We are accustomed to think that the evolution in cybersecurity is driven by the bad guys. This was indeed true in the past- the virus was invented in the 80’s and the counter-product, the anti-virus, was developed to mitigate it. Many more technologies and counter-measures followed: DOS/ DDoS and DDoS mitigation, web based attacks and Firewalls, and Malware and IPD/ IDS solutions.
But in the last couple of years an important trends has emerged. Cyber risk appear even without a malicious actor developing new tools. No, these risk now emerge from the technological evolution of our world. As more and more technologies are being developed, commercialized and integrated to the ordinary lives and business conduct, organization are exposed to more and more cyber risk which were simply unknown before.
This isn’t unique to the cybersecurity world, it’s happening all across the technology landscape. Analyst firm Gartner calls this trend “Digital Transformation” and predicts that “The future of business will be defined by how well companies, organizations, and governments leverage the technology to enable partner and customer engagement across a wide range of digitalis processes”.
Mobile is probably the best example – no mobile threats were in existence until the appearance of the first smartphone, a decade or so ago. It took some time for the smartphone revolution to grab a hold of the public, but once it did cybercriminal realized they had a new, unexploited goldmine ahead and started developing the tools to utilize it. A similar trend is happening with cloud storage and cloud applications, and it is very likely that it will affect the next big trend of IoT. New technologies which disrupt old businesses and older business model create opportunities for new businesses, but also for cybercriminals. One can predict that the next generation of Fintech solution – starting from Cryptocurrencies (such as block chain) and moving to peer-to-peer lending and crowdfunding platforms will also fall prey for cyber profit seekers. Even non-business areas will be deeply impacted by cyber risks, first and foremost the self-driving cars.
And just as the paradigm of technology has shifted, so does the mindset of organizations need to change. In order to survive these rapid changes organization need to look forward, create a digital road map and arm themselves with security tools to allow the safe manifestation of this vision – EVEN if the threats aren’t there yet. Implementing security mechanism once a new technology has been widely adopted is difficult and destined to fail (Ask anyone trying to kill shadow IT or impose stringent mobile use and security policies). The adoption of security needs to go hand in hand with the new technology, and preferably, integrated with it. There are security companies today which develop products for future threats. Organization must acknowledge this and identify how they too can prepare for the very ominous future. Firewalls and Antiviruses will do little to prevent tomorrow’s threats and that’s one prediction we can make with great certainty