No longer is cybersecurity only the province of IT and security staff; these days, it has become a topic with implications for every major line of business and market segment. From where we sit at Palo Alto Networks, here are three cybersecurity trends we think will be big in 2014.
1. Cybersecurity will be more than ever a business topic.
I spend a lot of time talking to customers and what I’m hearing in every industry, from healthcare and education to energy, oil and gas and transportation, is that companies need to do a better job evaluating the costs and risks related to cybersecurity threats.
Some companies do this well; over the past year, we’ve seen a more than 100 percent increase in mentions of cybersecurity as risk factors in public company filings, which at least tells you it’s on their list of priorities. Other companies don’t seem to have a clue. A lot of the planning that has to happen depends on the value of a company’s assets and how vulnerable those assets are.
Every business must manage and protect its unique set of industry-specific systems and data, and that’s why we’ll see greater network segmentation and even isolation. With the proliferation of digital assets and connected devices, the topology of any enterprise network has become exponentially complex.
We believe that to regain full visibility and control over the state of their network security and ensure the highest level of security to their most valuable assets, businesses will need to more systematically apply network segmentation techniques across their network to segregate sensitive data and functions from generally accessible information. This is now commonly discussed in healthcare for medical equipment and devices or in critical infrastructure with ICS and SCADA networks.
2. A heightened need for better intelligence and sharing on cyberthreats.
On one hand, this is a perennial need. But the volume of traffic on networks is more or less doubling every year, and that means that the problem of network security is increasing drastically.
As we see it, the new era of network security is based on automated processes and building as much intelligence as possible into network security software. This especially becomes important in industries such as government, education, healthcare and public services, in which staffing shortages are real and not expected to ease. Limited staff need maximum resources – security tools that give them the most visibility into their network traffic and don’t sacrifice business productivity.
3. Security will meet reliability as attacks target control systems
Companies may be able to apply tight network security to data centers and the information they manage. But if they’re not doing the same for certain data center support systems such as HVAC, cooling and other automated systems that help power, clean and maintain a data center, they’re leaving the whole data center vulnerable.
Data centers are required to meet the highest levels of reliability which cannot be achieved unless all of its components, from uplinks and storage to chillers and HVAC systems, are fully fault tolerant and protected from vulnerability and cyberattacks. Remember what happened in Australia earlier this year when attackers hacked local Google data centers using the building control system. We expect these types of attacks – in which smart hackers target the weakest parts of a data center support infrastructure – to continue.