First, information security is becoming more and more relevant due to objective reasons: the number of threats and the activity of cybercriminals, in general, is growing from year to year. The problem of cyber security is becoming more and more evident and close to the management of various companies, and, accordingly, the principle of the impossibility of realizing certain business risks is increasingly put at the forefront. Building security of this kind goes hand in hand with increasing the corresponding budgets.
Second, CII cybersecurity, the concept that began a few years ago with surveys, categorization, and design, has finally reached the actual implementation stage. It ensures an increase in protective equipment manufacturers’ turnover and integration.
Thirdly, this year, the business realized that next year will change in the new conditions and from the point of view of the usual budgeting for IT. Information security sought to maximize the plans planned for 2020 and use the available resources.
COVID on All Fronts
It is not to say that the COVID-19 pandemic did not affect the cybersecurity market in any way. However, there was more talk on this topic than beneficial influence. By the finish line of the first quarter of 2020, a condition began to take shape that caused several concerns: the total number of pilot projects dropped sharply. And it is entirely understandable why this happened – in the updated conditions (lockdown, a sudden transition to a remote work format), these projects have become objectively more difficult (and sometimes even impossible) to be carried out at the companies’ sites.
At the same time, you understood that the same renewed working conditions forced the business to refrain from freezing projects to develop its cybersecurity. Both moments depict a hazardous situation where the customer companies could abandon piloting technologies (as a selection criterion) and focus only on formal price indicators. But these fears remained: healthy competition in the domestic information security market remained the same, and the general focus of the business, specifically on practical security, did not allow companies to follow a simplified path of choosing protection means.
It is curious that during 2020, we saw two powerful bursts of financial project activity. Surprisingly, the first happened when the country moved into quarantine: information security services on the business already had clearly defined tasks for the year and confirmed budget plans. Still, external conditions collapsed the visibility of the planning horizon to almost zero.
Therefore, some market players chose to speed up tenders, start (or complete) projects, etc. As a result, April explained the first burst of financial and related project tasks on the market. The 2nd wave of spending on information security occurred in the 4th quarter and was related to applying the approved plans. In general, this allowed Russia’s information security market to grow.
The Course Toward Absolute Information Security
We have already remarked that the IS paradigm is changing in principle: some time ago, the community canceled the idea of “building cyber fences” and came to the realization that the purpose of any security system is to find an attacker inside information systems as steadily as possible (since, in principle, there is no protection system that you cannot hack).
In practice, over the past year, this idea has evolved somewhat: we realized that it is realistic to build such a protection system that would be guaranteed to prevent a potential attacker from learning specific business problems. It implies that any company can be hacked in one way or another during an attack. Information security activity is to stop an attacker from inflicting any significant damage. It’s a trend that took shape over the past year, and with a high degree of probability, it will dominate in the coming years. In this regard, creating a new type of SOC will come to the fore – as an SLA that does not operate with 24/7 availability.
The speed of response to an incident is crucial, serving as a more specific indicator of an attacker’s guaranteed prevention of unacceptable risks for the organization. The effectiveness of a SOC will be literally at the yes / no level – whether the risk is realized or discovered. In this concept, high-quality, practical cyber-training is of particular importance as the only measure of the effectiveness of the built-in defense system. In information security, it is good to slip into the ambiguity of assessments.
This approach, ultimately, expands the market, qualitatively changing it and leaving the right to life only to those decisions and technologies that affect the result. That is, we are dealing with a kind of interpretation of Darwin’s theory at the technological level: only those who can detect the activity of the attacker in time, block it, and exclude the possibility of developing an attack and, in principle, “clean” it from the infrastructure, will survive. And we, as a vendor, are also working to create an intelligent automated tool that will allow us to solve this problem quickly and efficiently.
About Complete Controller® – America’s Bookkeeping Experts Complete Controller is the Nation’s Leader in virtual bookkeeping, providing service to businesses and households alike. Utilizing Complete Controller’s technology, clients gain access to a cloud platform where their QuickBooks™️ file, critical financial documents, and back-office tools are hosted in an efficient SSO environment. Complete Controller’s team of certified US-based accounting professionals provide bookkeeping, record storage, performance reporting, and controller services including training, cash-flow management, budgeting and forecasting, process and controls advisement, and bill-pay. With flat-rate service plans, Complete Controller is the most cost-effective expert accounting solution for business, family-office, trusts, and households of any size or complexity.