Cybersecurity is vital. As technology develops, from mobile to cloud to the IoT, the level of complexity needed for organisations to maintain a cyber-aware stance also increases. Delivering a secure environment for a variety of mobile devices accessing corporate networks at any time is a world away from old intra-office systems. Now the default position is that systems are mobile, with significant security implications.

Listed below are the key issues and technology trends impacting the cybersecurity industry, as identified by GlobalData.

AI malware threats

AI plays a key role in defending against cyberattacks, but a growing concern is the prospect of AI being used offensively within malware. Non-AI malware such as WannaCry and NotPetya created havoc well beyond their original targets, and an AI-based malware attack on critical national infrastructure could be catastrophic. Hackers have already started using AI to accelerate malware. Future AI techniques could allow hackers to bypass facial security and spam filters, promote fake voice commands, and bypass anomaly detection engines. Criminals mask their activities from security tools by blending in and posing as real users in the targeted organisation’s network, using stolen credentials, and running legitimate tools to dig through victim’s systems and data.

Converged risk

The manufacturing industry and power plants are being threatened by the convergence of operational technology (OT) and information technology (IT). Both were once separate networks, and the security risk was lower. Now, the facilitation of data exchange between the two networks offers greater business benefits but introduces significant risk. Many IT and OT-related networks handle critical national infrastructure and the impact of a breach, resulting from immature IoT technology, would be significant.

The cost of data breaches

The cost of data breaches continues to rise, and many affected organisations are unaware of the ultimate cost. Canadian financial services group Desjardins said the cost to it of a data breach in 2019 was $108m. Also in 2019, British Airways was fined £183m ($236m) by the UK Information Commissioner’s Office (ICO) over a General Data Protection Regulation (GDPR) breach, which saw details of about 500,000 customers harvested by attackers. In May 2020, easyJet admitted a cyberattack had affected approximately nine million customers.

XSS attacks

Cross-site scripting (XSS) was a prime cyberattack method in 2019. XSS, in which an attacker aims to execute malicious scripts in a victim’s web browser, made up nearly 40% of all attacks logged by security researchers, with 75% of large companies across Europe and North America targeted during the year. There are three main ways to protect against XSS: sanitising user input such as Get requests and cookies, validating user input, and utilisation of a content security policy that helps define rules to block malicious content by only allowing particular kinds of content from safe sources.

The end of passwords?

Apple’s decision to join the Fast Identity Online (FIDO) Alliance in February 2020 may help reduce the use of passwords. The addition of Apple means that all the main platform providers (including Amazon, Facebook, Google, and Microsoft) are now members of the alliance. FIDO hopes to address the problems associated with passwords by providing a set of standards for simple, yet strong, authentication.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Verdict.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Supply chain breaches

A 2019 report from VMware Carbon Black claimed that 50% of attacks adopt a technique called island hopping, in which they target not only the main organisation but also the networks of any other organisation in that company’s supply chain. Supply chain attacks are increasing, with the hacking group collective Magecart increasingly involved. Online shopping cart systems, notably the Magento platform, have been targeted by groups stealing customer payment card information.

CISOs must know their business better

Cyberattacks by activists are helping drive a sea change in CISOs’ relations with their companies’ senior executives. The increase in activist attacks has direct implications for CISOs because they are regarded internally as being too reactive and compliance-driven, and not sufficiently involved in developing their businesses’ growth objectives. According to EY’s Global Board Risk Survey, only 20% of boards are confident that the cybersecurity team is effective. The CISO and the cybersecurity team must have a deeper understanding of the business environment and be better business-aligned, both to win the confidence of boards and to secure the resources needed to protect their company.

Zero trust cybersecurity

Many chief information officers (CIOs) accept that old-style perimeter-based security architectures are insufficient to defend against attacks in which cybercriminals exploit security gaps to gain the access rights of an administrator or privileged user. Adopting a zero trust environment can be a critical defence against such targeted attacks. Google took six years to migrate its staff to a zero trust framework. For the time being, firms will continue to use VPNs, especially with many employees working from home in response to COVID-19.

Staged payloads

Malware authors are starting to pack and build their attack payloads in such a way as to evade AI defences. Attackers have begun packing larger samples with a significant amount of commodity libraries and benign code, accompanied by a tiny percentage – sometimes less than 1% – of malicious payload, or code with malicious intent. The intention is to bias the package by including so much benign code or common software that an ML algorithm will let it through.

This is an edited extract from the Cybersecurity – Thematic Research report produced by GlobalData Thematic Research.