Information Security Investments for 2017
The latest Gartner report has estimated 2017 spend on cybersecurity to be $86 billion, with a trend towards an Opex cost model with a focus on outsourcing, consulting and implementation services. The industry trend away from Capex business model, with onsite / organisation-owned hardware, appears to have spread even to security services.
Due to growth and reorganisation, many organisations have incumbent legacy IT systems, which are difficult and expensive to protect. There appears to be the widespread concerted investment in IT transformation, which presents a major opportunity to re-align company networks and implement secure architecture from the design stage, which should place defenders on a more even keel for the infrastructure.
The report has also shown attackers are moving away from launching attacks on devices and targeting individuals and software. Indeed, the latter was precisely the targets of the WannaCry and NotPetya ransomware. Both attacks pose questions for traditional defence strategies which rely heavily on known signatures of illegitimate processes. To guard against these, cyber-defenders will require technologies that detect irregularities based on heuristic and self-educating “machine-learning” type algorithms, and recent cyber-attacks will likely to spur spending on these technologies.
Another driver for cybersecurity spend over the next year will be the forthcoming EU GDPR. For any organisation with a presence in, or working with data from citizens of the European Union, uncontrolled loss of data containing personal data (including profiling) will be subjected to fines of 20 million euros or 4% of annual global turnover, depending on the nature and scale of the transgression. With organisations operating to a “better safe than sorry” mentality, potential financial penalties of this scale will drive spend, specifically for Data Loss Prevention solutions and information classification services. However, these directed investments should reap rewards, plucking the low-
Dr Wendy Ng, CISSP, CCNP; 21st August 2017