By JON TULLETT, research manager for IT Services at IDC South Africa
The illicit proceeds of global cybercrime had reached $US1.5 trillion annually according to a 2018 study. Norton Security estimates that by 2023, a total of 33 billion records would be stolen each year. Internet of Things (IoT) attacks increased by 600% and Microsoft cloud user accounts saw a 300% increase in cyber-attacks, over the past year. It is, therefore, little wonder that worldwide spend on security-related hardware, software, and services are forecast, by IDC, to reach $US103.1 billion in 2019. There is a need for a new security paradigm that makes greater use of emergent technologies and is more agile and effective than in the past.
The security challenges and requirements for business 2.0 require far greater use of analytics and machine learning to identify the baseline behaviours of people, applications and infrastructure. This will allow for rapid responses to potential threats and makes better use of cloud technologies – both public and private – to build out an in-depth defense that is consistent with oversight within the organisation.
Incident response will always be a part of security, but the sad reality is that it is also always behind. That said, the next generation of cloud technologies and analytics can greatly improve security capabilities and help organisations overcome that sense of always being left behind. While there will be a new generation of threats loping casually beside – and ahead – of technology’s evolution, the measurements that assess the efficacy of a security system should be around response times. Did the business respond faster than it did in the past?
A much faster and more agile infrastructure needs new thinking about policies and compliance. Orders of magnitude increase in data transactions and volumes require different ways of thinking about protection and threat mitigation. This is further affected by the fluidity of on-demand applications and API access as they increase the number of unpredictable types of access to systems that were, in the past, easy to secure.
Going forward, security must place scale and agility at the centre of design thinking and planning. The security team must build capability that allows them to move faster and take more effective and decisive action with greater insight and confidence. Today’s security products aren’t ready for this. What’s needed is a next-generation set of thinking and tools that are in line with the technologies that preceded them.
This isn’t an incremental change. Most of today’s security tools and many of today’s security companies probably will not survive to see the next generation of business. The changes that are coming are going to have a disruptive impact on market, business and security thinking.
Of course, in the meteor shower of disruption, it’s hard to avoid the conversation of artificial intelligence (AI). Every organisation, and individual, wants to know what impact of this technology will have on them. The reality is that the changes it will make to life and business will be mundane.
It will offer better insights, efficiencies, and more confident decision-making. There will be outliers where an AI model will create a completely new business or achieve an unheard-of improvement, but they will be the black swans. There will also be some businesses that may be dramatically impacted by AI in the next five to ten years, but it will be limited within a niche. For most the future is mundane improvements, but for that niche, the disruption will be severe.
Perhaps the question isn’t the impact of AI but rather the impact of not investing in AI. Can the organisation afford not to make a move towards a technology that has proven results and delivers improvements to the bottom line?
If your competitors are improving their customer experience and gaining efficiencies, you must keep up. The good news is that a lot of AI won’t require separate investment. All the enterprise software vendors have a plan to leverage AI capabilities within their products so they will be a subscription service for most customers. And that will effectively answer both questions.
