EMERGING TRENDS

Cybersecurity
2019
Table of Contents

CONTENTS
NExTT framework 3

NECESSARY
Container security 7
Identity-as-a-Service (IDaaS) 10
Behavioral analytics (BA) 12
Software-defined networking (SDN) 15

EXPERIMENTAL
Blockchain security 18
Disinformation defense systems 20
Homomorphic encryption (HE) 23
Zero-knowledge proofs (ZKP) 25
Open-source security 28

THREATENING
Quantum encryption 31
Edge intelligence 33
Firmware security 35

TRANSITORY
Data provenance 37
Autonomous security operations center (ASOC) 39
Cyber insurance 41

Emerging Trends In Cybersecurity 2

WHAT IS CB INSIGHTS?

CB Insights is a tech market intelligence

platform that analyzes millions of data
points on venture capital, startups, patents,
partnerships and news mentions to help
you see tomorrow’s opportunities, today.

CLICK HERE TO LEARN MORE

 NExTT FRAMEWORK

Emerging Trends in Cybersecurity

TRANSITORY NECESSARY
High

Container security

Identity-as-a-service

e, Risk, & Compliance Behavioral analytics

rity
Software defined networking
Data provenance
INDUSTRY ADOPTION

Autonomous SOC

Cyber insurance

Quantum encryption

Edge intelligence
Disinformation defense

Open source security

Firmware security

Zero-knowledge proofs

Homomorphic encryption

Blockchain security
Low

EXPERIMENTAL THREATENING
TRANSITORY
High

Low MARKET STRENGTH High

Identity-a

IT Governance, Risk, & Compliance Behavioral analytics

Data Security

Network Security
Software defined net
Data provenance
INDUSTRY ADOPTION

Autonomous SOC

Cyber insurance

Edge
Disinformation defense
Emerging Trends In Cybersecurity 3
Open source security
Firmware security
 Title of NExTT Framework
NExTT Trends
TRANSITORY NECESSARY
High

TRANSITORY NECESSARY
Advanced driver
assistance
Trends seeing adoption but Trends which are seeing wide-
Telematics Vehicle
where there is uncertainty spread industry and customer
connectivity On-demand
about market opportunity. implementation / adoption accessand
Lithium-ion
Next gen HD where market and applications
As Transitory trends becomemapping batteries AI processor
infotainment
more broadly understood, are understood. chips & software
On-board
INDUSTRY ADOPTION

they may reveal additional diagnostics For these trends, incumbents

AV sensors &
opportunities and markets. should have a clear,
sensor articulated
fusion
Mobile Digital
strategy and initiatives .
marketing dealership
Additive Industrial internet of
D and design Usage-based
manufacturing things (IIoT)
insurance Industrial
EXPERIMENTAL THREATENING
computer
vision
aterial supply, Wearables and
Conceptual or early-stage
exoskeletons
Alternative
Large addressable market
powertrain
rts sourcing, trends with few Driver technology
functional forecasts and notable
d vehicle products and monitoring
which have not investment
Vehicle activity.
Online
Flexible
sembly Decentralized
seen widespread adoption.
assembly lightweighting aftermarket
The trend has been embraced
production parts
lines
Experimental trends are already
Predictive by early adopters and may
stribution, maintenance
spurring early media interest
Vehicle-to-everything be on the precipice of gaining
tech
arketing & and proof-of-concepts.
Car vending
widespread industry or
Automobile
les machines
security Virtual
customer adoption.
Low

showrooms
Flying robotaxis
termarket EXPERIMENTAL
Blockchain
verification THREATENING
rvices and
hicle use Low MARKET STRENGTH High

We evaluate each of these trends using The NExTT framework’s 2 dimensions:

the CB Insights NExTT framework. INDUSTRY ADOPTION (y-axis): Signals
include momentum of startups in the
The NExTT framework educates
space, media attention, customer adoption
businesses about emerging trends and
(partnerships, customer, licensing deals).
guides their decisions in accordance with
their comfort with risk. MARKET STRENGTH (x-axis): Signals
include market sizing forecasts, quality
NExTT uses data-driven signals to and number of investors and capital,
evaluate technology, product, and investments in R&D, earnings transcript
business model trends from conception commentary, competitive intensity,
to maturity to broad adoption. incumbent deal making (M&A,
strategic investments).

Emerging Trends In Cybersecurity 4

From network and data security to IT governance, risk
measurement, and policy compliance, cybersecurity is
a growing industry estimated to be worth over $300B
by 2025.

Expanding IoT connectivity, growth in personal data, rising critical cyber-

physical systems, and the proliferation of advanced cyber weaponry are
creating a world in which digital attacks will have devastating physical
consequences.

In tandem, cybersecurity is quickly becoming a priority across industries

from automotive, to finance, to healthcare, and beyond. Enterprises
are seeking technologies and tactics to safeguard their interests from
advanced and persistent threats.

As the number of accidents and malicious attacks rise, the need for
better cybersecurity only becomes more apparent.

Startups are emerging to offer cybersecurity tools that address

new vulnerabilities arising from wider enterprise cloud adoption,
larger mobile workforces, and the advent of quantum computing.
Meanwhile, corporations and governments are launching their own
cybersecurity initiatives.

Corporations in particular are facing mounting regulatory and financial

penalties as a consequence of cyber insecurity, motivating the C-suite
across industries to boost their cybersecurity budgets.

However, despite the advent of novel security technologies and bigger

cybersecurity budgets, enterprises with critical digital assets are still at
great risk. Understanding the trends and technologies driving the future
of cybersecurity is more important than ever.

Emerging Trends In Cybersecurity 5

In this report, we focus on 15 cybersecurity trends from our data-driven
NExTT framework.

Our necessary trends, such as container security, Identity-as-a-Service,

and software-defined networking, have already seen fairly wide adoption
across industries and by customers. Companies should be focusing on
these trends if they want to remain secure.

Our experimental trends haven’t seen as much traction yet, but early
media interest and proofs of concept suggest these products, services,
and approaches to cybersecurity could become the necessary trends
of tomorrow.

Emerging Trends In Cybersecurity 6

Necessary

CONTAINER SECURITY
Container security addresses cybersecurity challenges that arise
from using containerization technology to build and run enterprise
applications in the cloud.

Container security protects the integrity of containers. This includes the

applications they hold and the infrastructure they run on.

Containerization is gaining widespread support and has the potential to

reinvent the way enterprises deploy cloud applications.

Essentially, application containerization allows enterprises to create and

manage distributed software applications without launching an entire
virtual machine for each app. This means enterprises can launch apps
and migrate services to the cloud faster, for less money, and with fewer
computing resources.

But the adoption of container technology means new cybersecurity

challenges will arise. For example, Tesla suffered a cryptomining attack
after settings were accidentally exposed in its Kubernetes container
orchestration deployment on AWS in 2018.

“We see container security as a significant new paradigm coming at us,

which will bring a lot of change,” Qualys CEO Philippe Courtot said.

Container security challenges are primarily related to a lack of visibility,

monitoring, and control over their deployments. Because containers are
constantly changing in the production environment, real-time visibility,
monitoring, and control are difficult without tools that are explicitly built
to understand their behavior.

Emerging Trends In Cybersecurity 7

Another concern with containerization is a lack of isolation from the
core operating system (OS). Application containers share access to the
host OS, meaning hackers could access an enterprise’s entire container
ecosystem if they threatened the OS.

An entire sub-industry exists to sell cybersecurity tools that scan an OS

for vulnerabilities. However, today’s most advanced monitoring systems
struggle to adequately police individual containers.

Nevertheless, containerization offers its own added security, including

increased isolation between individual application packages. In theory,
if an attacker can’t get to the OS, the distributed nature of containerized
applications makes them less vulnerable to a widespread attack.

Today, new container monitoring tools are rising to help security

practitioners discover where their organization is running containers,
and adapt security policies to keep pace with fast container scaling
and updates. They also provide new systems for logging and flagging
container connections, workloads, and policy violations.

The world’s biggest companies know that containerization in the cloud is

the future of software.

The 3 major cloud providers — Amazon, Google, and Microsoft — have

all added CaaS (Containers-as-a-Service), allowing container technology
to run on their platforms. In 2018, IBM acquired open-source enterprise
software company RedHat for $34B, which was also partially a bet on
containerization technology.

With the global cloud application security market expected to reach

~$14B by 2022, adoption of container security systems will grow.

Emerging Trends In Cybersecurity 8

Source: Comodo

Emerging Trends In Cybersecurity 9

IDENTITY-AS-A-SERVICE (IDAAS)
As enterprises continue to embrace the cloud and mobile technology,
their identity and access management systems are becoming more
complex. IDaaS can help reduce the burden.

IDaaS offerings are essentially subscription software-based identity

and access management systems that are built and managed by a
third party. IDaaS platforms simplify authentication schemes that are
essential to granting employees appropriate access to digital resources
such as cloud-based applications and more.

New identity security regulations, such as the EU’s General Data

Protection Regulation (GDPR) and the California Consumer Privacy Act
(CCPA), are contributing to the rise of IDaaS. These regulations compel
enterprises to secure the personally identifiable information (PII) of their
employees and customers.

Rising demand for remote access to enterprise cloud resources and the
growing number of employee devices mean achieving robust identity
security is increasingly difficult.

IDaaS can help with a number of different applications. One of the

most popular is Single Sign-on (SSO), where employees, partners, and
customers can access SaaS, mobile, and enterprise apps with a single
login credential.

Other well known applications for IDaaS include multi-factor

authentication (MFA), which requires multiple forms of identification
before granting access to resources, and privileged access management
(PAM), which grants access only to certain designated people.

The overall identity and access management (IAM) market is expected

to reach $23B by 2025.

Emerging Trends In Cybersecurity 10

Enterprises that require dynamic identity solutions will likely turn to
IDaaS vendors to satisfy traditional IAM needs in an increasingly cloud-
based and mobile world.

Funding to IDaaS startups is on the rise. For example, Auth0 obtained a

$103M Series E round in May 2019 and achieved unicorn status with a
valuation of $1B. In January, OneLogin raised a $100M Series D round.

Source: Oracle

Emerging Trends In Cybersecurity 11

BEHAVIORAL ANALYTICS (BA)
BA systems are benefitting from advancements in AI. Together, these
technologies are ushering in a new age of unprecedented cyber threat
detection and fraud fighting capabilities.

BA systems monitor users’ behavioral patterns to identify anomalous

network activity or pattern-breaking behaviors that indicate a possible
security threat.

For example, if a user normally downloads scheduling and logistics data

every day and then suddenly downloads sensitive intellectual property, a
BA system would flag that action as a potential threat.

Any organization in a critical industry (finance, healthcare, telecom,

utilities, etc.) has to be aware that they are likely going to be attacked
in cyberspace. Hackers are persistent and they have greater access to
advanced cyber weapons; in turn, traditional defenses are failing.

Eighty percent of observed malware appears only once in the wild,

according to cybersecurity corporation FireEye. This means traditional
defenses that use known malware signatures to flag and stop the
delivery of malicious code are no longer able to keep up with the amount
of unique malware being created. Additionally, attackers are waging
advanced social engineering campaigns that can bypass signature-
based network defenses.

BA systems are rising as security mechanisms because they do not

depend on traditional signature-based detection schemes to stop
advanced malware. Instead, BA systems make it so that a hacker has to
enter the network and also mimic a stolen account’s normal behavior to
evade detection.

Emerging Trends In Cybersecurity 12

BA systems have been in use for years outside of cybersecurity by
companies like Netflix and Amazon to recommend new purchases based
on past online behaviors. But in late 2013, Target’s infamous data breach
made it apparent that BA systems had a place in cybersecurity.

An investigation determined that Target was logging network activity

data that contained records of hacking, but the attack went unnoticed
because the data wasn’t being analyzed by a BA system. Shortly after the
Target breach, an entire sub-industry of cybersecurity companies started
to offer products for analyzing and extracting security alerts from vast
amounts of network behavioral data.

However, off-the-shelf machine learning (ML) algorithms were largely

unable to process the sheer volume of behavioral information being
generated. Consequently, the early days of using BA technology in
cybersecurity resulted in many false positives, overburdening security
teams by forcing them to respond to a system that repeatedly cried wolf.

Recent advancements in AI — including neural networking combined

with large-scale storage for data warehousing — are bringing behavioral
analytics into the fight for the future of cybersecurity.

With fraud rates expected to rise in 2019, and e-commerce retailers

losing billions of dollars to these attacks, AI-enabled BA systems are
poised to help stop fraudsters in near-real time.

Note that even with rapid AI advancements BA systems will not replace
human analysts; rather, BA aims to make analysts more effective and
less prone to alert fatigue.

Current estimates place the market for BA systems at ~$350M by 2020.

Emerging Trends In Cybersecurity 13

Looking ahead, BA technology will continue to become integral in
adjacent and larger security markets such as endpoint security, identity
and access management (IAM), data loss prevention (DLP), fraud
detection, and more.

Source: CSIRO Research

Emerging Trends In Cybersecurity 14

SOFTWARE-DEFINED NETWORKING (SDN)
SDN has the potential to achieve greater network security in a time
when orchestrating expanding resources and monitoring activity is
increasingly difficult.

Software-defined networking (SDN) is a modern network architecture

that offers lower costs, higher bandwidth, greater security, and better
application performance than traditional architectures.

While the concept of SDN has been around for quite some time, adoption
didn’t take off until Facebook introduced the Open Compute Project
(OCP) in 2011. The OCP promotes redesigning hardware technologies
to efficiently support the growing demands on today’s compute
infrastructure.

Like all types of computer networking architecture, SDNs have unique

security benefits and vulnerabilities. Nevertheless, cyber attacks on
SDNs are similar to those on other computer networks, including
malicious code injections, denial-of-service, and unauthorized access.

What’s unique about SDN is the separation of the network planes —

the application plane and the data plane. This separation enables
dynamic programming and restructuring of network settings, which
reduce the risk of certain attacks such as distributed-denial-of-service
(DDoS) attacks.

There are new types of DDoS attacks that exploit SDN infrastructure by
locating specific automatic processes that use a significant amount of
CPU cycles. However, SDNs have the ability to automatically quarantine
parts of a network that have been infected with a malicious code.

Emerging Trends In Cybersecurity 15

SDNs can also be used to route individual data packets through a unique
firewall, making data capture for intrusion detection and prevention more
efficient.

Software-defined wide-area networking (SD-WAN) has followed closely

behind the introduction of SDN. SD-WAN is an extension of SDN that
brings the programmability and flexibility of software-defined networking
to wide-area networks.

Although SD-WAN uses the public internet instead of a private network,

all data is encrypted end-to-end, which provides even greater security
over traditional private networks.

SD-WAN has already seen significant adoption by enterprises over the

past few years. This adoption is expected to accelerate in 2019 and
beyond, driven especially by expanded IoT use and the introduction of 5G
networks.

The most significant attack on a software-defined network or SD-

WAN would include a hacker compromising the integrity of the SDN
or SD-WAN controller, the central point for decisions in a network and
potentially a central point of failure.

While a major attack on a controller has not yet occurred, it becomes

increasingly possible as SDN and SD-WAN usage continues to grow.

In November 2018, Oracle acquired SD-WAN company Talari Networks in

an effort to ensure networking advantages — including cybersecurity —
for its enterprise software customers.

Emerging Trends In Cybersecurity 16

The SD-WAN market is expected to reach over $8B by 2021.

Source: DCD

Emerging Trends In Cybersecurity 17

Experimental

BLOCKCHAIN SECURITY
Securing enterprise blockchain ecosystems and auditing smart
contracts will become more important as institutions incorporate
these technologies into critical business applications.

Blockchain security, or smart contract security, refers to the technologies

and techniques for securing enterprise blockchains from targeted attacks
and for auditing blockchain-based smart contracts.

Blockchains — digital ledgers for recording and verifying a high volume of

transactions — are becoming more popular among organizations. In 2019,
businesses are expected to spend $2.9B on blockchain technology, up
almost 90% from 2018, according to IDC.

Smart contracts are a critical piece of an enterprise blockchain

ecosystem. They are fully autonomous computer programs or contracts
that are enforced via code rather than courts. Smart contracts could
someday be responsible for automating bond payments, conferring real-
estate ownership, authenticating pharmaceuticals, and much more.

As enterprises depend more on smart contracts, they will have to grapple

with new security issues surrounding the technology.

For example, in 2016 a new type of funding mechanism called the

Decentralized Autonomous Organization (DAO) was set up using the
Ethereum blockchain. Shortly after launching, an attacker stole more than
$60M worth of cryptocurrency by exploiting an unforeseen flaw in a smart
contract that governed the DAO.

The DAO attack reportedly could have been avoided if the contract had
been submitted to an auditing service.

Today, we are seeing the rise of a new class of startups deploying

technology to secure enterprise blockchain ecosystems with a focus on
auditing smart contracts.

Emerging Trends In Cybersecurity 18

Companies are using AI to monitor transactions, detect suspicious activity,
and scan smart contract code for known vulnerabilities. Others are using
formal verification, an established computer science technique, to prove
mathematically that a contract’s code will execute as intended.

Emerging smart contract auditing tools that have come online in the past
year are enabling engineers to fix many of the vulnerabilities that plagued
these systems in the past. However, auditing smart contracts at scale is
expensive and time consuming. Smart contract security weaknesses and
implications are just beginning to emerge.

Security vulnerabilities cost blockchain companies more than $2B in lost

or stolen capital in 2018, according to smart contract auditing company
Hosho. The company’s audit found that more than 1 in 4 smart contracts
have critical vulnerabilities, and 3 in 5 have at least 1 security issue.

Emerging Trends In Cybersecurity 19

DISINFORMATION DEFENSE SYSTEMS
The next generation of information warfare, including fabricated videos
known as “deepfakes,” is beginning to take shape. New technologies
are emerging to help counter digital deception.

Disinformation defense systems include technologies that authenticate

digital media at scale.

It no longer seems outlandish to say that the future of warfare isn’t on

the battlefield, but on our screens. Military and intelligence agencies
around the world are already waging secret information wars in
cyberspace, which are profoundly influencing public perceptions of truth,
power, and legitimacy.

This threat is only intensifying as artificial intelligence tools become

more widely available.

For example, political bot armies and fake user “sock puppets” are
targeting social news feeds to computationally spread propaganda.

Online, the line between truth and falsehood is becoming less distinct as
AI researchers develop technologies that can produce audio and video
that is nearly impossible to confirm as real or fake.

Within a year, it will be simple to create high-quality digital deceptions

where authenticity cannot be easily verified.

Information attacks have materialized quickly over the last few years.
The World Economic Forum named the “spread of misinformation
online” the 10th most significant trend to watch in 2014. Today,
events like Russia’s 2016 US election meddling confirm the systematic
state-sponsored deployment of digital information attacks by
foreign adversaries.

Emerging Trends In Cybersecurity 20

Today, researchers and professionals in universities, governments,
startups, and the nonprofit sector are laying the groundwork for what
could someday become effective forensic defenses in the fight against
digital deception.

For example, cryptographic techniques that underpin the technology

behind blockchain can also help ensure that digital content comes from
a trusted, accountable source.

Media could be stamped with a unique cryptographic identifier, which

could be cross-referenced with records on a blockchain to verify its
source. Media without an identifier would be considered less trustworthy.

The Defense Advanced Research Projects Agency (DARPA) has

launched at least 2 calls for research to build a scalable digital media
authentication system.

The Media Forensics (MediFor) project is an attempt to build a platform

for algorithmically detecting manipulations in images and videos.
MediFor could eventually lead to the creation of a crowdsourcing
platform where viewers can collectively investigate videos’ authenticity.

DARPA’s MEMEX project could help build a massive online search

engine capable of cross-referencing image data from the entire internet,
including the deep web. One MEMEX-funded project from Columbia
University demonstrates the ability to find similar images of human
trafficking victims amongst terabytes of structured and unstructured
data. That work could help uncover aspects of AI-generated images and
videos that originated from other sources.

Emerging Trends In Cybersecurity 21

People are already confusing fact and fiction; however, the technologies
behind the spread of disinformation and deception online are still in their
infancy, and the problem of authenticating information is only starting to
take shape.

Put simply, this is only the beginning.

Sketch of a Generative Adversarial Network for creating fake images, credit DL4J

Emerging Trends In Cybersecurity 22

HOMOMORPHIC ENCRYPTION (HE)
Homomorphic encryption keeps data secure while it’s in use — which
is why it’s often considered the “holy grail” of enterprise
data security.

For companies, the “holy grail” of data security is being able to operate on
encrypted data without compromising its security.

HE solves this problem by making decryption unnecessary — but it has

historically been computationally intensive and slow, making it impractical
for many use cases.

The enterprise data life cycle consists of 3 elements: data at rest, data
in transit, and data in use. Without a practical homomorphic encryption
scheme, enterprises have only been able to fully secure data at rest and
data in transit.

Today, advances in computer processing power are making HE a

more practical reality. Startups and corporates are using it to analyze
medical datasets, protect cloud data while it’s in use, and prevent
future data breaches.

IBM researcher Craig Gentry, who is credited with the first fully
homomorphic encryption scheme, said the scheme is akin to “one of those
boxes with the gloves that are used to handle toxic chemicals… All the
manipulation happens inside the box, and the chemicals are never exposed
to the outside world.”

Homomorphically encrypted data has the same structure, depth, and

variation as its plain text original form, so identical mathematical
operations will produce the same result when performed on the encrypted
data as they would for the original data.

Emerging Trends In Cybersecurity 23

Because the data is never decrypted, users can analyze it without exposing
the raw underlying contents to algorithms, processing systems, or human
analysts.

Ideally, fully homomorphic encryption schemes protect data in use without

reducing software application functionality; however, certain computer
processes are highly intensive even for today’s capabilities.

For example, using computer vision algorithms deployed in the cloud to

classify image data while keeping the inputs and the outputs encrypted
could result in noticeable latency.

In the future, look for homomorphic encryption to play an important role

in securing data in use across a multitude of industries. For example,
Microsoft filed a patent application as early as 2013 (granted in 2016) for
“encrypting genomic data for storage and genomic computations”:

Emerging Trends In Cybersecurity 24

ZERO-KNOWLEDGE PROOFS (ZKP)
ZKP is a breakthrough in data privacy that enables multiple parties to
confirm that they have knowledge of confidential information without
revealing the information itself.

A zero-knowledge proof (ZKP) is an authentication scheme that enables

ultra-secure communications and private financial transactions and
file sharing.

The technology also eliminates the need to exchange passwords, and

theoretically could reduce the number of data breaches from stolen
login credentials.

Users exchange credentials in a plaintext form and then use a ZKP to

prove that they and the server they are logging into share the same
password for their accounts without revealing the password to either
party. When a network is breached, users’ accounts are still secured
because the actual passwords are not stored.

ZKPs are suited to solve a thought experiment known as Yao’s Millionaires’

problem. In 1982, computer scientist and computational theorist Andrew
Yao proposed the problem in which two millionaires, Alice and Bob, need
to know which one of them is the richest but they do not trust each other
enough to reveal their actual wealth. Basically, ZKPs would enable the
millionaires to confirm their net worth relative to one another without the
risk of revealing private information.

A cryptocurrency called Zcash is the first practical implementation of

ZKP. Zcash’s underlying technology is capable of processing private and
anonymous transactions on any compatible public blockchain network.

Emerging Trends In Cybersecurity 25

Several multi-billion dollar projects, most notably the Ethereum blockchain,
have begun integrating Zcash technology. Blockchain networks that
adopt Zcash technology called zk-SNARKs can settle private transactions
by concealing sensitive information such as the details of senders and
receivers.

The application of ZKP to cryptocurrency is fueling a wave of funding and

excitement that could lead to new anonymity and privacy technologies
that are not available today.

The drawback is that ZKP technology is computationally expensive to

implement and run. Nevertheless, novel ZKP experiments are underway
across industries from finance to pharmaceuticals.

In May 2019, Ernst & Young announced project Nightfall, a new set of
protocols for enabling private transactions on the Ethereum blockchain.

According to the code’s description on GitHub, “Nightfall integrates a set

of smart contracts and microservices, and the ZoKrates zk-snark toolkit,
to enable tokens to be transacted on the Ethereum blockchain with
complete privacy. It is an experimental solution and still being actively
developed.”

ZKP experiments like Nightfall could one day help clients use blockchain
for secure supply chain management, product tracing, and privately
moving data between two or more entities.

For example, in May 2019, JPMorgan Chase’s blockchain team

announced an extension to the bank’s Zether protocol, a fully
decentralized, cryptographic protocol for confidential payments relying
on ZKP.

Emerging Trends In Cybersecurity 26

Source: Argon Group

In June 2019, Walmart joined MediLedger, a consortium leveraging

blockchain for tracking pharmaceuticals using ZKP so that transactions
are valid and do not expose sensitive data.

Emerging Trends In Cybersecurity 27

OPEN-SOURCE SECURITY
Enterprises are rapidly adopting open-source software and as a result,
the risk of exposure to open-source security vulnerabilities is growing.
To keep up, new tools are emerging to secure open-source code.

Open-source software is modifiable and shareable because its design is

publicly accessible. This leads to improvements as more people can add
features and identify security vulnerabilities.

Enterprises clearly see the benefits of open-source software. For

example, Microsoft acquired GitHub in 2018 for $7.5B, demonstrating
that building tools for the open-source community is a significant
opportunity. IBM’s $34B acquisition of open-source software provider
RedHat in 2018 is one of the largest amounts ever paid to acquire a
software company.

However, as open-source code makes its way into critical enterprise

applications, there is potential for massive security failures. The
infamous Equifax data breach, for instance, stemmed from a failure
to patch a known vulnerability in one of the firm’s dependencies called
the open-source Apache Struts framework. In September 2017, the
breach was reported to have compromised the personal information
of over 148M US consumers.

More vulnerabilities are being reported in open-source software than

ever before. According to cybersecurity startup Snyk, 2017 saw a 43%
increase in vulnerabilities reported across all open source registries, and
in 2018 the vulnerability count grew by another 33%.

Open-source code is often introduced into an enterprise through third-

party vendors and external development teams as well as through in-
house developers.

Emerging Trends In Cybersecurity 28

One of the biggest enterprise cybersecurity challenges surrounding
open-source code is the publicity of exploits. When a vulnerability in
open-source code is discovered, it is published online for everyone who
depends on that code to review and patch. Hackers target organizations
that are slow to patch known vulnerabilities — as was the case with
Equifax.

Even worse, enterprises that lack a software bill of lading for the
open-source tools they use are not able to patch even the most known
vulnerabilities to block common attacks.

Other potential risks of using open-source code include difficulty

managing software licenses and enforcing policies that prevent
copyright infringement.

However, there are also some security upsides to using open-

source software.

Traditionally, the open-source community has relied on the “many

eyes” approach to cybersecurity. Ideally, maximizing the number of
good actors that are reviewing code for vulnerabilities will increase the
likelihood of finding vulnerabilities before bad actors.

Open-source software also allows programmers to immediately

fix vulnerabilities. In contrast, code that is licensed as proprietary
intellectual property is subject to the vendor’s response time.

Notably, many of the technologies powering container technology are

open-source.

Startups are already rising to help secure the open-source software

market, which analysts estimate to be worth around $14B today.

Emerging Trends In Cybersecurity 29

Look out for companies that are developing systems for continuously
monitoring open-source application dependencies and those that let
analysts quickly respond when new vulnerabilities are disclosed.

New open source vulnerabilities discovered annually by ecosystem

Source: Snyk

Emerging Trends In Cybersecurity 30

Threatening

QUANTUM ENCRYPTION
Quantum computers threaten to undo all modern forms of
cryptography. They will also be critical to defending the future of
enterprise data security in the coming quantum age.

Quantum computers utilize the principles of quantum mechanics to

make ultra-fast calculations on the biggest and most complex datasets
— and the technology is certainly catching attention.

Quantum computers are already reinventing aspects of cybersecurity

through their ability to break codes and encrypt electronic communications.

Some of the biggest players in tech — including Google, Microsoft, Intel,

IBM, and Alibaba — as well as a host of governments are exploring
quantum computing for better cybersecurity and more, signaling that the
next big computing race is already underway.

Quantum computers can be used to break cryptographic codes that we

use today to keep sensitive data and electronic communications secure.

However, they could also be used to secure data from quantum hacking
— a technique known as quantum encryption.

Quantum encryption is the idea of sending entangled particles of

light (entangled photons) over long distances in what is known as
Quantum Key Distribution (QKD) for the purpose of securing sensitive
communications.

The most important point is that if quantum encrypted communications

are intercepted by anyone, the encryption scheme will show immediate
signs of disruption and reveal that the correspondence is not secure.
This relies on the principle that the act of measuring a quantum system
disrupts the system. This is known as the “measurement effect.”

Emerging Trends In Cybersecurity 31

Today’s cryptographic keys are far longer than what can be processed
with existing quantum computers. This means we have some time
before quantum computers will threaten modern cryptography.

However, the technology is progressing rapidly and quantum computers

will eventually render the world’s most popular encryption schemes
useless. Forward-thinking enterprises will start developing quantum
encryption strategies today, before it’s too late.

One area of quantum-safe cryptography to keep an eye on is lattice

encryption, a field that has already been studied for decades and is
steadily advancing to commercialization.

Lattice cryptography involves hiding data inside complex algebraic

structures that experts believe will keep data safe from quantum
computers of the future.

In February 2018, the South Korean telecommunications company SK

Telecom purchased a majority stake in the quantum-safe cryptography
company ID Quantique.

The market for “quantum cryptography communications” is expected to

reach ~$25B by 2025.

Emerging Trends In Cybersecurity 32

EDGE INTELLIGENCE
As enterprise IT networks are expanding with internet-connected
devices, edge intelligence systems are rising to help prevent
subsequent breakdowns in IT management and governance.

Edge intelligence technology scans the global internet for vulnerable IT

assets so that they can be linked back to enterprise networks and fixed
before adversaries find them.

By creating a dynamic inventory of all the internet-facing assets on the

network’s edge, an organization can begin to map their true vulnerabilities.
Internet-facing IT assets include all of an enterprise’s devices,
infrastructure, and services that are accessible via the global internet.

Cyber criminals are scouring the global internet for IT assets that exhibit
process gaps, policy violations, misconfigurations, and other human
errors that let criminals break in.

Without total and real-time IT asset awareness, enterprises are

constantly at risk of a breach. One of the most common issues today
with IT asset management includes publicly exposed assets that are
reachable by potentially malicious actors.

For example, misconfigurations are human errors that result in exposed

cloud servers, including publicly accessible cloud storage, unsecured
cloud databases, improperly secured backups, and open internet-
connected devices. According to IBM, misconfigurations contributed to
exposing more than 900M confidential records in 2018.

In one of the largest misconfiguration incidents in 2018, marketing

firm Exactis accidentally leaked an online database of 340M records of
personal data, including addresses, phone numbers, family structures,
and extensive profiling data.

Emerging Trends In Cybersecurity 33

The Exactis case demonstrates that manually and periodically reviewing
internal hardware and software assets to map potential breach points is
no longer enough. Fast-moving digital transformations and the speed of
today’s internet-originated attacks requires that organizations rethink IT
asset management.

Startups are rising to help enterprises gain a more complete, outside-

in view of their networks and every IT asset that belongs to them. For
example, the startup Expanse was awarded a $37.6M contract to provide
edge intelligence to the US Department of Defense in 2018.

Source: IBM

Emerging Trends In Cybersecurity 34

FIRMWARE SECURITY
Hackers are exploiting weaknesses in device-level firmware. These
attacks are purposely built to hide from today’s common operating
system (OS), application, and software level security.

Firmware is computer software that provides control for a device’s

hardware components.

Firmware based on the Unified Extensible Firmware Interface (UEFI)

standard — a specification that defines a software interface between
an operating system and firmware — is in 80% - 90% of the personal
computers, devices, and servers sold worldwide.

Experts predict that by 2025, there could be as many as 75B connected

IoT devices worldwide. In the coming age of massive IoT connectivity,
insecure firmware inside our devices poses a serious threat to privacy
and public safety.

Firmware security involves hardening these fundamental and nearly

ubiquitous components from vulnerabilities and exploits by making
cybersecurity a primary consideration in their design.

However, firmware security has not always been top of mind for
developers, and is often overlooked. Five out of every 6 WiFi routers in
US homes and offices are at risk of cyberattacks because their firmware
isn’t sufficiently updated for security vulnerabilities, according to
research by The American Consumer Institute.

Historically, hackers have launched attacks at operating systems (OS),

applications, and software that do not include penetrating firmware.
However, the development of better cybersecurity technologies
combined with a greater emphasis on patching vulnerabilities in
operating systems and software has led some hackers to shift their
focus to firmware exploits.

Emerging Trends In Cybersecurity 35

According to Justine Bone, CEO of MedSec, firmware attacks are no
longer theoretical: “The evidence is showing us that attackers are
targeting firmware — many breaches and vulnerability discoveries these
days can be attributed to firmware problems.”

To date, no major firmware attacks by criminals have been reported.

However, security researchers are hinting at a day when exploiting
vulnerabilities in firmware will become a reality.

For example, in 2018, researchers at healthcare cybersecurity firm

CyberMDX found that certain medical infusion pumps had a security
flaw that could allow a malicious actor to remotely install dangerous
versions of firmware onto the device’s onboard computer — potentially
threatening patients’ lives.

The image below shows firmware’s position in the software stack:

Source: Wikipedia

Emerging Trends In Cybersecurity 36

Transitory

DATA PROVENANCE
With the growing need to prevent data manipulation and comply
with new privacy regulations, data provenance systems will become
increasingly important.

Data provenance tools are integral to the future of data security. They
can help determine if a particular piece of information came from a
specific source, what tools were used to create it, and if it was modified
over time.

The idea of provenance or product lineage is not new. Dealers of rare

antiquities have used various methods to trace and authenticate art,
wine, books, and more for centuries.

Today, enterprises need assurances that the data and analytics engines
they rely on for critical business intelligence decisions are fed with
appropriate and reliable data streams.

The future of safe autonomy for automobiles, healthcare diagnostics,

and more will rely on data provenance systems to help ensure the
integrity of a machine learning algorithm’s training data.

AI learns by ingesting large amounts of training data and then replicating

patterns in that data to complete a task, such as sorting health records.
In other words, the output from an AI model is dependent on the integrity
and knowing the provenance of the algorithm’s training data.

Data provenance systems will also be used to comply with new data

Emerging Trends In Cybersecurity 37

privacy rules such as Europe’s General Data Protection Regulation
(GDPR). Enterprises can use data provenance to trace the path an
individual’s personal data takes in their systems, and pull and erase that
data as needed.

Blockchain technology is being used to develop tomorrow’s robust

data provenance systems. The blockchain’s fundamental properties of
transparency and immutability, in theory, make the technology an ideal
tool for establishing a record of trust for critical data.

Emerging Trends In Cybersecurity 38

AUTONOMOUS SECURITY OPERATIONS CENTER (ASOC)
ASOCs are rising due to advancements in AI and machine learning
technology that can help fight automated cyber attacks and augment
the work of sifting through security alerts.

The security operations center (SOC) is the central nervous system

of enterprise cybersecurity. SOCs consist of a mix of tools that pool
security data into one place and give security analysts a comprehensive
view of the organization’s real-time security posture.

ASOCs leverage advancements in AI and machine learning to automate

much of the manual data gathering and cleaning processes traditionally
performed by security teams.

Today’s advanced cyber attacks utilize a growing arsenal of automated

scripts that can hit thousands of targets simultaneously. Consequently,
security analysts working in traditional SOCs are overburdened by the
number of security alerts they have to process. Combined with the
shortage of qualified personnel in cybersecurity, the problem of alert
fatigue is only getting worse.

Moreover, security analysts are still using manual processes to counter

automated attacks.

V.Jay LaRosa, the VP of global security architecture at ADP, said, “The

industry, in general from an SOC operations perspective, it is about to go
through a massive revolution.”

Emerging Trends In Cybersecurity 39

A new generation of startups is focusing on the time-consuming, low-
hanging fruit of the security analyst’s manual data work. Tomorrow’s
ASOCs will be able to ingest massive amounts of security data for
automatic detection and correlation of threats. However, connecting data
from disparate sources is still a hurdle for AI applications in the security
operations space.

Machine learning algorithms are far from being able to accomplish the
full lifecycle of an analyst responding to a security alert today.

In the future, analysts will still have to interpret and make decisions for
the best course of action based on the data the system gathers.

Common security operations center (SOC) challenges

Source: SANS, 2018

Emerging Trends In Cybersecurity 40

CYBER INSURANCE
Supply and demand for cyber insurance is growing, despite challenges
with accurately forecasting risks associated with enterprise cyber
threats and vulnerabilities.

Cyber insurance products help protect enterprises against the financial

fallout from attacks on IT systems and the theft or exposure of
confidential data.

Today, many enterprises think of cybersecurity as a sunk cost — an

investment that cannot be recovered. Consequently, security does not
always get the attention or the investment it deserves.

Appropriately measuring risk and accurately pricing it into insurance

could incentivize enterprises to take necessary cyber precautions to
lower the cost of their premiums.

Though cyber insurance has been on the market for nearly 2 decades,
today’s offerings are relatively novel compared to general commercial
liability and other business policies. Many cyber insurance carriers lack
claim filing experience, and many brokers lack deep expertise. Products
also vary widely, making comparisons problematic.

When it comes to where startups are playing in the cyber market, there
is growth in investment to startups providing security risk ratings for
cyber insurance — including by insurers. However, these startups aren’t
exclusively cyber insurance-focused and also provide solutions for other
industries including financial services and retail.

Emerging Trends In Cybersecurity 41

Guidewire’s purchase of cyber risk modeling startup Cyence for $275M
— one of the biggest deals in 2017 — put a spotlight on cyber insurance
from a startup perspective.

While cyber direct premiums written hit just $1.34B in 2016, cyber
coverage is projected to increase from $7.5B to as much as $20B by
2020. The spike in growth could result in insurers jockeying for position
as well as the formation of a host of new startups.

Emerging Trends In Cybersecurity 42

WHERE IS ALL THIS DATA FROM?

The CB Insights platform

has the underlying data
included in this report

CLICK HERE TO SIGN UP FOR FREE