When looking at the cyber technology market over the past 15 years, it is evident that the catalyst for cyber evolution was Y2K. Prior to the Y2K frenzy, “cybersecurity” was masked in the systems engineering function, and external threats consisted of hackers looking to leverage free computing capabilities with very little focus on information/data access or network destruction. Malware existed, but it was more of an annoyance than a method of system compromise. Remediation focused primarily on increasing authentication capabilities and included multi-factor authentication, enhanced password policies and encryption as organizations attempted to protect their infrastructure from being oversubscribed. Things changed when the Y2K problem became evident.
According to a Department of Commerce estimate, the nation’s private and public sector organizations spent $100 billion to address the issues with Y2K. Y2K preparations focused on the availability of systems, ensuring mis-coded applications didn’t cause the electricity to fail or bank accounts to disappear. The emergence of new tools and technologies designed specifically for cybersecurity purposes hit the market during this time, providing a feature set needed for a robust security operations program.
Y2K also helped shape the Security Information and Event Management (SIEM) market as vendors started to produce and sell applications that collected and collated events across all systems in a network. In addition, it brought firewalls and anti-virus software to the forefront as organizations aimed to prevent the anticipated spread of malware across what was expected to be significantly vulnerable systems. Ultimately, the thought process was to provide a shield of protection to keep the bad guys outside the network “walls.”
After Y2K came and went, security programs became less focused. Each vertical began looking at attributes that posed the greatest risk or had the most potential impact to their specific industry, and compliance regulations followed on the heels of this trend. In the commercial and healthcare world, the focus was on confidentiality as seen by the establishment of the Payment Card Industry Data Security Standard (PCI DSS) and the continued focus on the Health Insurance Portability and Accountability Act (HIPAA). Concerned with integrity, the financial sector enacted the Sarbanes–Oxley Act while the government, defense and critical infrastructure organizations primarily focused on availability. This all resulted in the market separating their network and system resources and applying differing levels of control to each. The security boundary was redefined, almost fragmented, with technologies being assigned to individual systems as opposed to organization-wide.
As the threat environment advanced, so too did security practitioners, becoming more mature in their processes and toolkits. New technologies hit the scene to help manage malware cohesively without being deployed on every IP-enabled device. The introduction and growth of security testing and vulnerability management tools also became more prevalent. At the same time, organizations engaged ethical hackers to take a proactive approach to understanding their vulnerabilities. By incorporating penetration testing into their security programs, organizations benefited from a comprehensive look at potential attack vectors and threat scenarios impacting their IT environments.
Now, organizations are faced with the complexity and diversity of mobile devices and applications that must connect to the network. The Internet of Things (IoT) is once again redefining the cybersecurity market and the boundaries that organizations must defend. With far too many endpoints to attempt to secure at the device level, organizations are moving towards an intelligence-driven approach to security. Patching and targeted vulnerability remediation is being complemented with a focus on analyzing the vast amounts of data that is ingested by cyber tools and technologies (i.e. big data analytics). The goal of big data analytics is to understand trends and patterns to reveal larger threats to corporate data including the insider threat. This transition will also result in additional specialized solutions to identify and mitigate risks at the data and application layer. Importantly, it will promote new solutions that map the data traffic flow and others that will serve as a security orchestrator – blocking threats and attacks holistically as opposed to focusing on individual instances. The new holistic security solutions are going to turn what was an afterthought 15 years ago into a full-blown differentiator for organizations. Cybersecurity is going to support the business instead of limit it.
The evolution of cybersecurity technologies and approaches has come a long way since Y2K. In that time, cybersecurity has grown from a basic systems administration function to one of the largest sectors in IT. In fact, an April 2014 MarketsandMarkets research report estimated the global cybersecurity market will be worth $155.74 billion by 2019. The cybersecurity requirements to address the challenges associated with the IoT only support the continued growth of the market segment and the availability of new and emerging tools and technologies. It’s going to be an interesting ride.