Cybersecurity has not only dominated the headlines in the wake of the U.S. Office of Personnel Management (OPM) and Sony hacks, it has become a big business opportunity as well. The demand for protection in the cyber domain is rising across the world. According to current projections, cybersecurity firms can look forward to significant industry growth, with the market estimated to rise from $75.4 billion in 2015 to a value of $170 billion by 2020. However, the cybersecurity industry is still relatively young, and it is approaching a key point in its development that will be influenced by the confluence of several key factors.
First and foremost, the cyber attacks surface has been expanding rapidly for some time—a truth that is becoming more evident with every successful large-scale hack. The “attack surface” describes all the potential parts of a system that a hacker could attack in order to gain access to a system. This attack surface has grown from exclusively networked computers, to now include mobile devices like phones and tablets. The rise of the Internet of Things is starting to create yet more points of vulnerability, as all manner of devices—refrigerators, pace makers, cars, etc.—are becoming networked together. Penetrating one can give hackers access into all. At present, the cybersecurity industry is still figuring out how to handle this issue. The way in which the cybersecurity industry meets the challenge posed by an increasingly networked society will have a profound impact on its overall development.
As the cybersecurity industry develops a better understanding of companies’ vulnerabilities, it is beginning to offer a wider range of solutions for a wider range of customers. In addition to common protections—firewalls, network monitoring, breach response—many companies are starting to leverage the cloud to provide tools that scale to meet the needs of smaller businesses. Larger firms are also starting to work together to tackle larger threats. For example, Fortinet, Palo Alto Networks, Symantec, and Intel Security decided to work together, and formed the Cyber Threat Alliance. By pooling their resources, they were able to produce a large volume of information about ransomware—programs that hold computers hostage in exchange for a ransom that is usually paid in bitcoins. These efforts to provide broad spectrum and collaborative solutions to security needs indicate that the cybersecurity industry is both maturing and refining its approach to ever changing cyber threats.
Lastly, the cybersecurity industry has become keenly aware that there are not enough cybersecurity professionals to meet its needs. This shortage is a very significant problem for the industry as a whole and will continue to be so for the foreseeable future, especially given the rate of high profile cyber attacks. There are many potential approaches to solving this labor shortage, but one of the most effective long term strategies may be to make those fields more accessible to segments of society that are underrepresented. Cybersecurity and information technology have long been fields with little participation from women and minorities. The Information Technology Association of America has reported that women comprise 28 percent and minorities 29 percent of the total science and engineering workforce. The ways in which the cybersecurity industry engages with underrepresented groups will likely have significant bearing on both its own labor shortage and on how the industry grows in the future.
Luke Penn-Hall is the Cyber and Technology Producer at The Cipher Brief.
