Cybersecurity is vital for businesses’ survival. Maintaining the security of IT systems is a constant struggle for organisations of all types. Cyberattacks are frequent and increasingly complex, perpetrated by those furthering a geopolitical cause or attackers intent on making money. State-sponsored attacks are a significant risk. No one – not even security providers themselves – is safe from attack.
Companies manage an array of assets, including infrastructure, applications, managed and unmanaged endpoints, mobile devices, and cloud services. Cybercriminals threaten all these assets. New vulnerabilities are uncovered all the time, and there is also the worry of an insider attack.
Cyberattacks outpace societies’ ability to fight back
Cybersecurity is growing increasingly important for businesses. In a little over a decade, cybercrime has moved from being a specialist crime to one of the most significant strategic risks facing the world today, according to the World Economic Forum (WEF) Global Risks Report. The 2022 report warns that a growing dependency on digital systems, intensified by Covid-19, has altered societies. Largely due to the pandemic, industries have undergone rapid digitalisation. Cybersecurity threats are growing at the same time. In 2020, malware and ransomware attacks increased by 358% and 435%, respectively. Aggressors are also outpacing societies’ ability to prevent or respond to them effectively, according to the WEF.
Several factors exacerbate this trend. Lower barriers to entry for cyberthreat actors, more aggressive attack methods, a dearth of cybersecurity professionals, and patchwork governance mechanisms aggravate the risk. Cyberattacks, particularly those involving ransomware, have become even more financially motivated, multi-layered and daring. In addition, the large-scale shift to remote working caused by the coronavirus crisis has transformed the cybersecurity landscape and businesses must take note.
Cybersecurity threats evolve constantly
The need for cybersecurity has grown since early 2020. The pandemic and a move to remote working, with countless subsequent cyberattacks, was followed by a series of extensive supply chain and ransomware attacks in 2021. Darkside’s attack on fuel group Colonial Pipeline, which caused gas shortages and price spikes, is one example. The attack on meat supplier JBS, which saw it make an $11m ransom, is another.
Since January 2022, the focus has been on nation-state cybersecurity with questions over what role cyber warfare would play in the Russia-Ukraine conflict and whether there would be any cyber-retaliation by Russia against the West for its support of Ukraine. These issues have heightened security awareness by both enterprises and nation-states and will lead to increased security spending.
Microsoft and Google led the cybersecurity M&A boom in 2021
Enterprises have taken note of the skyrocketing risks. The looming dangers have sparked an M&A boom in the tech sector in 2021. Most cybersecurity M&A deals in 2021 were related to managed security services, network security, endpoint security, identity management, and cloud security. Microsoft, which bought cloud infrastructure company CloudKnox, threat intelligence and attack service management firm RiskIQ, and internet of things security company ReFirm Labs, was one of the leading acquirers in 2021. Google added to its security capabilities by buying Mandiant (formerly FireEye) for $5.4bn in March 2022, not long after purchasing threat detection firm Siemplify.
Zero-trust security models provide a long-term solution
Moving to a zero-trust security model as a long-term solution to data breaches will drive strong security growth over the next three years. In a zero-trust world, only authorised individuals can access selected applications. The underlying principle is that no implicit trust is granted to you as a user just because you are behind the corporate firewall. Zero trust recognises that trust is a vulnerability. Once on the network, users, including attackers, can move laterally and access or exfiltrate data. However, implementing zero trust takes time. It took Google five years to complete its adoption of a zero-trust architecture. In 2021, the Biden administration in the US introduced a roadmap for government agencies to deploy zero trust by the end of the 2024 fiscal year.
Innovation will be needed to counter the continuously evolving cyberthreat landscape that includes the fallout from the Ukraine-Russia conflict. According to GlobalData estimates, the global cybersecurity industry will grow from $125.5bn in 2020 to $198.0bn in 2025 at a compound annual growth rate of 9.5%.
GlobalData is the parent company of Verdict and its sister publications.