Cybersecurity in 2020 and Beyond: Trends and Predictions

Transcript

Karl Culley:
Welcome to a Capgemini podcast on cybersecurity. I’m your host, Karl Culley, and today I have the pleasure of being joined by cybersecurity expert, Geert Van der Linden, hopefully offering his insights on what’s on the horizon for cybersecurity.

Karl Culley:
There are 2 billion websites on the internet. Naturally with this growth has come fraud amounting to $2 trillion of losses in 2019. But cybersecurity has also developed into a $120 billion market expected to grow by nearly 300 billion by 2024. My guest, Geert, will be offering his expert insights on what’s ahead for us in cybersecurity. Welcome Geert.

Geert van der Linden:
Thank you for having me in this podcast. My name is Geert Van der Linden, as you already said. I’m the executive vice president cybersecurity for the Capgemini group.

Karl Culley:
Well, it’s great to have you on the podcast. Perhaps we could talk about the trends of growth and the evolving markets in cybersecurity.

Geert van der Linden:
Yeah, a couple of interesting trends going on in the cybersecurity market. So first of all, the trend that I see is the globalization of cybersecurity services where you saw in the past that local specialized firms are taking the lead, clients more and more are now asking for global players to protect themselves. Clients are realizing that the bad guys are not just around the corner. The bad guys are everywhere. They can attack everywhere, and they often are sponsored by States so they need a global player who can protect a client on a global scale. Also, I see a couple of other trends and there is more focus on security service integration and less on software. A lot of companies have bought a lot of software in the past and they are realizing I cannot keep on buying more software. I need to use my money smarter and I need to make sure that there is a good integration between all those security products. And that’s where companies like Capgemini play a role. We are a service integrator. We help the client to make the right choices and to make the money the most effective.

Karl Culley:
And you mentioned the customer and I understand in cybersecurity in recent years it’s become more customer centric. So, what are the particular customer demands that are shaping the expectations and the levels of cybersecurity these days?

Geert van der Linden:
Yeah. I always make a difference between customers and clients. A customer is someone who buys a product or a service from one of our clients and the client is the one that is buying the service from Capgemini. If you use that distinction, then customers want flexibility, they want privacy and they want protection. And flexibility and privacy often give attention. Customers will give a premium to clients that have taken care of the privacy. One of the research that Capgemini published, it showed that customers prefer a client or a provider that is open and transparent about their protection and has taken care of the privacy.

Geert van der Linden:
And they find that the most important criteria after the availability of the product. We also saw is that delivers a 5% point uplift in the revenue of clients if they handle cybersecurity in the right way. So, clients need the help to balancing their investments so that they deliver on the one hand the need of the clients and then the other hand, control the amount of money spent on cybersecurity. And going cheap is never a smart option in this area. It’s like an insurance. You can go for the lowest cost insurance, but the end of the day, if your house burns down, you want to have an insurance that is covering all the costs and not someone who’s saying, “Yeah, that was not in scope.” So clients need to balance the right choices and to balance the right approach into the demands customers have.

Karl Culley:
Okay, so now that we’ve given an overview of the current environment, maybe we could continue by talking about the solutions that will move center stage in their future.

Geert van der Linden:
It’s an interesting question and it’s a topic that takes a lot of my time on figuring out where it is going and what we need. What I see is that there is a shift in the time that we have to respond to breaches and to detect breaches or attacks where a couple of years ago you had six months to respond, a year ago, 30 minutes to respond, now we are in a situation where we talk about milliseconds. And you can think for instance on cybersecurity in your car. We have a self-driving car, we have a connected car or a connected plane, and of course, all airplanes are connected. If someone is messing around with your car while you’re driving 120 kilometers an hour on the highway, you don’t have a second to respond to an attack. The focus on speed both in the detection and in remediation is essential.

Geert van der Linden:
So at the center of the development is automation and artificial intelligence. Automation and artificial intelligence are needed to respond quickly and to find more remediation also quickly, but that’s only one side of the coin. The other side of the coin is the attacks are getting more complex. Complexity means that it takes a lot more time for a human being to understand what attack is going on. Keep in mind that the state sponsors the attack, they have a lot of resource, they have a lot of money so they can spend a lot of time in figuring out and prepare an attack while the defender only has a split second to see the attack and to defend against the attack. So, having artificial intelligence in place to get the right level of speeds, to define what’s going on, that will be at the center stage of the coming years.

Karl Culley:
I see. I see. And seeing as most of these attacks are state-sponsored, would it be that these attacks are also powered by AI or they will be powered by AI in the near future?

Geert van der Linden:
Yes, absolutely. It’s strange to think that the bad guys are not using the same tools that we are using. So, they also are using AI to find a hole in the fence. So, another new focus that I see in the near future is that we are not only looking at prevention and detection, we also have to look at threat hunting. You can assume that somewhere in time a company will be breached, or a customer will be breached, and the bad guys will sit there and wait for the moment to use the breach that they have. So, the next one, focus on hunting down the ones that are inside your infrastructure that are hidden inside your infrastructure waiting to be used. That’s the other focus. Yes, AI, the bad guys are using AI. You can counter it; they will breach you. And our goal is to use AI to find them, hunt them down, and kick them out of course.

Karl Culley:
Yeah. And all of this done in real-time, this finding of the detection of the malware and anomalies. The AI would do this in real-time, I suppose.

Geert van der Linden:
Yeah. What you saw in the past is that the focus on cybersecurity was on the administrative IT systems. Nowadays there’s also a lot of security risk and concerns. The questions around OT systems and IoT systems. If you’re a nuclear power plant, you have a lot of OT systems. What you don’t want is someone messing around with the cooling system of your nuclear power plant. So speed is essential and is real-time because once it’s overheated, there’s not much time to defend yourself.

Geert van der Linden:
A little thing that I like to add is that we have a huge shortage on labor at this moment in cybersecurity, yet the unemployment level is zero or close to zero. Artificial intelligence and automation will help us to deliver more service with the same number of employees. We have no choice. The amount of stretch is growing. The demand is growing while the labor is not there. And that’s on top of the complexity road that we are seeing. So artificial intelligence will help us to deliver more protection, to deliver more security with the same amount of people. So, it’s not just replacing people, it’s the need and the demand to do more with the limited resources that we have.

Karl Culley:
And I suppose it’s about protecting the data of people. And the recent tightening regulations, GDPR, and others, how are these shaping the cybersecurity environment?

Geert van der Linden:
Yeah. You said it’s all about data. Data is one side of the story. What you see is there’s one of the developments that we didn’t cover in the earlier part of this podcast is that there is a shift from stealing data or stealing money to more or less. So, doing damage to society is a new area, what cybersecurity terrorists are using. So, it’s not just data. Data is very important, but the more or less part is also concerning one.

Geert van der Linden:
Going back to your question on compliance and GDPR, GDPR was the first regulation that came into our place and that came into force as we say that. It has been followed by a lot of other regulations like the California Customer Privacy Act, the Brazilian Privacy Act, but also in China, in Australia, in New York, we have seen lots of regulation coming up.

Geert van der Linden:
So those regulations sharpen the cyber demands and we all see at this moment that the first big penalties are handed out by GDPR. They took the time where they accepted the grace period where clients and companies got a warning. But the first big penalties have been handed out. The European Union somehow loves to give really big penalties. So that is influencing the demands on cybersecurity. There’s only … how should I say it? There is a certain tension in the demands because I actually see a triangle of cyber demand and cyber tensions around this. On the one hand, you have the compliance regulation that is sharpening what we do. On the other hand, you have the customers who want flexibility, want freedom, who are sometimes ignorant of what they do. And on the third side are the same governments that have launched GDPR or one of the other acts is saying, “But I want to know exactly what everybody is doing.”

Geert van der Linden:
They are breaching their own promises and trying to get control of data, trying to get control on terrorists, et cetera. So, there was real tension in cybersecurity between those three angles, the protection from a privacy point of view, the flexibility to the customer wants, and the need from governments to know whatever you’re doing. Look at the whole debate around the WhatsApp encryption. So, the cyber demands, the role that Capgemini has to play, the role that server integrators have to play is to balance between those three niches. But if you close your services completely, you are compliant with GDPR, but at the same time, you will lose the customers that are not happy with the inflexibility that you’re delivering. The cyber demands are on those three angles. And it’s the job of Capgemini to help clients to find the right solution for this.

Karl Culley:
Absolutely. And it seems that this idea of tension is present in IT in general, isn’t it? One example is the tension between privacy and convenience for people, which is of course at the forefront of people’s awareness. So, we’ve touched upon it earlier in the podcast. Can we talk a little bit more about the nature of the threats faced? It seems to me, it’s not often clear who is attacking if it’s state-sponsored attacks or organized crime, what are you seeing and what do you think the future will be? What will be the nature of the frets faced?

Geert van der Linden:
There is a real shift and I already elaborated a little bit on it, a shift in threats. In the initial, I can say that the shift is mainly around from hit and run towards patients. And what I mean with that, in the past, hackers were small criminals trying to get in and steal your credit card, stealing money, et cetera. So, it was getting in or do identity theft and get the money and run away. That has shifted. It has become more indirect. Indirect in the fact that it’s easier for a state-sponsored attacker to get a breach, a service integrator because a service integrator, it opens the door to a lot of clients so it’s easier to go in an indirect way. It’s also what they do is they look at potential clients, look at companies, they want to find the back door, they place the back door, and they wait.

Geert van der Linden:
Of course, having the back door has a lot of value. You can sell it to someone that needs that at that moment, or you can use it once the company’s doing something you don’t like. They get in, find the back door and wait until the right moment to use it. Another shift is moving from the money theft to stealing information. Why steal the money once while the information that you can steal time and time again has a lot more value and you can sell it at each time. So it’s better to get in, to keep on stealing the information, hide yourself and sell the information on the dark web.

Geert van der Linden:
The last, and that’s the most concerning one, there is a clear shift in focus on doing more or less. If you can damage utilities of a country like in the Ukraine, you can do a lot more damage than before. If you can damage the production of a brewery company, you get the benefits for the competitor. So, doing damage to a company, doing damage to a country, that’s another shift and that’s growing very fast. And of course, that’s where the concerning part is because that means putting lives at danger. Stealing a hundred euros, it hurts, but nobody dies. Blowing up a nuclear power plant, people die.

Karl Culley:
Well, it’s been happening in recent years. Certain states have been using breaches for geopolitical advantage. I don’t want to get into it so much with specific countries, but we’ve seen that, States being able to influence other countries, political landscapes. Yeah.

Geert van der Linden:
We have seen it with the election server. We have seen that other countries have tried to intervene, and they did that successfully.

Karl Culley:
Yes. And all through leveraging data and patterns and I suppose all companies hold all data on clients and need to protect that data.

Geert van der Linden:
Absolutely.

Karl Culley:
Okay. So more and more of these days, the role of the CSO as a key decision making. There’s an incredibly high turnover in this role these days. So how can the service companies help CSOs to achieve their goals and well stay in the job.

Geert van der Linden:
Always an interesting question. And you’re right that there’s a high turnover of CSOs at the moment, but you also see that the role of the CSO has changed and it’s changing fast and maybe that’s also causing the high turnover CSOs. And Capgemini has done a research on that. What’s the change role of the CSO? What you saw in the past is that the CSO was mainly someone saying, “No you can’t” To nowadays that’s someone that’s close to the board and is partly responsible for shaping the business of a client as I said early on this podcast.

Geert van der Linden:
So the service that we can deliver to these CSOs is helping them to connect cybersecurity with the business. That’s one of the things Capgemini tries to differentiate themselves. We need to connect the business of the client, the risks connected to those businesses with the choices a CSO has to make both in his security governance, in his protection of security, but also in the run of security.

Geert van der Linden:
Let me give you a very simple example that illustrates it a little bit. If you’re a retailer and there isn’t a tech on your web shop, in the week for Christmas, it’s a disaster. You really need to respond immediately because most money is made for the retailers between November and December, Christmas. So, connecting the business, understanding the business with the cybersecurity risks both from a design and from a run perspective is important. That’s Capgemini can help the CSO.

Geert van der Linden:
Second one, where Capgemini can help the CSO is to deliver an end to end solution. If you look to cybersecurity at the moment, outlines need an end to end solution. But it also means that they have to make choices, where to invest, and what to do, and what not to do because there’s no unlimited amount of money available. And if you want to do everything for cybersecurity you need an unlimited amount of money. So that’s not the case. So, Capgemini helps the CSO to make the right choices and to solve the complexity that he has in his organization and in his infrastructure.

Geert van der Linden:
Over the past years, a lot of CSOs have bought a lot of tools. Those tools are not working together or are overlapping and leaving gaps behind on other places. So the role of the service integrator, the role of Capgemini, is to solve that complexity and to help the CSO to make the choices to get to the best possible purity for the client.

Karl Culley:
Let’s move on by talking about who you see as the main players in the coming years in cybersecurity and of the main organizations that would be shaping the solutions that will become commonplace.

Geert van der Linden:
Yeah. Well, if you look to the main players, I see two kinds of players. First one is the software providers and the other ones are the service integrators. I don’t think that there’s a market for companies that combine both. It’s simply a different game, a different market, different risks, different way of selling. So, I don’t see a future for software providers to think they can sell other services. If I looked at a service companies, because I believe that Capgemini will be a main player in this and Capgemini wants to be a leader in the security service integration part.

Geert van der Linden:
If I look to the software side, I see the existing strong players like Micro Focus, like IBM, like SailPoint, and like Ping. They are very active, and they will keep on delivering services, but I also see a couple of new players stepping into this market. So, I’m very interested to see the development that Microsoft is doing, and that Google is doing. And they see that this is a very profitable market. They’re stepping in, they have a lot of money, they have a lot of power. So, I expect some innovative changes coming from that corner. And last but not least, I also think that we should not forget about Cisco. They are also a strong player from the past and they are also looking at cybersecurity.

Karl Culley:
And yeah, we’ve also touched upon this on Capgemini’s approach and its partners to its service offerings.

Geert van der Linden:
Well, Capgemini’s approach is … we deliver an end to end security service. So, we always say we are vendor agnostic, but we do have an opinion. If a client is saying, “I have already contracted this of this software vendor, we can work with it.” It is the client starts to say, “Hey, what is for me the best solution in my situation?” We look at them and we give an honest opinion. So that’s how we look at partners. We keep on monitoring the development of those partners because the partners from two years ago are not the key players at this moment anymore and maybe they won’t be the key players in three years from now, the ones that are strong now.

Geert van der Linden:
Having said that we deliver an end to end service, we have split the intervention into a life cycle. So, we start with what we call the define phase that’s doing the assessment of what the situation is, then we’d give the advice on how the security should implement it. After that, if agreed to the client, we can do the implementation, the protect. We start doing our identity access management or we do the endpoint security implementation. We also do the application security testing, et cetera, and at the end we do the monitoring. So, the monitoring, it’s the final part that we do where we have a global network of socs across the world. At this moment we have 14 socs and I expect next year that we will be at 16 socs because we believe that grabbing that small momentum of seeing things happening a little bit earlier helps to protect our clients. If you see an attack emerging from the US or a malware or wave, it helps you to protect the clients in Australia that will be hit by that same malware an hour later.

Geert van der Linden:
So that’s why we have the defined protect and monitor. But that’s one for a view. The other view is that we look at cybersecurity in the whole IT stack. So, we look at the security around networks, we look at the security in the infrastructure, we look at the security in application, and we look at the security in the data layer. And on top of that we have the security governance. So, it’s the life cycle and it’s the full stack. And the final parts, so there’s the third view, we look at the whole landscape. So, we have security for IT systems, we have security for cloud, we have security for OT, and we have security for IOT. So with those three views, we can cover the end to end security of our clients and we develop our service offerings based on that.

Karl Culley:
Well, we’re coming to the end of our podcast here in our time talking about what’s next for cybersecurity. But I thought we could finish on a personal note. So, I wonder if you could tell us about what’s the most interesting aspect of your role?

Geert van der Linden:
Well, there’s several things that are very interesting of my role. First of all, I love to be in an innovative part where the developments are going fast and where I can make a difference. So being a cybersecurity helps to shape the future of Capgemini. That’s one side. But the other side is a little bit different. If I look at cybersecurity and that’s also the way the subculture that we want in Capgemini for our cybersecurity people and that’s the way I want people to behave for when they are with the client, we do the extra mile. And I like to do the extra mile because if I and if Capgemini does the job good, we make a little bit of difference in protecting our world in our values and our society because nowadays there are a lot of threats to our way of living and a lot of companies and a lot of states that are trying to hurt us and take away all way of living.

Geert van der Linden:
And I truly believe that if we deliver a good job, if we do the extra mile, if we have the right commitment, we can make a difference, a little bit of difference. And that’s what I love the most about my work, helping to protect my and my son’s future because when I look at my son, he needs to be able to live the way I live and I want to make that happen for him.

Karl Culley:
That’s great. And what a great place to finish, I think. So, I’ve enjoyed this discussion very much. Thank you so much for joining us Geert.

Geert van der Linden:
Thank you.

Karl Culley:
And I hope our listeners have enjoyed it too. So, until next time, goodbye.