In business, you’ve got to be able to predict the future. But rather than juggling a crystal ball, deduct from what you already know. Leaders should scan the horizon for innovation and think through the consequences for their customers’ expectations and lives. And with technological change always comes information security challenges.
I’ve been keeping my eye on a number of developments I believe will change IT security as we know it, in the year ahead. Look into these five innovations and their implications for your business.
1. New data sources will raise new privacy concerns
Tech giants just keep seeking more of customers’ personal data. At the end of 2019, Google announced plans to acquire health tracking company Fitbit, and a partnership with Ascension, a healthcare records system used in 21 US states. Apple and Amazon have made similar moves toward customer’s health data. Other companies of all sizes will take a similar path to track customers’ habits and preferences.
The sources of customer data will keep getting more diverse. One autonomous car could generate 40 terabytes of data for every eight hours of driving.
What does this mean for business? Headline-grabbing examples like these mean activists and broader society will pay ever-closer attention to how data is handled. Expect increasingly stricter government regulation on data use.
2. Cybersecurity will move to a service model
Many companies who’ve handled some cybersecurity in house are now looking to outsource, because it’s faster and cheaper, and they get a better overall service.
Some IT vendors have already changed their offers from licenses to services. A license gives a customer a tool to solve a problem while the service actually solves their problem.
The market for managed services might almost double by 2023. It’s a competitive landscape. Service providers will need to distinguish themselves by providing more specific cybersecurity services, where expertise is crucial. According to a recent Kaspersky survey, 74 percent of managed service providers named cybersecurity expertise as a key client need.
And for business? Information security vendors must adapt their intelligence and expertise to a service model. Simplify delivery as services rather than products, through managed service providers.
3. Industrial cyberattacks will change cybersecurity expertise
Industrial cybersecurity is now moving fast. It’s all about letting organizations protect industrial endpoints as they would corporate ones. In 2019, four in five industrial organizations said they were prioritizing managing operational technology (OT) and Industrial Control System (ICS) network cyber risks in the year ahead. This emphasis will help build industrial protection expertise. We need more people who understand vulnerabilities in equipment and the Internet of Things (IoT).
More industry and manufacturers will use smart components and entire IoT platforms to improve efficiency, such as smart meters, predictive maintenance and digital twins.
What should business do? The focus should be on identifying vulnerabilities in industrial equipment, and patching them fast. If you’re responsible for systems critical to your industry, consider advanced threat detection and response systems, and look for industrial threats expertise.
Identify what smart components you’re using and make sure they’re protected.
4. Machine Learning will need its own cyberattack protection
Businesses are using machine learning and artificial intelligence systems more, because they can expand product and service use, from finance and banking, to manufacture and biometric authentication. Their security will be strategically important.
They’re also popular targets for compromise attempts, including using adversarial techniques meant to spoil machine learning algorithms. For example, bombarding an algorithm with data that may appear clean, but includes deviations too small to detect a bad sample, gradually erasing a once-clear line between clean and harmful files, triggering false positives.
What should you do? Protect machine learning-driven systems from compromise with dedicated experts who understand machine learning and adversarial techniques, and can build cyber protection for each case.
The same applies to cybersecurity systems that use machine learning for attack detection and response. Review these systems for vulnerability.
5. Businesses will need new ways to innovate
Many tech companies innovate by acquiring start-ups. Cloud infrastructure developer VMware acquires start-ups and integrates their technology with existing products. They have a team that looks for innovations that could be useful. This approach demands resources and expertise, and it’s only relevant when a company constantly seeks fresh blood.
On the other hand, companies that sometimes need highly specialized innovations, but don’t have internal resources to search for or nurture start-ups, will look to outsource the search and selection process to a third party with the right expertise. Third parties build a shortlist. You get to choose the best-fit start-up and how you’ll interact.
What should your business do? Those companies that adopt new technologies first can better attract customers and oust the competition by providing convenient, tailored services and products. But to get the most out of new projects, make sure there are no hidden risks.
These five factors should give you a starting place to look in your industry for what could be about to re-shape the cybersecurity you know. There may be further niche trends that matter in your unique field. A business that’s always thinking ahead is one that can use that the inevitability of change to its advantage.
This article was published in February, 2020.