Copyright © 2015 Raytheon Company. All rights reserved.
Customer Success Is Our Mission is a registered trademark of Raytheon Company.
Global Megatrends In
Cybersecurity:
A Survey of 1000 CxOs
Michael K. Daly
Chief Technology Officer
Cybersecurity & Special Missions
March 2015
Megatrends in Cybersecurity
Survey
Who we asked
1,006 CIOs, CISOs
Cross section of industries
North America, Europe, ME/NA
What we asked about
Evolving sources of cybersecurity risks
Intelligence enabled cybersecurity
Importance of cybersecurity to the business
Emerging technologies
Next-generation of organizational practices
Winning cybersecurity strategies
Links:– Report:
http://www.raytheon.com/news/rtnwcm/groups/gallery/documents/content/rtn_233811.pdf
– Infographic: http://www.raytheon.com/news/rtnwcm/groups/gallery/documents/content/rtn_233812.pdf
Several Interesting Trends and Factors Emerged4/20/2015 2
Global Megatrend #1
Cybersecurity will become a C-level priority
and a competitive advantage.
Some organizations are leading the way…
But there is a lot of room for improvement.
4/20/2015 3
Don’t overwhelm business leaders – focus on key metrics that get to the heart of
how cybersecurity impacts the business. “Dwell time” is the metric that works for us.
Global Megatrend #2
Cyber crime and Compliance costs will keep CISOs up at night
There will be significant increases in nation state attacks, cyber
warfare/terrorism, and breaches involving high value information.
But, risks from human factors will improve greatly.
4/20/2015 4
For these sophisticated threats, participate in threat information sharing and conduct
your own cyber analytics and intelligence, specific to your business.
Worsened State
Global Megatrend #3
Insider negligence risks are decreasing
With investments in technologies, training programs and visibility into what
employees are doing in the workplace.
4/20/2015 5
The decline in insider negligence should improve the signal-to-noise ratio to better
identify external threats that have gained access to internal resources.
Risk Impact to Organization in 3 Years
Lack of awareness of cybersecurity practices by 26%
Inability to control employees’ devices and apps by 28%
Employee complacency about cybersecurity by 33%
Inability to know what employees are doing in the workplace by 41%
Big shifts in technology towards big data analytics, forensics
and intelligence-based cyber solutions.
Global Megatrend #4
4/20/2015 6
Shifting technology priorities
Anti-virus and anti-malware by 15%
Encryption for data at rest by 27%
Big data analytics and behavioral profiling by 38%
SIEM and cybersecurity intelligence by 19%
Automated forensics tools by 21%
Top Cyber Threats by 2018
1. Zero-day attacks
2. Mobile malware/targeted attacks
3. Cloud data leakage
4. SQL injection
5. Phishing attacks
Big data analytics efforts are underway in government and in research … it is
unclear (to me) that we’ll see effective commercial products in the next three years.
Global Megatrend #5
The “Internet of Things” is here but organizations are slow to
address its security risks.
With consumers embracing more connected devices, information security
leaders predict that the “Internet of Things” will inspire some of the highest
impacting disruptive technologies in the near future.
4/20/2015 7
Organizations prepared for
the “Internet of Things” world
69% not prepared
Know what devices are being brought into your enterprise, what data is being
collected, and where that data is going.
http://www.dhs.gov/sites/default/files/publications/IoT%20Final%20Draft%20Report%2011-2014.pdf
Global Megatrend #6
The cyber talent gap will persist.
4/20/2015 8
Mentor, coach and encourage youth to consider a career in cybersecurity by
encouraging your staff to connect with their communities.
Organizations that need more
knowledgeable and
experienced information
security employees
66%Need More
Source: Raytheon’s 2014 Millennial Survey
Global Megatrend #7
Despite alarming media headlines over the last year,
cybersecurity postures are expected to improve.Governments are working to strengthen cyber regulations and information sharing,
coupled with investments in advanced and automated technologies. CISOs are
optimistic about their future cyber posture.
4/20/2015 9
Future state of your organization’s
security posture in 3 years
Will improve
64%
Stay the same 26%
Will decline 10%
Engage with government to access cyber threat information and assessment services.(http://www.dhs.gov/sites/default/files/publications/DHS%20Industry%20Resources_0.pdf)
A Bit More on Attack Types
Attacks expected to be less
prevalent in the next 3 years:
Botnet attacks
Clickjacking
MacOS malware/targeted attacks
Compromised trusted partners
Attacks on industrial control
systems
4/20/2015 10
Attacks expected to be most
prevalent in the next 3 years:
Zero day attacks
Cloud data leakage
Mobile malware/targeted attacks
SQL injections
Critical infrastructure attacks
A Bit More on Tool Importance
4/20/2015 11
Tool Today Future Change
Anti-virus/anti-malware 3.62 3.06 -0.56
Database scanning and monitoring 3.46 3.45 -0.01
Forensics (automated tools) 3.42 4.16 0.74
Identity & access management 3.42 3.49 0.07
ID & credentialing system 3.42 3.26 -0.16
Virtual private network (VPN) 3.39 3.24 -0.15
Threat intelligence feeds 3.38 4.01 0.63
Big data analytics 3.38 4.14 0.76
Data loss prevention (DLP) 3.37 2.99 -0.38
Endpoint and mobile device management 3.37 3.17 -0.2
Intrusion detection & prevention 3.36 3.38 0.02
URL or content filtering 3.36 3.31 -0.05
Access governance systems 3.36 3.55 0.19
Sandboxing or isolation tools 3.31 3.92 0.61
Encryption for data in motion 3.31 4.03 0.72
SIEM and cybersecurity intelligence 3.31 4.05 0.74
Perimeter or location surveillance 3.28 3.36 0.08
Next generation firewalls (NGFW) 3.28 3.93 0.65
Incident response tools 3.27 3.27 0
Configuration & log management 3.25 3.11 -0.14
Encryption for data at rest 3.25 4.13 0.88
Web application firewalls (WAF) 3.23 3.86 0.63
Device anti-theft solutions 3.22 3.14 -0.08
Automated policy generation 3.2 3.29 0.09
Tokenization tools 3.2 3.33 0.13
Tools that maybe aren’t
working as well as we
need:
AV
DLP
MDM
Tools to save our futures:
Encryption
Big data analytics
Intelligence (SIEM & feeds)
Forensics
Recommendations to CISOs
Engage your Leadership Team and Board of Directors in a cyber dialog focused on
risk to the business
Communicate key cyber metrics in ways management can understand. Consider
“dwell time” as the primary metric.
Participate in cyber threat information sharing communities.
Leverage analytics and automation technologies by focusing on the indicators of
risk in your business.
Know what devices (IoT and other BYOD) are being brought into your enterprise,
what data is being collected, and where that data is going.
Mentor, coach and encourage youth to consider a career in cybersecurity by
encouraging your staff to connect with their communities.
Engage with your government to access cyber threat information, training, and
assessment services.(http://www.dhs.gov/sites/default/files/publications/DHS%20Industry%20Resources_0.pdf)
4/20/2015 12
Know that cyber security can be your competitive advantage or your failure.
Top Related