Translated by
2019/02/08 09:20:37

Information security (trends)

Article is included into the overview of TAdviser "Security of information systems 2017"

Content

2019: Top-10 trends in the field of cyber security of Internet of Things — Counterpoint Technology

At the beginning of February, 2019 the Counterpoint Technology Market Research analytical company submitted ten forecasts to information security fields for 2019.

1. Close cooperation between hackers

Hackers are subdivided into different groups: traditional and ideological, sponsored by the state and hackers freelancers. Analysts believe that these groups shortly will begin to cooperate to use advantages of others products and services.

Experts of Counterpoint Research expect significant increase in a capital expenditure at security of IoT-devices, platforms, the cloud systems and services in 2019

2. Cyber attacks as service

Counterpoint Technology Market Research considers that in 2019 hackers will use even more often remote desktop protocols as a starting point for distribution of the malware. Besides, cybercriminals can create and sell software packages for start of malware that will allow them to select finished goods and to carry out the attacks regardless of own experience in this sphere.

3. Machine learning as weapon of new generation

Malware already learned to bypass elements of machine learning in the unrolled systems of a kibezashchita. Use of the advanced instruments of machine learning for automation of the choice of the purpose of hackers will become the next step as experts consider. Such tools will be able to study software for search of the least secure systems and their weak points.

4. Theft of data – a new milk cow of hackers

Transition to digital technologies and Internet of Things led to increase in volume of corporate and personal data which are stored in the cloud systems. In 2019 significant growth in date leaks, especially from cloud servers is expected.

5. Devices of the smart home and peripheral devices will become vulnerable for the attacks

Devices of the smart home which collect and store personal data - the easy purposes for cyber attack as, as a rule, are almost not protected. And peripheral devices are equipped with extremely simple software for confidential data protection and work mainly on elementary operating systems.

It is expected that by the end of 2019 hackers will use the advanced instruments of machine learning for automation of the choice of the purposes, finding less secure systems with their help.

6. Cooperation and expansion of partner communications between developers of solutions in cyber security

Cooperation of software developers in the field of cyber security integrates achievements and power of the companies. Together they can present more effective solutions capable not only resist to malware, but also study and develop.

7. Multifactor authentication and intellectual identification of the device

Identification is a fundamental component of cyber security, including for Internet of Things. The identification model by 2019 stopped being focused on the user — now it is focused on a machine component. Analysts assume that multifactor authentication and intellectual identification will become a basis of cyber security of IoT in 2019.

8. Protection on the basis of machine learning

Machine learning is already used for monitoring of activity for the purpose of detection of the malware. Besides, this technology not only processes and analyzes data much quicker, than traditional tools, but also provides forecasting of threats and cyber attacks.

9. The solutions of cyber security which are built in the equipment

Implementation of security at the level of the hardware was one of the most interesting solutions of 2018, the study says. Such protection will help to solve problems of cloning and counterfeit of software and also will provide safe authentication along with unique identification.

10. The growing demand for employees of security services in the public and private sector

The new laws obliging to protect the companies confidential information of users generated huge demand for skilled staff of a security service both in state, and in the private sector.[1]

2017-2018

Legislative trends

Trends on the Russian information security market form under the influence of the legislation and development of threats. Market participants remind of toughening of penalties for violation of an order of processing and personal data protection, adoption of law on critical information infrastructure, entry into force of state standard specification in which information measures of protection in financial institutions are described.

«
All these changes are motivators for investments into cybersecurity from the companies, - Yakov Grodzensky, the head of information security of System Software company considers
»

Dmitry Biryukov, the head of department of information security of the Asteros group, adds that the state conducts serious and full-time legislative employment: regulators continue to introduce additional requirements to information system protection under which large projects and new implementations are expected. It is, first of all, about segments of critical information infrastructure, an APCS, bank and telecommunication sectors, he notes.

According to Lev Matveev, the chairman of the board of directors of SearchInform, the federal law on security of critical information infrastructure in fact is legal recognition of the problems and risks connected with cyberthreats.

«
The law will seriously affect the industry, it is about new state strategy. Today methodical recommendations are up to the end not defined and are in process of study. But all market participants watch closely process", - he explains.
»

Rustem Tursunbayev, the head of department of information security of Compulink Group, adds that in connection with new requirements of the state some big customers create the budget proceeding from the updated legislation already now.

Shift of accents towards riskoriyentirovanny safety and protection against external threats

One of the most noticeable and interesting trends is the shift of accents from regulatory security towards riskoriyentirovanny safety and protection against external threats. The occurred incidents of cybersecurity showed as the enterprises are vulnerable to the attacks from out of and as strongly these the attacks can influence indicators of business continuity and organization activity and also the general availability of information systems and services.

«
It means that we will gradually leave from the traditional model "confidentiality, integrity, availability" with a big traditional emphasis on confidentiality towards availability or cyberstability, i.e. capabilities of the organization to resist to threats of cybersecurity and to be recovered quickly in case of their implementation. Such approach actively develops long ago in the West, and in Russia one of active drivers of this term is the Central Bank of the Russian Federation, - Sergey Terekhov, the director of competence center of information security of Technoserv company notes.
»

Reconsideration of a role of cybersecurity for business

At the corporate level there is a reconsideration of cybersecurity as parts of the general corporate business strategy. Customers independently make the proposal on carrying out thorough audit of cybersecurity and drawing up the program of organization development.

«
Moreover, at the level of management of the companies understanding that providing Information Security — not the single project, but continuous business process forms. With respect thereto growth of interest in solutions of the class GRC (Governance, Risk, Compliance) and to use of different BI tools looks quite logical, - Alexey Grishin, the director of Information Security Center of Jet Infosystems company notes.
»

Sergey Terekhov adds that the cybersecurity becomes more available and clear for business and Chief information officers, and it means that all of them realize need of investments more and want to see from them return.

Involvement of the top management in questions cybersecurity

One more trend about which market participants speak it is involvement of the top management of the enterprises in questions cybersecurity.

And, according to Nikolay Domukhovsky, the director of the department of system integration of UTsSB, first of all this involvement is implemented at the expense of a whip, but not gingerbread: the changes of the Criminal Code of the Russian Federation caused by adoption of law on security of KII imposed criminal liability for non-compliance with requirements for cybersecurity if it entailed heavy effects.

«
Drafts of bylaws of the law on security CUES of the Russian Federation contain specific objectives and functions of the management of an object of KII which those should execute on a permanent basis. I.e. the notorious "involvement of the management" appearing in a series of ISO standards 27000 regarding objects of KII has every chance to turn into a set of mandatory requirements, but not general recommendations as it is in the mentioned series of standards now, - it notices.
»

Staff shortage

Digitalization of economy defines key trends of market development of information security. As Sergey Sherstobitov, the CEO of Angara Technologies Group as the cybersecurity industry grows in Russia in high gear notes, one of top trends is a staff shortage.

«
We observe a gap between the need for high quality professionals cybersecurity and the number of the specialists who are let out by Higher education institutions and level of their preparation, - he notes.
»

Shift of focus of cybersecurity developer on the person

In the market the trend on creation of the technologies warning incidents at the expense of the analysis of behavior of the user, identification of anomalies in its actions is noticeable. Channels on which corporate information is transferred become more, and it is more difficult to control them all. However the person remains the most unpredictable source of threats in cybersecurity. On it focus of interest of developers is also displaced, Lev Matveev, the chairman of the board of directors of SearchInform says.

«
We not an exception – this year headed for integration of technologies of a profayling into DLP. It is necessary to tell that this experience unique not only for Russia, but for the world therefore there are no blazed roads here and to us it is necessary to create both theoretical, and practical base for this purpose. In the fall on our Road Show we submitted the first version of Profile Center and collected the first feedback from potential customers. It is sure, this functionality will become a trend in the market of cybersecurity, - he adds.
»

Maria Voronova, the head of department of consulting of InfoWatch Group, also calls a trend the analysis of a behavioral model of users which will allow to detect potential threats of cybersecurity preventively.

«
The systems of the class UEBA/UBA (User (and Entity) Behavioral Analytics) solve as the internal problems of information security support of the organization connected with behavior of employees and external, for example, promote prevention of the hacker attack through a compromise of an account of the legitimate user. Very many DLP-and SIEM vendors are engaged in creation of UEBA solutions based on the technologies now, - she notes.
»


Creation of coordinating bodies

The main source of threats is the industry of harmful services which constantly increases pace and purchases more and more lines of the developed market with the worked business models.

As Alexey Grishin notes, the director of Information Security Center of Jet Infosystems company, the state and a number of the industries react to threats of creation of coordinating bodies which set standards of providing Information Security and serve as platforms of exchange of experience, for example, to State system of detection, prevention and elimination of consequences of computer attacks and FinCERT of the Bank of Russia.

«
But it only the beginning of history, and in the next several years us is waited by new coordination structures in the different industries, - he says.
»

Import substitution

Import substitution – one of key trends of the Russian IT market. However its influence on the market of cybersecurity is estimated by domestic experts differently. Someone notices significant increase in demand for the Russian solutions, others note that the Russian producers initially prevailed, and the tendency to import substitution promoted only insignificant increase in their share.

Dmitry Gvozdev, the CEO of Information Technologies of the Future company, calls support of import substitution by the state – the key and dominating trend.

«
While the Russian Federation saves dependence on the western element base, the protective software - a crucial element of preserving of security of digital infrastructure so the state promises and gives an active legislative and financial support to a cybersecurity segment, - he says.
»

In more detail how the trend of import substitution affected the market of cybersecurity and what perspectives this process has read in the separate article.

Market segmentation in terms of approaches to security

Within this year also a number of trends which played the defining role in business in the field of cybersecurity was created. Market segmentation in terms of approaches to security became explicit: the pool of the companies realizing direct dependence between viability of the business and information security was accurately created.

As Maxim Filippov, the director of business development of Positive Technologies in Russia notes, these are the companies which build the work with emphasis on digital. They invest in the newest technologies of protection and in many respects push other players of the market towards security.

«
About 10% of the market fall to the share of such companies so far, but gradually their number grows, - he adds.
»

SOC

Today existence of a preventive system of protection which would be able to provide 100% protection, unfortunately, in most cases impracticablly. Therefore the problem of detection and competent response to the attacks moves to the forefront.

According to Andrey Zaikin, the head of information security Croc with respect thereto in the market initiatives of SOC (Security Operation Center) actively develop. They include three components:

  • Technologies of protection, which today set
  • Employees who are responsible for information security
  • Regulations and rules which allow to build accurate processes on prevention of the attacks and also response to cybersecurity incidents in case of their emergence

In "the STC Volcano also consider that now in the Russian market of cybersecurity the trends connected with creation of Security Operations Center (SOC) prevail. According to representatives of the company, it is caused by sharp relevance of a question of operational identification and response to cybersecurity incidents.

«
In 2017 creation of data of the centers was started by many large companies. In view of project implementation duration, they will proceed during 2018, and, perhaps, 2019, - Alexander Kuznetsov, the head of information security in STC Volcano noted.
»

Protection against paper leaks

Malefactors – especially unfair staff of the companies – began to understand that digital information infrastructure in many organizations is already almost guaranteed protected from incidents by the systems of the class DLP. However security of paper documents and their electronic copies at the same time "sinks".

«
With respect thereto also the number of leaks of documents of such format grows. At the moment the cybersecurity market so far only begins to develop the products protecting from paper leaks. These solutions of a reaktivna: thanks to the fact that each employee in the company working with the document in EDMS receives its individual copy in case of "draining" of information a system allows to investigate the happened incident and to find responsible, - Anton Samoylov, the CEO of EveryTag company tells.
»

But application of such solutions is not limited only to identification of a source of leak. According to Samoylov, security service specialists can announce employees implementing solution which will keep account of all issued copies. Then at personnel of the company desire "leak" confidential information will just disappear.

Growth of interest in cybersecurity services

A number of experts note growth of interest not just in solutions, namely to services of information security.

As Andrey Zaikin, the head of information security notes Croc, modern threats become more difficult and more various, at the same time than specialists station wagons which know at the good level a set of different technologies and means of cybersecurity, very little. It is impossible to embrace the immensity and to be the guru in everything. Therefore for creation of an effective system of protection the companies need to keep the whole team of specialists in information security in the state. Not all are able to afford it to themselves. It is often more profitable to receive competences of professionals as the managed service on outsourcing.

«
For example, our company offers customers safe infrastructure from a cloud (IaaS) which conforms to all requirements of the legislation for personal data protection. The customer just transfers the systems with personal data to us to a cloud or DPC, and we undertake all care of personal data protection. And we close both technical, and organizational aspects of a question, - Andrey Zaikin tells.
»

Big Data of information security

One more possible trend is connected with effective processing of the separate and often not connected with each other data, with the subsequent their analysis and risks assessment. Maxim Filippov, the director of business development of Positive Technologies in Russia, calls such data of Big Data of information security.

«
Those who will learn to accumulate these data, to store, to process and analyze flexibly (including it is retrospective), will be literally leaders in our market for the next several years, - he considers.
»

Consulting services and implementation of complete solutions cybersecurity

Victor Serdyuk, the CEO of DialogNauka company, as a trend calls steady growth rates of the directions connected with rendering consulting services and implementation of complete solutions in information security field. It, according to him, is promoted by several factors among which there is a gain of regulatory requirements to the organizations in the part concerning questions of data protection. Besides, in 2017 was a number of the incidents connected with successful attacks of malefactors to the Russian and foreign companies that also increased attention to need of implementation of measures for providing Information Security is recorded.

«
Among the most demanded consulting services it is possible to select: penetration test, development of development strategies cybersecurity, conformity assessment to requirements Russian and to the international requirements for data protection (PCI DSS, SWIFT CSCF, ISO 27001, service station of BR IBBS, 382-P, Federal Law 152, etc.), protection of an APCS and also outsourcing of functions on maintenance of the cybersecurity systems. In terms of complete solutions, for example, for our company one of drivers of growth are successfully implemented projects connected with implementation of means of protecting from the purposeful attacks and creation of the situational centers of monitoring of cybersecurity (SOC), - he told.
»

2015

Change of approaches to information security

In the Russian companies understanding of result which information security systems can provide changed. Total number of the projects directed not to safety of business, and begins to be reduced by compliance to requirements or risk reduction. Several years ago such projects made an essential market share of cybersecurity. They are succeeded by projects which bring to business real financial benefit, Evgeny Akimov, the director of business development of Information Security Centerof Jet Infosystems company notes.

Andrey Stepanenko, the expert in technologies of data protection of Code of Security company agrees with it. He notes that change of "reference points" was influenced not only by economic factors, but also they can create with what speed the number of cyberthreats and what risks grows for business.

"In these conditions the customer first of all estimates real, but not "paper" opportunities of means of protecting in data security provision", - he says.

Requirements from: "The subsystem such is necessary" are displaced aside "A subsystem such should have the following functions" and practically any project begins with "pilot" testing of solutions recently, Dmitry Ogorodnikov, the director of competence center of information security of Technoserv company adds.

For the companies creation of a security system capable to provide protection against real threats of cybersecurity becomes priority number one. Now customers pay attention to controllability of means of protecting, technological effectiveness of application, their compatibility and support of modern information technologies have more and more than attention.

Most the companies passed recently from purely technical approach at which vulnerabilities are just identified and solutions for their neutralization, to risk-oriented approach are selected.

"It is more complex approach at which risks assessment and cost effectiveness analysis of use of these or those means of protecting is made. It is more mature approach, but the movement in its direction not really fast as it is connected with change of mentality of cybersecurity specialists", -Alexey Rayevsky, the CEO of Zecurion company told TAdviser.

According to him, customers focus attention on capabilities of means of protecting more and more to be integrated with other systems in their IT infrastructure. In particular, integration into the SIEM systems interests many today (a class of products for information management and events in a security system).

Transfer of function of administration of information security tools from divisions of security in IT departments of one of the main trends is considered by Dmitry Ogorodnikov from Technoserv. It, according to him, is explained by deep integration of means of protecting and information technologies recently.

The convenience of the interface, completeness and visualization of the reporting and other parameters of solutions also begin to prevail when choosing products. Such trend demonstrates that specialists of information security develop products with a careful eye to the new interests of customers now.

As for technologies, the market of cybersecurity continues to go towards complete solutions. Products for protection of virtual environments and connected with protection and mobile device management even more often interest business,Sergey Zemkov, the managing director of Kaspersky Lab in Russia, the countries of Transcaucasia and Central Asia says.

Now the enterprises look towards solutions for protection of critical objects and infrastructure (such as objects of the energy sector, enterprises of transport, etc.). The target attacks which gain ground recently and can be not revealed for a long time, also force business to defend.

"We see the growing interest of customers in services of information security, such as services in investigation of computer incidents, protection against DDoS attacks, etc.", - Zemkov says.

Classical information security market stops existence

That classical information security market practically disappeared, Evgeny Akimov from Jet Infosystems says. He claims that cybersecurity technologies migrated towards the IT intended for business security.

"It is the newest sector of domestic economy which will grow. According to our forecasts, the gain can make up to 30% annually within the next three years", - the expert says.

According to him, key factors which will provide such dynamics will become:

  • active process automation of security of business, interface of the cybersecurity systems to the analytical systems and means allowing to carry out an operational and multistage inspection of partners, the deep analysis of actions of own employees, privileged users, etc.;

  • development of online-services and, as a result, comprehensive protection of web applications and services;

  • high activity of the organized criminal groups working in the field of IT;

  • engineering and reengineering of processes of security around already constructed technical systems;

  • growth of influence of questions of protection against cyberthreats in the field of national security.

What trends will prevail till 2018?

The state will remain the main player on information security market, experts consider. Change of approaches to informatization of a public sector – one of main customers, will begin to happen in line with foreign policy. It is possible that state regulation will become tougher.

Factors which will influence the commercial sector – new economic and political realities. Because of stagnation in economy of the company will optimize expenses. The state directly will begin to influence import substitution processes. It is worth expecting that there will be a gradual replacement of import software and information security tools by domestic analogs. In new conditions they will be more demanded by both the state, and commercial sector.

"There is a hope for import substitution, but it is necessary to understand that for few years it is impossible to repeat what was created decades. Perhaps, it will lead to the fact that the companies will become worse protected, or will be forced to limit development in use of IT in business because of impossibility them adequately to protect", -Alexey Rayevsky, the CEO of Zecurion company considers.

Because of import substitution of complexity expect also the enterprises which will try to organize large-lot production of information security tools in Russia. "In that case the element base and platforms of the Chinese origin can become base for the hardware and software of data protection", - Konstantin Ivanov, the deputy manager of department of development and maintenance of information security tools of STC of AF of ICL Group considers.

In crisis time demand of customers for the analytical systems, for example, of Big Data technologies in information security will increase. Already unrolled systems at the enterprises purchase new qualities, allow to predict a problem in many cases and to prevent it before it occurred, adds Rajevski.

With it also other experts are solidary. In the conditions of crisis it is more profitable to customers to increase not quantity of the IT and cybersecurity systems, and to upgrade functionality already existing, including – by means of input of analytical tools.

In the conditions of impossibility to finance information security in full, the commercial sector will be able to use new model: transfer a part of processes and problems of cybersecurity to outsourcing. "Such practice is widely applied in the world, but is not characteristic of Russia yet", - Andrey Prozorov, the head of the expert direction of Rostelecom-Solar company says (before Solar Security, Solar Sekyyuriti).

In general, in the nearest future at customers already outlined approach to cybersecurity which can be formulated as "real security" will prevail. Experts are sure that the role of "paper security" till 2018 considerably will decrease. So commercial and, most likely, public sector, priorities from the general and simple fulfillment of requirements of regulators (compliance) towards maximum efficiency of cybersecurity will displace.

Learn more in the Security of Information Systems 2017 overview

Notes