Alexander Moiseev, Chief Business Officer, Kaspersky
The year 2020 promises to bring many compelling events — from the Olympic Games in Japan, to a mission to Mars and a total solar eclipse (not to be missed on December 14). But, back on Earth, there are lots of interesting developments set to affect the business world too, in the year ahead.
Businesses of all sizes are continuing to explore digital services, IoT and machine learning technologies to enhance productivity and efficiency. But to ensure their IT security evolves at the same pace, companies will need additional expertise and look to outsource this element to a dedicated service provider. The challenge of privacy and data security will take on a new guise in 2020, due to the growing number of data sources and technologies which harvest clients’ personal data.
It is Kaspersky’s mission to help businesses and users get the best from new technologies and innovations they deploy. To this end, I have identified the following key business trends connected with innovations and cybersecurity, that could help businesses find their way around the changing IT landscape.
- New sources of data will raise new privacy concerns
Tech giants continue to seek more data sources about their customers. For example, at the end of 2019, Google announced plans to acquire health tracking company Fitbit, and then develop a partnership with Ascension - a US health care system of 2,600 hospitals across 21 states and the District of Columbia. There are no doubts that other companies of all sizes will take a similar path in order to track customers’ habits, preferences, activities, and personal parameters.
And the sources of customers’ data will continue to diversify. Even a connected car is expected to generate 40 terabytes of data for every eight hours of driving. This will result in close attention from activists and society towards how this data is handled, as well as stricter regulations from governments.
- Cybersecurity will move to a service model
Those companies who tended to handle certain cybersecurity tasks internally, such as incident response or internal awareness campaigns, are now looking to outsource it to third party professionals. This is largely due to it being cheaper, quicker and providing better SLAs. IT vendors have followed this shift, transforming their offerings from a set of licenses to a set of services. A license gives a customer a tool to resolve its problem while the service element actually resolves the customer’s problem.
As a result, the managed services market is growing exponentially — according to recent figures, it will almost double by 2023. Service providers are now in a very competitive landscape where they will need to distinguish their offering by providing more specific cybersecurity services instead of consolidated services, where the expertise will be crucial. According to a recent Kaspersky survey, 74% of managed service providers named cybersecurity expertise as one of their clients’ key requirements.
To meet the needs of service providers, security vendors will need to adapt their intelligence and expertise to a service model and simplify the delivery of their products as services through MSPs.
- Industrial organisations will unlock new cybersecurity needs
Over the last few years industrial cybersecurity has gained momentum, allowing organisations to protect their industrial endpoints as they would their corporate ones. In 2019, four out of five industrial organisations (79%) considered the management of cyber-risks for OT/ICS networks a major priority for the year ahead. We expect this prioritisation to address specific gaps in industrial protection expertise, such as vulnerabilities in equipment, advanced attack detection and response, and the Internet of Things (IoT).
Organisations will focus more on identifying vulnerabilities in industrial equipment, to patch them in a timely manner and minimise the chance of exploitation. Companies, especially those driving industry critical systems, will consider advanced threat detection and response systems and look for expertise on specific industrial threats.
We will also see more and more industrial and manufacturing organisations use smart components and entire IoT platforms for smart metering, predictive maintenance and digital twins to increase the efficiency of their facilities. The protection of these elements will become a priority task.
- Machine Learning systems will demand dedicated protection from cyberattacks
Security of machine learning (ML) systems and artificial intelligence is one of the strategic priorities for 2020, according to Gartner, as a result of increased use in many services and products — from financial and banking, to manufacturing and different kinds of biometric authentication security systems.
We are seeing more attempts to compromise such systems, including adversarial techniques which are designed to spoil ML algorithms. For example, a poisoning attack when spoiled data is used for algorithm training or when an algorithm is bombarded with data that may appear to be clean but instead includes a small deviation from the original version so that it is too insignificant to detect it as a bad sample. This method gradually erases what was once a clear line between clean and harmful files, which can degrade the model and eventually trigger false positive results.
It is therefore important to protect ML-driven systems from being compromised in this way. This demands dedicated experts who understand the principles of ML and adversarial techniques, and how cyber-protection should be built, in each particular case.
This recommendation also applies to cybersecurity systems where ML is used for automated attack detection and response. Such systems should be reviewed in terms of cyberattacks, as they can be vulnerable to adversarial techniques.
- Businesses will seek new ways to develop innovations
Many technology companies solve the task of incrementing innovations by acquiring startups and integrating them into their business in different ways. For example, VMware, a cloud infrastructure developer, acquires startups and integrates their technologies into its existing products. The company has a special team looking for innovations in the market that could be useful for VMware products. But this approach demands resources and expertise and is relevant only when a company constantly seeks fresh blood.
Companies that occasionally need highly specialised innovations, but don’t have resources to search or nurture startups internally, will look to outsource this process. In this case, the search and selection is handled by a third party that has relevant experience and expertise. When a shortlist is built the customer can choose the best-fit startup and decide on the best form of interaction.
Modern technologies bring exciting opportunities for businesses. And those companies that adopt them first put themselves in a good position to attract customers and oust the competition, by providing convenient services and products, tailored to their needs – as soon as they want them. However, to get the most out of new projects, companies should make sure that there are no hidden risks.
This is why at Kaspersky we carefully monitor IT trends and respond to them through our Kaspersky Innovation Hub, which constantly develops solutions to protect emerging tech. This ensures our customers can focus on day to day business matters and achieving continued success.