Thematic Research: Cybersecurity (2020)

Thematic Research: Technology GDTMT-TR-S273

Cybersecurity 24 June 2020

Cybersecurity is an unrelenting battle
Today, organizations are plagued by cyberattacks that are advanced, persistent, and which can wreck both operations and reputation.

Companies manage an array of assets, including infrastructure, applications, managed and unmanaged endpoints, mobile devices, and cloud services, all of which can be attacked. Attack types include phishing (the most popular) and ransomware (becoming the most lucrative).

Artificial intelligence-based tools are becoming indispensable
Most organizations are putting their faith in artificial intelligence (AI) to improve threat intelligence, prediction, and protection. It is also providing cover for the continuing cybersecurity skills gap. Despite AI's potential for good, future AI-driven attacks are likely. The COVID-19 pandemic has highlighted why cybernaïve remote-workers need security awareness training to thwart hacker attacks. Attackers will target immature technologies, meaning 5G communications, smart cities, and the Internet of Things (IoT) are all at risk.

To counter these threats, organizations are moving towards a zero trust stance, which assumes that all entities, inside or outside the perimeter, cannot be trusted. Security will also be adopted earlier in application development.

Greater challenges will drive greater investment
The need for security, along with the idea that innovation is critical to counter the evolving threat landscape, will drive cybersecurity spending despite COVID-19's economic impact. Companies worldwide are expected to spend $115bn on security in 2020, according to GlobalData figures. The global security industry will be worth nearly $238bn by 2030, having grown at a compound annual growth rate (CAGR) of 6.4% between 2019 and 2030.

Winners and losers
New AI-infused security companies will either be the standard-bearers of the future or, more likely, become M&A targets for the old guard. Winners, both young and old, will include the following:

Endpoint security: Microsoft, CrowdStrike, McAfee, FireEye, Palo Alto Networks, SentinelOne, BlackBerry, Trend Micro.

Threat intelligence: IBM, ThreatQuotient, Darktrace, Recorded Future, Deep Instinct, Anomali.

Cloud security: Microsoft, IBM, Proofpoint, Trend Micro, Fortinet, Palo Alto Networks.

DevSecOps: Sumo Logic, Veracode, NTT Security, Red Hat.

Losers will include those firms that fail to define a clear AI security stance or take the necessary M&A steps to acquire one.

clientservices.thematic@globaldata.com
+44 (0) 207 406 6764
www.globaldata.com

Inside
Players
Technology briefing
Trends
Industry analysis
Value chain
Companies
Sector scorecard
Glossary
Further reading
Thematic methodology

Contents

| PLAYERS | |---------------------------------------------| | TECHNOLOGY BRIEFING | | TRENDS | | Technology trends | | Macroeconomic trends | | Regulatory trends | | INDUSTRY ANALYSIS | | The third wave of cybersecurity | | Market size and growth forecasts | | AI technologies are changing cybersecurity | | Understanding the malware threat | | Mergers and acquisitions | | Venture funding for cybersecurity companies | | VALUE CHAIN | | The cyber-aware organization | | The cybersecurity organizational stack | | The cybersecurity technology stack | | COMPANIES | | Public companies | | Private companies | | SECTOR SCORECARDS | | Enterprise security sector scorecard | | Who's who | | Valuation screen | | Risk screen | | IT services sector scorecard | | Who's who | | VALUATION SCREEN | | Risk screen |

Players

This schematic shows the major technology areas that make up the cybersecurity sector and details both the leading companies in each area and some of the most notable challengers.

Who are the big players in the cybersecurity industry and where do they sit in the value chain?
This graphic lists the leaders and challengers across the cybersecurity technology stack

Technology Briefing

As technology develops, from mobile to cloud to the IoT, the level of complexity needed for organizations to maintain a cyber-aware stance also increases. Delivering a secure environment for a variety of mobile devices accessing corporate networks at any time is a world away from old intra-office systems. Now the default position is that systems are mobile, with significant security implications.

Once, virtual private networks (VPNs) were the go-to solution to secure network access for employees. VPNs allowed the remote user to tunnel through the perimeter to access what was on the inside of an enterprise. This worked, but it relied on a large amount of implicit or granted trust. Those days have gone because today's threats can come from anywhere, and the safe assumption is that no-one should be trusted. In the rush to remote-working caused by the COVID-19 pandemic, many companies didn't have time to worry about an alternative to VPNs. The need to get employees working remotely in a hurry, coupled with the risk the naiveté of those employees posed, could mean fears about VPNs turn out to be justified. If a trusted user turns out to be a malicious user with stolen credentials gained in a phishing attack on a remote-worker, the organization is in big trouble. This threat is helping drive the adoption of a so-called zero trust approach, where no-one is trusted by default. 2020 will be the year that zero trust starts to take off because there is no alternative.

Perimeter-based security architectures are impotent in the face of many attacks. Their inability to remain secure has pushed the creation of privileged access management (PAM) solutions up the corporate security agenda.

PAM software inhibits access to corporate systems until the user's identity and rights are proven, usually through multi-factor authentication (MFA). Alongside PAM and zero trust frameworks, there is an expectation that all systems are now cloud-based. Cloud adoption reflects organizations' desire to reduce their IT cost, create scalability across their IT environment, and become more flexible. However, it has created a complex delivery model, putting organizations under pressure to adopt the correct cloud configuration, compliance, and management.

A complex cloud ecosystem, if not managed effectively, can lead to security risks and the exposure of sensitive data. A growing number of cyberattacks on organizations' public clouds has led to the creation of cloud security posture management (CSPM) solutions, designed to better configure those clouds. CSPM tools and services can help prevent attacks by validating permissions, identifying incorrect cloud configurations, and spotting errors in the management of encryption keys.

CSPM tools enable organizations to identify and remediate cloud security risks CSPM checks for any misconfigurations which can lead to unwanted data breaches or data leakage.

As this report will discuss, AI and machine learning (ML) have become a central pillar of organizations' defense against cyberattacks, providing necessary threat intelligence and more. There is a fear that 2020 will bring the first AI-enabled attack. Once it arrives, others will follow.

Cybersecurity challenges on the horizon include the use of deepfakes and the impact of 5G communications, allied to the rise of smart cities and the IoT. Embedding the IoT in the urban world only widens the attack surface for hackers.

The fear is that when hackers or criminals break into a device connected to a 5G network, the speed of the network will mean that attackers can extract and download information, including personal data and customer information, much faster than before. Another fear is the impact of attacks on industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems, particularly if those attacks originate from state-sponsored groups.

The final technology development, DevSecOps, is arguably one of the most important. It is a concept that injects security into the software development lifecycle. DevOps is about increasing the level of communication between development and operations. DevSecOps goes further, inviting security into the conversation and integrating security practices within the DevOps process. The aim is to develop a 'security as code' culture, with ongoing, flexible collaboration between release engineers and security teams.

The DevSecOps concept is in its early days, but a growing number of chief information security officers (CISOs) view the early stages of software development as a high priority piece of the overall security puzzle.

Rather than being bolted on as an afterthought to applications, security should be baked in.

DevSecOps introduces security earlier in the lifecycle of application development.

More automation from the start reduces the chance of mistakes, which often leads to downtime or attacks.

Trends

The main trends in the cybersecurity industry over the next 12 to 24 months are shown below. We classify these trends into three categories: technology trends, macroeconomic trends, and regulatory trends.

Technology trends

The table below highlights the key technology trends impacting the cybersecurity industry.

| Trend | What's happening?