The need for security, along with the idea that innovation is critical to counter the evolving threat landscape, will drive cyber security spending despite Covid-19’s economic impact. Companies worldwide are expected to spend $115bn on security in 2020, according to GlobalData figures.
Listed below are the key macroeconomic trends impacting the cybersecurity industry, as identified by GlobalData.
The Covid-19 pandemic has increased cyber risk significantly. Until a vaccine is available, businesses will have to factor in greater cyber risk. Attacks will continue to target the tools used by remote workers, including fake requests to reset VPN accounts, faked sign-in pages video conferencing accounts, or bogus incoming chat request from colleagues on corporate messaging systems.
From Russian interference in the 2016 US presidential elections to Cambridge Analytica and Facebook’s role in the UK’s Brexit referendum, there are international concerns about the impact of unwarranted cyber activity on democracy. Disinformation campaigns and deepfake technology are being used to influence public opinion, major transportation systems can be disrupted to prevent citizens from getting to the polls, and there have been attacks on voter registration databases.
The cyber skills shortage
According to international cyber security organisation (ICS)2, the current cyber security workforce gap in the US is nearly 500,000, and the global gap in November 2019 was over 4 million jobs. The types of jobs currently most in demand are forensics, cyber automation engineering, security operations centre (SOC) analysis, cloud network architecture, consulting in advanced threat solutions, and cyber security analysis, according to job vacancies posted on GlobalData’s Jobs Analytics database.
Psychology as part of security assessment
Psychology will be a focus for security during 2020, as companies attempt to understand how attackers and their staff think. Cyber attackers are usually at least one step ahead of those defending the enterprise. Understanding the psychology of attackers, from state-supported actors to individual troublemakers, may help organisations identify the weaknesses in their defences. Organisations typically use personality testing in recruitment, and the same tests could also be used to identify those most vulnerable to cyber threats.
Understanding people to deliver better security
On top of understanding attackers’ motivation, organisations such as the Royal Holloway University of London’s Information Security Group and the National Cyber Security Centre want to get a better understanding of employees’ perspectives on security. Adopting an approach that understands how people work is likely to help drive better-designed security technologies and practices that support people’s needs. This people-centric approach is backed by suppliers like Proofpoint, which advocates deploying a solution that gives users visibility into who, how, and why someone is being attacked, and whether they clicked on something.
Attacked companies are more likely to pay ransoms
An increasing number of organisations suffering ransomware attacks are deciding that paying up is their best policy. Previously, the FBI had insisted that paying ransoms emboldened criminals but, in 2019, it admitted that, faced with an inability to function, executives would consider all options in the face of an attack, including paying up. The challenge for the cyber security industry will be to reduce both the number of attacks and the number of organisations opting to pay the ransom.
Attacks on the rich and famous
The alleged hack of Amazon founder Jeff Bezos showed that even the very richest are not immune to sophisticated cyber attacks. The 2018 attack, apparently involving the WhatsApp messaging service, was reported to have spooked wealthy individuals into looking for bespoke personal cyber security services to protect themselves. With geopolitical tensions rising and more countries investing in cyber warfare, a growing service area is executive threat exposure reviews, which involves scanning the web for personal information that could find its way onto social media sites and be used in customised phishing attacks against wealthy individuals.
This is an edited extract from the Cybersecurity – Thematic Research report produced by GlobalData Thematic Research.