13 trends in the cybersecurity and information security market 2019-2020

Hello everyone, my name is Alexander Dvoryansky, I am the commercial director of the Infosekurity company. Today we will look at the main trends and vectors of cyber security development, both global and Russian, which in my opinion will be relevant in the near future.

If we translate all encyclopedic kilometer definitions into a concise and clear definition for everyone, then, as banal as it may sound, cybersecurity is countering emerging dangers, and it is based, of course, on protecting and preventing hacker attacks.

Thus, cybersecurity trends are directly related to the goals and objectives of the attackers. We will consider them now.

From the point of view of focus, still, hacker attacks are directed at large companies, including state-funded, industrial systems and other critical infrastructures. But in addition to large-scale targets, hackers are quite interested in “smaller fish”: routers and other network equipment, IoT devices, and hardware vulnerabilities (like Specter and Meltdown).

At the same time, I would like to separately note the attacks made through the so-called supply chain. In fact, the first thing you do is to hack your trusted counterparties, and then, on their behalf, you will receive some attachment with a cryptographer.

Thus, the trend number 1 - building defense of the most vulnerable and the most "tidbits."

Now consider the other side of the coin, that is, the main purpose of hacking. Here are the following points:

  • Withdrawal of funds (including from ATMs);
  • Various extortionists (wipers / cryptographers);
  • Hidden mining;
  • Theft of data for resale;
  • Industrial espionage.

Consequently, the trend number 2 - actions to prevent financial damage, disruption of the life of the organization and the disclosure of confidential information.

Separate trend (we have the number 3), is gaining momentum, is the use of data that are in the public domain.

“Brad!” You say. "But no," I will answer you.

Without even noticing, the specialists of the companies leave various data about themselves, their internal domains, credentials, logins, password on the Internet. So, we repeatedly found on public resources like github and pastebin , similar sensitive information. Without a doubt, hackers will gladly use it.

And now let's deal with the reverse side: how we will defend ourselves and what is fashionable now.

Trend number 4. SOC, including cloud, and claudization

On the Russian market, SOC is not talking about lazy right now. For developers, this is a deep market; for customers, it is an opportunity to qualitatively increase the overall level of information security of a company and to build a comprehensive, layered defense.

More and more market participants are giving their preference to the service model of connecting to the monitoring and event management centers of information security, or they will do it in the next 2 years, rather than taking up building their own. This is primarily due to the significantly lower cost of the solution and a faster return on investment. Also, the customer does not need to form and maintain a team of analysts, who, by the way, are very expensive today.

In turn, the players of the Russian market of monitoring events of information security are increasingly resorting to the exchange of experience of their colleagues from around the world. This is confirmed by the accreditation of several companies by the Carnegie Malone Institute's CERT professional community, some of them even belong to the international community of information security response centers: FIRST.

The next trend in the account (No. 5), but not by value, are services based on the MSSP model (Managed Security Service Provider)

More and more large and medium-sized organizations are discovering managed services provided by service providers in providing information security services on a commercial basis.

What is the value for customers and why is the near future behind MSSP?

Firstly, this is a reduction in costs, since there is no need to buy specialized software and equipment, besides, payment is made solely for the services actually rendered to the client.

Secondly, services are provided by professionals who, based on their own experience, will help you quickly and competently respond to incidents and cope with other difficulties.
You, in turn, have to concentrate on the main business and forget about information security, or, if you will, only control and optimize the services provided by the service provider.

In Russia, the MSSP is just beginning to gain momentum, although, of course, it’s still far from world figures. More and more customers are beginning to trust service providers, outsource key IT and information security processes.

Moving on. The sixth trend and, probably, the most predictable - KII and GOSPKA

On January 1, 2018, the Law on the Security of Critical Information Infrastructure (hereinafter referred to as the Law) entered into force in our country. Starting in 2013, at the project stage, this law was vigorously discussed by the information security community and raised many questions regarding the practical implementation of the requirements put forward by it. Now that these requirements have come into force, and all the subjects of the CII have been faced with the burning need to fulfill them, here is a more or less unified algorithm of actions.

By law, KII subjects must:

  • to carry out categorization of KII objects;
  • to ensure integration (embedding) into the State System for the Detection, Prevention, and Elimination of the Consequences of Computer Attacks on the Information Resources of the Russian Federation (GOSOPKA);
  • take organizational and technical measures to ensure the safety of CII facilities.

And the connection to the State Bureau of Emergency Situations requires the following entities from the KII:

  • inform about the computer incidents of the FSB of Russia, as well as the Central Bank of the Russian Federation, if the organization operates in the banking sector and other areas of the financial market;
  • assist the FSB of Russia in detecting, preventing and eliminating the consequences of computer attacks, establishing the causes and conditions for the occurrence of computer incidents.

In addition, according to an individual decision of the subject of the KII, the GOSPKA equipment can be placed on the territory of the KII facility. But in such a model, the subject is additionally obliged to ensure its safety and uninterrupted functioning. In other words, the subject of the KII can be organized by its own center of the State SOGPKA.

Conclusion, if you are a subject of the CII, no matter what class, you are obliged to report all incidents to the State BARS. The punishment for non-fulfillment or inadequate fulfillment of the requirements of the legislation is severe down to criminal. Therefore, all subjects of the CII, state, commercial, including the individual entrepreneur (if he suddenly provides such services) must and will take measures to comply with the requirements of the law.

Trend number 7 for the next couple of years - cyber risk insurance

In general, the cyber risk insurance market is now only developing, but by 2023, according to experts, the size of insurance premiums in the Russian market will be 1 billion rubles.

An important factor in terms of deciding in favor of cyber risk insurance is government policy on this issue. For example, the Ministry of Finance issued a letter, according to which it allowed organizations to take cyber-attacks as a expense, thereby reducing the basis for calculating income tax, but for this it is necessary to report an attack to law enforcement agencies, which, if there is an expert opinion, should initiate a criminal . However, in case of refusal to initiate a criminal case for any reason, it will not be possible to reduce the tax base.

Consequently, any attack by intruders in this case will incur not only financial losses for organizations, but also additional reputational risks. And customers and contractors will be able to make the appropriate conclusion about the reliability of the organization.

At the same time, the use of a cyber risk insurance policy, on the contrary, demonstrates the desire of the organization to protect and protect clients from the actions of intruders.

I want to emphasize that preventive measures to organize data security are still the most logical and effective tool for reducing the likelihood and possible damage from cyber attacks.

Another predictable trend, and he is already number 8 - biometrics.

On July 1, 2018, the Law No. 482-FZ on Biometric Identification of Citizens entered into force in Russia, providing for the creation of a unified database of biometric data for all residents of the country. Consequently, all organizations, one way or another related to this law, will need to provide reception, storage, and most importantly secure transmission of user biometric data with the help of specialized hardware and software complex.

At this stage, the introduction of the biometric system will significantly simplify the life of bank customers by simplifying the process of processing financial products. Now, to determine the identity of the client, it is not necessary to require a passport - it is enough to match the voice and the person with the records in the database. A bank customer can arrange any of his products - for example, a deposit or a loan - at any time and in any place by telephone or online banking. Banking services will become more accessible to people from remote regions, where the choice of banks is limited or completely absent.

And banks, in turn, connected to the EBU will help to meet the requirements of the legislation, in terms of the security of the data transmitted and received from the Unified biometric system.

Trend # 9. Learning and raising information security awareness

Raising awareness is not only the direction of information security, but also one of its eternal trends. If a company does not teach its employees the rules of information security, a violation of these rules is almost inevitable: even the most conscientious employee cannot observe what he does not know. Plus, in recent decades, fraudsters who want to get valuable data are actively using social engineering. During attacks of this kind, a person is manipulated, parasitic on his weaknesses - curiosity, gullibility, fear of sanctions from the authorities.

Complex technical solutions recede into the background: why waste time and energy on developing a virus, trojan or spyware, if a person himself can give you all the necessary information? It is clear that in the light of this trend, learning becomes just an indispensable means of protection.

If a company wants to make training of its employees effective, it needs to conduct it regularly and make sure that it is interesting. If with the first everything is usually not bad, then with the second most often problems arise. This is where trends within awareness raising come to the rescue. It:

  • The emphasis on distance learning - training materials can be viewed on different types of devices at a convenient time for employees;
  • Personalization - preparation of different materials for different target audiences;
  • Microtraining - giving training information in small blocks and fixing each block with practical tasks;
  • Gamification - adding game elements to training (rewards and achievements, gradual complication of tasks, use of fascinating plots and characters).

Next, the 10th trend - the security of the Internet of Things

The threat to the security of IoT devices was seriously talked about back in 2016, after a massive DDoS attack by the Mirai botnet, which included hundreds of thousands of infected devices.

The ability to organize a botnet of this scale is associated with a low level of security for such devices: in many, in addition to the initially weak passwords by default, there are also critical vulnerabilities.

The list of types of devices is constantly updated: home routers and webcams, various sensors and components of a smart home, medical and industrial equipment.
In recent years, interest in software vulnerabilities has also increased.

Since every year the number of equipment connected to the Internet, only increases, we predict an increase in the number of incidents related to this area.

Next trend number 11, which can not be ignored in terms of product development in cybersecurity.

Already, automation of security processes and routine operations is launched, response to cyber incidents and detection occurs at the end points.

Companies use corporate Honeypot, i.e. fake website / resource, leaving the hacker site to be torn apart by hackers. And as part of the usual information security products, machine learning modules are already used. But toli will still be.

Speaking of Machine Learning, this is also one of the trends in cybersecurity - in our list number 12.

Machine learning has been used in the vendor environment for a long time, allowing for more flexible and adaptive threat detection techniques.

Currently, there are trends to increase this competence, not only on the side of the defenders, but also among hackers.

Basically, attackers use machine learning to develop malware that bypasses signature-based detection methods, create phishing emails that are virtually indistinguishable from regular mail correspondence, and also search for vulnerabilities in application code.

Do not forget that machine learning can be used from the point of view of working with company algorithms. As soon as the scammers will have an understanding of how the algorithm was trained, they will immediately have leverage to manipulate them.

Well, the final, 13th trend is a comprehensive work to identify and protect businesses from threats.

Here we will focus on monitoring the information space, monitoring publications and references to organizations and its representatives, as well as brand protection.

Currently, black PR and fraudulent schemes are increasingly moving into the information field, which is accessible to all.

By releasing a certain kind of information about a company or an individual, its attackers pursue several goals:

  • Marketing (image), namely the loss of business reputation, as a result of customer care and lost profits. For Internet companies, even a partial loss of reputation and customers, a negative information background runs the risk of substantial bankruptcy.
  • Financial - a real loss of money due to phishing and information attacks. Selling sensitive information to competitors or intruders is also at the forefront.
  • Personnel - the disloyalty of staff or luring competitors.

Given the above, there is a need to monitor the information space, control the illegitimate use of the company's brand, search and verify negative reviews, as well as monitor confidential information for leaks, in general, protect the business.

And what are the trends in the near future of cyber security? Perhaps together we can expand this list.

Also popular now: