It was Black Hat Europe time again this week. For anyone in any doubt about the scale of the cybersecurity challenge facing organisations today, I’d encourage them to read up on the latest insights into forward-looking threats. What you will find out may be rather unnerving.
The good news for the channel, however, is that organisations appear to be responding to these challenges, in part thanks to the regulatory drivers of GDPR and NIS Directive compliance. CONTEXT data reveals that enterprise security revenues for IT distributors in the first ten months of 2018 were up 10.1% year-on-year.
As the name implies, Black Hat Europe is unremittingly tech-centric: a show by and for cybersecurity professionals. But the very fact that it’s able to fill out a large part of the cavernous ExCel every year, and hold sold-out events in the US and Asia, is testament to how far the security industry has come since the show’s inception in 1997. In their opening keynotes, Black Hat founder, Jeff Moss, and Marina Kaljurand, chair of the Global Commission on the Stability of Cyberspace, echoed these sentiments. No-one was talking about cybersecurity in 2004, she said, but 14 years later it’s very much at the centre of governments’ national security plans and corporate risk management.
This has been driven in part thanks to a steady stream of major cyber-attacks and breaches over the years: originating from both nation state operatives and financially motivated cybercrime gangs. Most recently, incidents affecting half a billion Marriott International customers and 100 million Quora users have hit the headlines. The former could be on the receiving end of a major GDPR fine.
As CONTEXT noted a fortnight ago, the data protection legislation will continue to be the biggest single driver for increased security spending in the months to come. We can also expect a bump in spending after the first major fines are issued. So far, just one regulator has imposed a financial penalty, when €20,000 was levied against German chat app operator Knuddels. This is likely to change soon. Although it has garnered less publicity, the NIS Directive is also important: maximum possible fines levied under the regime go as high as the GDPR. We can therefore also expect to see firms in certain critical infrastructure sectors like water, healthcare, and transport to increase spending.
Where is spending targeted?
In the meantime, we noted growth in IT distribution revenues across all major cybersecurity categories. The biggest came in data protection and recovery products (62%), albeit from a much smaller base. Endpoint security (11%) and enterprise network security (6%) spending accounted for most sales. These are likely to continue to increase going forward as organisations look to get ahead of current threats and stay compliant.
The growth of the Internet of Things (IoT) will help to drive this spending, as security teams look to gain visibility and control over an expanding number of smart endpoints. Research from Trend Micro at Black Hat highlighted serious vulnerabilities and security shortcomings associated with two of the most common M2M protocols, MQTT and CoAP. Over just a fourth-month period the researchers claim these channels exposed over 219 million messages globally, putting firms at risk from targeted attacks, industrial espionage and DoS.
To manage this kind of risk effectively going forward, security bosses will need to make the right investment decisions to support a comprehensive security strategy fit for the new regulatory regime.