- Increase in attacks’ complexity and methodologies:
Creativity and evolvement on the offensive side has proved to be much faster (than defense). In fact, we learn that any progress made by cyber security solutions, has direct significant “positive” effect on attack techniques and offensive methods. We can say that appx. any 10% progress on the defensive side, at the same time, cause the attackers to improve by 20%. Reason for that is the nature of point solutions, that solves one problem, but at the same time provides great motivation for the attackers to develop a more destructive (and sophisticated) attacks.
- Less solutions – less defense:
After very-busy years of cyber security investments, new initiatives, thousands of new companies and developments – investors are more cautious when examining new, young companies. At the same time, organizations realize they can’t buy infinite numbers of products. Hence, we expect to see less solutions, and therefore, less defense.
- Higher cost of damage:
While there are thousands of cyber-security companies, the fact is, that there are thousands of point-solutions. In a world of super-fast-evolving threats, the technical viability (life-span) of a point-solution is disturbingly limited to 1-3 years. The time it takes to the offensive-community to outsmart a point-solution is only limited by their awareness of it. As these solutions are out there for several years now, we can safely assume the creative hackers are already developing more sophisticated techniques. That leaves tomorrow’s threats unresolved, as we expect a decrease in new cyber security companies and solutions. Unfortunately, we are about to face a “deadly encounter” of less solutions in the market, with smarter hackers, at the same time. The outcome is clear: more “successful” attacks that are more destructive, with a much higher cost of damage to the organization.
- Less “Autonomous” security
More large and advanced organizations will acknowledge the need of external help. The tendency to keep security “inside”, will be proved to be wrong and inefficient. We can see an impressive increase in adoption of external services, mainly due to lack of human expertise. The truth is, that external security services are much more essential, not only because of the team expertise. As threats become more sophisticated and planned, the attacks turn into campaigns, and the organization, large as it may be, turns into an ‘organ’ in a larger ‘body’ – a sector, state, or even a random hit-list. For such organization, the survival chances as an autonomy are small to none, while the service providers have a huge inherent advantage – they can see a bigger picture.
- Threat-agnostic Defense
Both the organizations, the investors and the vendors, now realize they playing an infinite game. Buying unlimited products to limitless threats is impossible, and eventually, leaves the organization unsecured. The lethal combination of less-solutions in 2017 plus an increase in sophisticated attacks, will force the world to recalculate route. Organizations will switch from investing resources in examining new products, to new approaches. Finally, the market will be focused on finding a long-term solution, that will be agnostic to the threat, the attacker, and its methodology of attack.