With the recent DDOS (distributed denial of service) attack on Dyn that brought down much of America’s internet in October, cybersecurity is once again on people’s minds. Sites that went down included Twitter, Netflix, Reddit, CNN and many others.
Ransomware has hit the headlines on the UK national news, with many individuals and businesses losing over £4 million to hackers who, after unleashing the ransomware, decrypt the victim’s files in exchange for a ransom paid in bitcoin.
The US election results are under scrutiny as Russia is accused of hacking the electoral system in the run up to the vote. University of Michigan Professor of Computer Science J. Alex Halderman discusses how malware might secretly corrupt the election results.
Despite the media attention, the topic of cybersecurity still leaves many people feeling bored or baffled.
The IoT and cybersecurity
The Internet of Things has received a lot of attention as a promising area of marketing and technological growth, but the increased threat of cyber attacks is less discussed.
What makes the Dyn attack interesting is the malware’s usage of the IoT to coordinate the assault. The botnet responsible was made up of a network of IoT devices including digital cameras and DVR players, in contrast to the usual network of personal computers.
Despite the growing threat, cybersecurity for the IoT is something most people neglect in their enthusiasm for connectivity.
With the IoT becoming bigger and bigger, and 5G in the works meaning more data for mobile devices, our constant connectedness is outstripping our attention to security issues.
Cybersecurity challenges become more complicated in the professional world as employees are using their smartphones to conduct business, often carry personal laptops and work in coffee shops or on trains.
The traditional model of working on one site and using the company VPN at home is rapidly becoming obsolete.
Steve Morgan, Founder and CEO of Cybersecurity Ventures, says “Cyber threats have evolved from targeting and harming computers, networks, and smartphones — to humans, cars, railways, planes, power grids and anything with a heartbeat or an electronic pulse.”
Cybersecurity has an image problem
Cybersecurity has an image problem and the name is perhaps misleading. Calling it internet security would be better, to help people understand it’s about staying safe online and protecting your details.
With the rise of torrenting and illegal downloads, this presents even more risks than the simple email virus that has become well-known in popular culture.
Email service providers generally offer virus scanning software, and most people know not to open attachments from unknown sources based in Nigeria asking for money.
However, one problem which many people aren’t aware of, which is an especially significant problem in small businesses, is the reliance on outdated systems which are vulnerable to hackers.
It’s incredibly expensive to upgrade to new systems for an entire business – a cost which often proves prohibitive for many businesses.
But the cost of a serious malware or ransomware attack is bigger and can cost someone their livelihood.
Movie hackers are romanticized
Part of the problem is not viewing cybercrime as a real-world threat, and seeing it as the stuff of fiction.
Hacking has been romanticized as an exciting activity of the criminal underworld, sometimes with an ethical goal.
Hackers in films are presented as cool members of the underworld who generally use their powers for ‘taking down the system’, or stealing large sums of money from faceless corporations.
This encourages a view of cybersecurity as otherworldly. It prevents people from seeing cybercrime as a genuine risk until it actually happens to them, and means they don’t bother to learn more about how they can protect themselves online.
On the other hand, the image of cybersecurity in the ‘real world’ also puts people off. Cybersecurity specialists are often joked about as extremely boring, and boxed in as the kind of people who are generally thought responsible for protecting the systems of governments and corporations.
Cybersecurity is fundamentally unsexy, and many businesses would prefer to focus on more exciting areas of technology such as social media, SaaS, VR and AI.
But the truth is, all businesses, big and small, need to take an active role in their cybersecurity to mitigate their risk of loss online.
Demand for SaaS products
Astonishingly, there is zero percent cybersecurity unemployment. Every single cybersecurity professional has a job, and 1 million positions are still left unfilled. This figure is only set to increase.
World spending on cybersecurity is set to top $1 trillion by 2021, while cybercrime is predicted to cost the world a whopping $6 trillion by 2021.
The opinion from Rob Owens, senior research analyst for security and infrastructure software at Pacific Crest Securities, is that companies should be spending even more on cybersecurity.
Cybercrime is a problem for all sizes of businesses, including the ones who can’t afford to hire in-house cybersecurity experts to keep their systems safe.
This will lead to a rise in demand for Cybersecurity as a Service, a subset of SaaS, to ensure businesses can remain protected from cyber crime.
SaaS actually offers better security than your traditional enterprise model in some ways, and Gartner predicts it will be the future of cybersecurity.
SECaaS (as it might be called) is more easily updated due to the centralisation of the source code. Suppliers need not constantly battle with outdated versions installed locally on hardware, but can release updates and patches whenever needed.
It will work successfully with the IoT because SECaaS can be deployed from off-site, and can more easily incorporate extra devices.
It’s also more appropriate for the model of working from anywhere and at any time that is becoming prevalent in the business world, encouraged by startup culture and the demand for flexible working for families.
Making cybersecurity sexy
We need to make cybersecurity sexy by empowering everyone to learn how to make themselves safe online.
Role models in cybersecurity can come forward to talk about what excites them in this area of tech, and why ordinary people should care. It can be openly linked with cybercrime to help people understand the need to protect themselves.
Companies can take an active role in educating their employees and hire cybersecurity specialists to help them secure their business.
If companies show their willingness to invest in cybersecurity careers, this will create a virtuous cycle of encouraging more tech professionals to pick a cybersecurity career path.
If this isn’t financially sensible, investing in the appropriate software from SaaS vendors is the next best thing. Explore Crowdstrike, CloudLock, Sophtix or Webroot as some of the options currently available.
SaaS companies can do more to sell cybersecurity products to SMEs and startups that will help protect them against cybercrime. There is definitely a niche in the market, and with the right branding, Cybersecurity as a Service has the potential to be very popular.
Did you enjoy this article? Contact me at firstname.lastname@example.org to commission me to write for your team.