Thematic Research: Cybersecurity (2020)

As technology develops, from mobile to cloud to the IoT, the level of complexity needed for organizations to maintain a cyber-aware stance also increases. Delivering a secure environment for a variety of mobile devices accessing corporate networks at any time is a world away from old intra-office systems. Now the default position is that systems are mobile, with significant security implications.

A complex cloud ecosystem, if not managed effectively, can lead to security risks and the exposure of sensitive data. A growing number of cyberattacks on organizations’ public clouds has led to the creation of cloud security posture management (CSPM) solutions, designed to better configure those clouds. CSPM tools and services can help prevent attacks by validating permissions, identifying incorrect cloud configurations, and spotting errors in the management of encryption keys.

Key findings discussed in the report include:

• Technology briefing: CSPM tools enable organizations to identify and remediate cloud security risks. DevSecOps introduces security earlier in the lifecycle of application development

• Macroeconomic trends: Election security, psychology as part of security assessment

• Regulatory trends: US federal plan will drive more government cyber spending, Cyber bills pass through US Congress

• A need for vigilance and resilience: The third wave of cybersecurity is epitomized by a spaghetti-like array of assets that include traditional infrastructure, applications, managed and unmanaged endpoints, the IoT, and cloud services, with each targetable by several attack methods

• Predictive risk assessments: The latest wave of innovation involves the adoption of a more proactive defensive approach, using machine learning and AI to discover and analyze the growing landscape for attacks

• AI technologies are changing cybersecurity: AI and ML technologies improve threat intelligence, prediction, and protection. They also enable faster attack detection and response, while reducing the need for human cybersecurity specialists

• The rise of ransomware: In ransomware as a service, someone with limited technology skills can either buy an exploit kit to help them create software, or they can approach ransomware authors who will take a percentage of a ransomware payment

• Operational technology and critical national infrastructure attacks: The ease with which the gas compression plant was attacked highlights the damage that can be caused by a successful attack on industrial control systems (ICS) and SCADA within CNI

• Cybercrime a global affair: Countries most commonly associated with cybercrime include Russia, China, and Iran

• Solving the cyber skills shortage: One of the biggest challenges facing the cybersecurity industry is a worldwide skills shortage, which makes recruiting cybersecurity experts extremely difficult

Inside coverage:

• Players

• Technology briefing

• Trends

• Industry analysis

• Value chain

• Companies

• Sector scorecards

• Glossary

• Further reading

• Thematic methodology

GlobalData, uses a scorecard approach to predict tomorrow’s leading companies within each sector. Our sector scorecards have three screens: a thematic screen, a valuation screen, and a risk screen. Cybersecurity is a theme that impacts many of the 17 technology, media, and telecom (TMT) sectors we cover. In this report, we discuss the impact of cybersecurity on the enterprise security and IT services sectors.