Cyber threats are growing exponentially.
Governments and enterprises face a widening array of targeted threats and potential infrastructure disruption.
By 2025, there will be over 4 million threat types – and a projected US$ 250 billion will be spent on cybersecurity response, according to analysis from Evolution Equity Partners, an investment fund that primarily invests in cybersecurity startups in both North America and Europe.
Three key drivers can be attributed to this spending increase, says Dennis Smith, co-Founder and Managing Partner at Evolution Equity Partners:
This expenditure is set to increase further.
“Evolution Equity Partners have a CISO (Chief Information Security Officer) network in both North America and in Europe. We asked them about 18 months ago: What if the GDP went down two or three points globally? What if the stock markets globally went down 30 percent? What would happen to your cybersecurity expenditure? Everyone came back and said, staying the same would not be an option. It has to increase,” Smith told ITU News in a recent interview.
“Everything that’s connected to the internet can be attacked and data extracted, so that’s the foundation for why cybersecurity expenditure is accelerating,” said Smith.
The response to cyber threats is changing, too.
A global cybersecurity skills shortage – which is expected to reach 1.8 million unfilled vacancies by 2022, according to the Center for Cyber Safety and Education – coupled with the growth of complex networks and an increase in hacking activity will lead to an increase in automated threat detection and response, according to Smith.
“It’s exactly like a hospital setting. It’s a triage. You know you cannot take any threat that comes in lightly, because that one might be the bad one, and you don’t know. You have to use automation to try to clear out a lot of the known – or what will become known – as false positives,” Smith told ITU News.
Advances in artificial intelligence and machine learning can help enterprises and governments react to incoming threats. Today, AI and machine learning can help detect and prevent phishing attacks, predict incoming threats, and suggest security policies.
“We’ve been actively encouraging our portfolio companies for the last three years to use AI and machine learning, where appropriate, in their product to enhance it,” Smith said.
But AI and machine learning are not patches or quick fixes for cybersecurity issues – they should be built in from the beginning, says Smith.
“Our approach is that virtually everything that’s being done now is underpinned by cybersecurity, or should be,” he said.
“If you’re building software today, you should be building cybersecurity into your product as it’s being developed, not after as an afterthought,” says Smith. “It goes down to the tools you’re using: are they secure? The code that you’re producing, is it secure? The infrastructure you’re operating on, is that secure? Is access secure to it?”
*ITU is hosting a workshop on Security, Infrastructure and Trust for Digital Financial Services this week at ITU Headquarters in Geneva.