What we learnt from the latest security conference in Amsterdam.
Check Point’s last few months have been among the most significant in its 22 year history.
In a twin change of tack the company has not only been on a recent spending spree, it is seeking to broaden its product range across every potential device and network.
For one of cybersecurity’s biggest players the moves indicate where this fast heading industry could be headed.
As we connect our factories, fridges and feelings to the Internet, such forecasts will become ever more pertinent.
Here’s what you should know:
1. US cyber-insecurity reputation is due to regulation
Of all the countries which cybercrime has hit, the US stands most prominently. Target, eBay and Sony Pictures are just a few of the American firms that have had their reputations damaged after hackers corrupted their systems over the last year or so.
Clearly the power of the American economy and the country’s quick adoption of technology are some of the reasons why they have been affected. But, contrary to the staunch free market image of the US, regulation has also played its part.
Thierry Karsenti, European VP of engineering and new technologies at Check Point, said: "The reasons you tend to hear more about cases in the US is because of the regulation that gets them to responsibly disclose things." This is contrasted with Europe, where public disclosure obligations are less common.
2. Cybersecurity’s problems are ancient
Observers of the cybersecurity industry will be used to claims that the sector is among the fastest moving in all of technology. Though the view is self-serving, it is not entirely unjustified given the industry is constantly challenged to respond to Silicon Valley’s bleeding edge.
But some dispute just how novel the behaviour of cybercriminals is, even accounting for the rise of the Internet of Things and increased use of mobiles in business. Misha Glenny, British journalist and author of DarkMarket, an exposé of cybercrime, is just one such dissident. "The threats we face today are pretty much the same as we faced in 1990: A combination of social engineering, hacking and malware deployment," he said. "The main vulnerability in organisations is human beings. It’s not the digital side, it’s us."
3. Catastrophic cyber-terrorism is now possible
Increased automation in heavy industry and public utilities has in the past prompted warnings about the potential for cyberattacks that do not merely steal data, but can also cause cars to crash, pacemakers to stop working, and planes to fall out the sky.
The rise of the Internet of Things – a broad term for the greater connectedness of all sorts of objects – now means we are nearing scenarios where cyber-terrorists and professional armies will be able to carry out such attacks, at least according to Check Point.
Gil Shwed, chief executive and founder of the firm, told the conference that such violence now is but "one click" away. "One attack today can shut down the entire power grid, can shut down the transportation system in a country," he said. "That’s very scary and very risky in our world today."
4. Cyberattacks are becoming personal
The great cyber-attacks of 2014 (sometimes dubbed "The Year of the Mega-Breach") were largely mass assaults on a given company. Though firms like Target may have been deliberately chosen, much of the data stolen was taken simply because it was there, not because it belonged to anyone in particular.
Phishers and spammers have in the past followed similar lines of attacking people en masse without much thought for who the victim might be. But recent evidence has shown cybercriminals are becoming more particular about who they target, a trend Check Point has confirmed.
Marie Hattar, CMO of Check Point, said: "This year I like to call ‘It’s getting personal’ because attacks were against people." Hackers now routinely profile their targets, allowing them to craft specific attacks, in a departure from the mass mailing of the past.
5. As cybersecurity fragments, firms want to do it all
Cybersecurity has gone through periods of fragmentation and consolidation for years. Like much of IT, large security vendors are regularly outflanked by their younger, smaller brethren better suited to developing technologies to tackle the latest problems.
Last year Chris Young, who recently moved from Cisco to head up Intel Security, claimed that of late the proliferation of vendors and products had become a problem for the industry. Products were failing to talk to one another and as such hackers were slipping through the gaps.
Nathan Shuchami, head of threat prevention at Check Point, told CBR that pressure to adopt new technology in business means that cybersecurity firms have to broaden their range to cater to their customers. This is why his company has bought Hyperwise and Lacoon this year, defending against CPU and mobile cyberattacks respectively.