phishing techniques have proved the need for businesses to reinforce their IT security to safeguard data assets and ensure continuity of operation,” said Canalys research analyst Claudio Stahnke. “In 2018, as hackers intensify the use of AI [artificial intelligence], attacks will become more sophisticated.”
A recent report by Webroot found that more than 90 percent of cybersecurity professionals are worried that hackers will use artificial intelligence in cyberattacks against their company that are more sophisticated and difficult to detect. The report says 87 percent of US cybersecurity professionals said their companies are currently using AI as part of their cybersecurity strategy.
“There is no doubt about AI being the future of security as the sheer volume of threats is becoming very difficult to track by humans alone,” said Webroot CTO Hal Lonas. “We stress to organizations the importance of a contextual view of threats that also incorporates visibility and data points from networks, endpoints, and human threat researchers to derive the most accurate cyber risk assessment.”
Yahoo shocked the world in October this year when it revealed that up to 3 billion user accounts were hacked in 2013, tripling the number it said were affected by what was already the largest user data breach in history. The company previously said that up to 1 billion accounts were hacked in 2013, in addition to 500 million accounts being hacked in a separate incident in 2014.
Yahoo disclosed in December 2016 that 1.5 billion of its users’ accounts were hacked on two separate occasions. The stolen information included names, email addresses, phone numbers, birthdates, and security questions and answers. Yahoo claims that, following its acquisition by Verizon in June, it obtained new intelligence while investigating the breach with the help of outside forensic experts.
The information stolen did not include passwords in clear text payment, credit card data or bank account information, Yahoo said. It had already required users to change their passwords and invalidate security questions so that the hackers couldn't enter their accounts. Yahoo was forced to slash the price of its core internet business in the sale to Verizon by $350 million.
The massive Yahoo data breaches have highlighted the importance of protecting data – not only for an organization’s customers but also its own data. For example, in late November, Uber CEO Dara Khosrowshahi quietly revealed that the ride-sharing company had suffered an internal data breach in 2016, and paid the hackers $100,000 to cover it up.
Khosrowshahi said in a blog post that outside forensic experts did not think that rider’s credit card details, bank account information or social security information had been stolen. However, the hackers did gain access to the names and drivers licenses of around 600,000 Uber drivers. “None of this should have happened, and I will not make excuses for it,” said Khosrowshahi.
The most troubling aspect of the incident seems to be the lack of transparency from the company, the same way Yahoo caused distrust for not being more frank about how many of its users accounts had been compromised. These are the sort of incidents that organizations want to avoid by investing more in cybersecurity.
Gartner forecasts that by 2020, more than 60 percent of organizations will invest in multiple data security tools such as data loss prevention, encryption and data-centric audit and protections tools, up from approximately 35 percent today, which is likely driven by fear of suffering similar incidents to Yahoo and Uber.
Due to the technical complexity and threat landscape of cybersecurity today, combined with skills shortages, Gartner predicts that the industry will be driven by automation and outsourcing. Mr. Contu points out that skills are “scarce” and therefore “remain at a premium, leading organizations to seek external help from security consultants, managed security service providers and outsourcers.”
By 2019, total enterprise spending on security outsourcing services will be 75 percent of the spending on security software and hardware products, up from 63 percent in 2016, Gartner predicts. Enterprise security budgets are also shifting towards detection and response, and this trend will drive security market growth in the next five years.
“This increased focus on detection and response to security incidents has enabled technologies such as endpoint detection and response, and user entity and behavior analytics, to disrupt traditional markets such as endpoint protection platforms and SIEM,” said Mr. Contu.
An endpoint protection platform is a solution deployed on endpoint devices to prevent file-based malware attacks, detect malicious activity, and provide the investigation and remediation capabilities needed to respond to dynamic security incidents and alerts.
Gartner’s online glossary says the “inclusion of artificial intelligence and human-driven managed services such as managed threat hunting — lowering the barrier to entry for more advanced capabilities — will increase over the next 18 months.” It adds, “Deception capabilities, intended to trick adversaries into revealing their presence by accessing fake services or planted files, or by using planted credentials, are emerging.”
In August, Tech Republic reported that researchers created an AI that could modify malware to bypass machine learning anti-virus software. Ultimately, AI has proven to be both a benefit and a threat on the cybersecurity front. While the technology can assist organizations in filling cybersecurity skills gaps and safeguard data, it also gives hackers a new tool for attack.