Figures, trends and new ideas
At the end of 2020, the domestic information security market will grow by 25%. In short, there are three reasons for this growth. Firstly, information security topic is becoming more and more relevant also for objective reasons: the number of threats and activity of cybercriminals in general is growing every year. The problem of cyber-security is becoming more and more clear and close to the management of different companies and, accordingly, the main principle of making it impossible for certain business risks to be realized is becoming more and more important. Obviously, building practical security of this kind goes hand in hand with increasing relevant budgets.
Second, CII cybersecurity, as a concept that began several years ago with surveys, categorization and design, has finally reached the period of real implementation. And this, in turn, is ensuring the growth of turnover of security vendors and their integration.
Thirdly, it is impossible not to mention that this year business, realizing that next year in the new environment will also change in terms of the usual IT and IS budgeting, sought to implement the plans outlined for 2020 as much as possible and use the resources available for this purpose.
COVID on all fronts
That’s not to say that the COVID-19 pandemic hasn’t had any impact on the cybersecurity market. In reality, however, there has been more talk on the subject than practical impact. By the end of the first quarter of 2020, a situation began to emerge that raised a number of concerns: the overall number of pilot projects dropped sharply. And it is quite clear why this happened – in the updated conditions (lockdown, hasty transition to a remote format of work) it became objectively more difficult (and sometimes even impossible) to conduct these projects on companies’ sites. At the same time, it was clear that the same updated working conditions forced businesses not to freeze their own cybersecurity development projects. Taken together, both moments painted a very dangerous situation in which customer companies could abandon technology piloting (as a selection criterion) and begin to focus only on formal price points. But these fears have remained fears: healthy competition on the domestic IS market has remained the same, and the general orientation of business exactly on the practical security did not allow companies to follow a simplified route to the selection of security features.
Interestingly, throughout 2020, we have seen two powerful bursts of financial and project activity. The first, surprisingly, happened at a time when the country went into quarantine: information security services on the business side by that time already had clearly formed tasks for the year, confirmed budget plans, but the external conditions have narrowed the visibility of the planning horizon to almost zero. Therefore, some of the market players went the way of forcing tenders, starting (or completing) projects, etc. As a result, April showed the first burst of financial and related project activity on the market. The second wave of spending on information security took place in the fourth quarter and was connected with the same need to implement the approved plans. In general, this allowed the information security market to grow, despite all the twists and turns of 2020.
Heading for a Real InfoBase
We have already noted that the IS paradigm is changing in principle: some time ago, the community abandoned the idea of “building cyber fences” and came to the realization that the goal of any security system is to detect an attacker inside information systems as quickly as possible (since in principle there is no security system that cannot be hacked). In practice, during the last year this idea has evolved somewhat: we realized that it is realistic to build a security system that is guaranteed to prevent a potential attacker from realizing specific business risks. This approach implies that any company can be hacked one way or another in the course of an attack, and the task of information security is to prevent an attacker from causing any significant damage. This is a trend that finally took shape literally over the past year, and it is likely to dominate in the coming years. Therefore, at the forefront will come the tasks of creating a new type of SOC – as SLA, which operates not with the 24/7 availability or the incident response rate, but with a much more specific indicator, based on a guaranteed prevention of unacceptable risks for the organization. That is, the effectiveness of such a SOC will be assessed literally on a “yes/no” level – whether the risk is realized or not. In this concept, the qualitative practical cyber-education, as the only measure of the effectiveness of the defense system, becomes particularly important. In information security, it is easy to slip into vague assessments, and only properly organized cyber training makes it possible to avoid slipping into a Potemkin village and to be as specific as possible.
Ultimately, this approach expands the market, qualitatively changing it and leaving the right to live only to those solutions and technologies which really influence the result. That is, we are dealing with a kind of interpretation of Darwin’s theory at the technology level: only those who can detect the activity of an intruder in time, block it, eliminate the possibility of developing an attack and basically “wipe” it from the infrastructure will survive. And we, as a vendor, are also working on creating an intelligent automated tool that will solve this problem quickly and efficiently.
