10 Cybersecurity Lessons Learned In 2016 (So Far)
Lessons Learned
The security industry never seems to slow down, it only accelerates. For solution providers, that means new streams of revenue and big business if they are able to help customers navigate the complicated landscape of emerging threats. So far this year, some of those challenges have included ransomware and new vectors of attack around the Internet of Things and critical infrastructure. We have also seen the security industry evolving in a big way, with a changing venture capital funding environment, major industry consolidation and new integration between competitive vendors. Take a look back at some of the biggest lessons and takeaways from the cybersecurity industry so far, and get ready for what is sure to be an exciting year to come.
Ransomware Continues To Be Growing Challenge
Many solution providers predicted that 2016 would see a continued rise in ransomware attacks, and they weren’t wrong. According to research firm Gartner, companies paid out $209 million to ransomware attacks in the first quarter of 2016. This compares with $24 million in all of 2015. The year so far has already seen some high-profile attacks, most notably an attack on a California hospital in February that left it unable to access its network, any of its electronic health records or electronic communications and forced it to revert to paper, telephones and fax machines to keep the medical center up and running. The hospital was ultimately forced to pay the ransom in order to resume operations.
Venture Capital Funding Starting To Dry Up
After speculation that venture capital funding around cybersecurity would slow down after years of overzealous investments, it looks like the slowdown might have arrived in the first half of 2016. According to a report by CB Insights, venture capital funding is on a run rate for 2016 to surpass $3 billion across 300 deals. That is down from $3.75 billion invested across 336 deals in 2015, the company found. However, that does not mean we haven’t seen some blockbuster funding announcements in 2016. Some notable cybersecurity companies landing funding so far this year include Cylance ($100 million), ForeScout Technologies ($76 million), Malwarebytes ($50 million) and PhishMe ($42.5 million).
Customer Focus Continues To Hone In On Endpoint
There’s been a shift in the security industry over the past year or so, moving away from so-called perimeter network security solutions to put an increased emphasis on endpoint and data security solutions. While network security solutions aren’t going away, the shift recognizes that perimeter technologies aren’t infallible, and customers need to start protecting data where it lives on the endpoint and in the data center. Solution providers say that shift has only continued to accelerate in 2016 so far, and will likely accelerate further going forward.
Integrations, Integrations, Integrations
Especially around the cloud security market, 2016 was all about building vendor integrations. Multiple vendors, including LightCyber, Blue Coat Systems and Skyhigh Networks, launched technology partner programs to provide ready-made integrations to complementary security solutions. The vendors said the integrations help partners drive more value across their security line cards and, from there, develop custom services and solutions packages around the technologies. Solution providers agreed, telling CRN that programs like these help them smooth the process of adding new vendors to customer environments without vastly adjusting their budgets for a new point solution.
Security Industry Starting To Consolidate
Consolidation started to take place in a big way in the security market in 2016, bringing to bear predictions that some of the market’s thousands of startups would get bought up in the months to come. 2016 so far has yielded some blockbuster deals, most notably the $4.65 billion acquisition of Blue Coat Systems by Symantec. Other acquisitions during the year so far included Carbon Black acquiring Confer, Avast Software acquiring AVG, private equity acquiring Dell Software, private equity acquiring Ping Identity, and Optiv making three acquisitions. It looks like we aren’t done yet with acquisitions to come, with rumors recently emerging that companies like CyberArk, FireEye and Intel Security might be looking for a buyer.
CASBs Gaining Steam
2015 was a busy year for the budding cloud access security brokerage (CASB) market, and the first half of 2016 wasn’t any different. As cloud continues to gain traction in the enterprise, CASB providers are starting to gain serious traction with partners and customers that are looking to secure their moves off-premise. According to Gartner, 85 percent of enterprises will be using a CASB solution by 2020. That is up from fewer than 5 percent today, Gartner said. Last year saw multiple acquisitions in the space, with big-name vendors such as Cisco, Blue Coat and Microsoft jumping in to buy CASB players. This year, Symantec also joined the fray when it picked up Blue Coat.
Companies Moving In To Secure Emerging Threat Areas
Last year, solution providers predicted major threats to come around critical infrastructure and the Internet of Things. Those fears have already started to come to fruition in some areas, with attacks on a power grid in the Ukraine and a New York dam control system. Cybersecurity companies have stepped up their game in the year so far, launching solutions to help partners tackle the threats to come. Those efforts include acquisitions, such as Cisco’s acquisition of Jasper Technologies in February, AT&T adding a new IoT platform, and security vendor partnerships with engineering services firms that build critical infrastructure.
Security Status Quo Changing
One thing that is clear from the year so far is that the security status quo is in for a shakeup – big time – with big-name vendors showing shaky earnings and startups moving into incumbent territory. With that has come some infighting in the space, with big-name vendors and startups facing off with sharp words about why their technology is better than their competitors. One example of that in the year so far was a war of words over a video from Sophos that outlined where it felt Cylance’s next-generation endpoint security technology fell short. That fight escalated, with a partner caught in the middle and each side accusing the other of playing dirty tricks.
Public Policy Paying Attention
Starting in 2015, policy makers started to pay a lot more attention to the security industry (for better or for worse). We saw debates re-ignited around encryption, data privacy, surveillance, information sharing and more, though few of these topics got any resolution. Those debates only grew more heated in 2016 so far, most notably culminating in a fight over encryption between Apple and the FBI, in which the law enforcement organization tried to compel Apple to open an encrypted iPhone involved in the San Bernardino terrorist attack last year. While the FBI ultimately went around Apple by hacking the iPhone in question, solution providers say questions still remain about device security and the extent of influence the government can have over a private sector vendor. What that means going forward remains to be seen.
Security Will Only Continue To Grow
While some analysts and big-name vendors predicted a security slowdown in 2016, all indications are pointing to the year being bigger than ever when it comes to security spending. Solution providers say security spending remains one of the top customer priorities for the year. According to a recent report by Cybersecurity Ventures, worldwide spending on security products and services will hit $1 trillion during the five-year period between 2017 and 2021, a market that founder Steve Morgan said presents a big opportunity for solution providers.
"The cybersecurity space is ripe for VARs," Morgan told CRN in an email. "Corporations of all sizes and governments globally are turning to security outsourcers for help. VARs with deep domain experience in cybersecurity are few and far between, and in high demand for their consulting and advisory services," he said.