Just a week into the new year and Gartner’s prediction that information security spending will reach $93 billion in 2018 seems perhaps a big understatement. Even before the end of the 2017, many security experts suggested the number was on the low side of conservative. And that came before the report of a massive vulnerability to microprocessors with Spectre and Meltdown. Regardless of where the number ends up, with headlines like this one from CNN on January 5, 2018 – “The security of pretty much every computer on the planet has just gotten a lot worse” – makes a number over $100 billion seem more plausible. But, for the purposes of this blog we’ll use the $93 billion figure.
Even attributing a portion of the growth in spending to microprocessor vulnerabilities barely moves the needle toward $93 billion. From the same CNN article cited above, “It’s also about the evolving threat landscape and the need to adapt accordingly. Nathan Wenzler, Chief Security Strategist at AsTech, stressed, ‘If we watch how the trend of attacks has gone over the past several years, we see more and more criminals moving away from targeting servers and workstations, and toward applications and people. As an industry, we’ve gotten better and better about protecting devices, but now the focus has to turn to other assets, …. Essentially wherever the criminals go, corporate spending is soon to follow.’”
A healthy part of the growth will simply come from the shifting of how workers work – moving away from legacy attached hardware systems and services. Securing a BYOD workforce that relies on the cloud and SaaS requires a new set of protections which must be understood, vetted, budgeted/procured, implemented, tested and deployed.
Cisco’s October 31, 2017 ebook, “Protecting Endpoints Everywhere”, provides some insight into the changing dynamic of today’s workforce:
- 49% of the workforce is mobile
- 82% of corporate laptop users bypass VPNs
- 70% increase in SaaS usage in next 2 years
- 68% of workloads will be in public cloud data centers by 2020
- 69% of branch offices have direct-to-internet access
- 70% of successful breaches start on endpoint devices
Adding to these numbers, Gartner reports that 25% of all enterprise data traffic will bypass perimeter security and flow directly from mobile devices to the cloud. The implication being, those protections installed on network security systems will basically be bypassed, making the entire enterprise more vulnerable.
Darkreading, covering a recent Check Point survey reported, “… that 94% of security professionals anticipate actual mobile malware attacks to continue to increase, with nearly 66% doubting they can prevent them.” This is the same report that revealed, “Every business with BYOD and corporate mobile device users across the globe has been exposed to mobile malware, with an average of 54 attempts per company played out within a 12-month period ….”
With the rise of mobile enterprise users, thus the rise of mobile espionage – malicious actors seizing data through compromised smartphone microphones, cameras and RF signals that are used to track devices, and thus those carrying the devices.
A December 18, 2017 SC Media article, “How Can CISO’s Choose Among Limitless Security Options with a Limited Budget?” gives one security expert’s thoughts on how to evaluate enterprise current security measures before making decisions on implementing additional services, software and hardware.
What cybersecurity industry analysts might not be looking at, and thus didn’t include in their prediction is the vast rise in digital assistants, the threats they pose to corporate information and the dollars it will take to defend against them. And that leads to another number: $70 million. According to a recent Ad Age article, Amazon and Google paid a combined $70 million to advertise their in-home digital assistants between Thanksgiving week and December 26th of 2017. This was in addition to taking steep discounts on those products. A clear sign that understanding not just what people search for, but the mood they are in when they do it, who is in the room, and everything else a hot mic in your house can record is the new data currency of choice for companies who sell advertising. And while it may be easy to shrug this off as an at-home convenience, who among us doesn’t talk about work at home? I’m guessing that will be a statistic one day soon, too.