The main lesson I am taking from 2020 is that change is truly the only constant. While the new year looks hopeful in terms of a vaccine for COVID-19, that doesn’t mean we should all be going back to old ways – and that’s no different for enterprises.
The pandemic has reinforced the importance of fostering enterprise agility and, most importantly, resilience. Being a successful organization today is less about careful planning, and more about being able to handle whatever comes your way.
This is especially true for the dynamic world of cybersecurity. Data is the new currency and threats are constantly evolving. As we look to 2021, organizations must continue developing and transforming their cybersecurity processes so they can handle whatever comes next.
But what can we expect in 2021? While I don’t have a crystal ball, I have seen some trends start to emerge that will continue to develop over the next 12 months.
A market evolution
The cybersecurity landscape used to be a jumble of specialized vendors who were good at one thing – be it cloud security, data security, or user authentication. Now, we are seeing the globalization of cybersecurity services.
In an era of increasingly diverse attack vectors, clients want integration and end-to-end protection; they want specialists with both the sector-specific and technical expertise to create an aligned security strategy. Rather than purchasing many different pieces of software, they want to use their money in a smarter way and use solutions that complement and work with each other. More and more, clients will look for global players who offer end-to-end protection across regions. The latter does not mean the SI will do all themselves.
The new face of the CISO
The CISO was traditionally viewed as the “department of no” – cautious and a blocker to change. But cybersecurity has begun to move away from being a backroom function. This evolution was quickened by COVID-19, which highlighted just how essential cybersecurity is to a successful business. Now, rather than being seen as a roadblock to innovation, the cybersecurity department is viewed as an enabler. For the CISO, this means a new, boardroom-focused role, responsible for shaping the business as much as other C-level executives are.
At Capgemini, our suite of services helps CISOs to connect cybersecurity to wider business objectives. We connect these objectives with cybersecurity risks so that CISOs can make informed decisions that enhance innovation while also ensuring security.
The consumerism of security
It’s estimated that there will be three internet of things (IoT) devices in existence for every person next year. At the same time, social commerce continues to rise, with more brands focusing on direct-to-consumer selling and relationships. Both these levers offer an expansive attack surface in the form of connected devices, digital storefronts, and engagement tools.
For consumer-focused organizations, this means a higher risk of data breaches and loss if the right protocols and technologies are not in place. As a result, we expect to see product and platform security come to the forefront next year, particularly as organizations realize the value that consumers place in trust, privacy, and security.
Intelligent, real-time threat detection and response
Breach detection and response time are moving to become instantaneous – which in itself will become normal in 2021. With more IoT devices than ever before, organizations do not have the luxury of time in responding to breaches. Take a self-driving car. If an attacker was to hack this while on the road, the impact could be detrimental to human safety. The focus on speed both in the detection and in remediation is essential. At the center of this is automation and artificial intelligence (AI).
While AI is used commonly for detecting threats, it’s at a relatively nascent stage when it comes to actually responding. We know that less than 18% of organizations make significant use today of AI for cyber threat response. However, AI can reduce the time taken to create a virtual patch for a detected threat or develop new protection mechanisms for evolving technologies.
Next year, more organizations should be using AI in the form of security orchestration, automation, and response (SOAR) technologies, which enable the collection of security data and alerts from different sources. SOAR allows incident analysis and triage to be performed, leveraging a combination of human and machine power. This helps define, prioritize, and drive standardized incident response activities according to a standard workflow through connections to data sources and platforms.
For cybersecurity professionals, the task for next year is one of evolution. COVID-19 has heightened the importance of cybersecurity as a business enabler, giving cybersecurity leaders an opportunity to become more involved in business strategy and innovation. With the right technologies and roadmaps in place for security, organizations can move forward with confidence into the new year – armed with the knowledge that they have fostered the resilience and agility needed for success.
Visit the Capgemini website to learn more about Capgemini’s Cybersecurity Services.