Over the past ten years, the information security industry has undergone the same changes as the information technology industry ten years earlier. In the 2000s, IT employees went from a universal IT specialist, who understands everything equally well, to highly specialized and practically non-intersecting system administrators, programmers, implementation engineers, and support specialists in terms of competencies.
For the time being, the information security officer had skills that met all the specific security requirements: he understood the regulations of regulators, encryption, penetration tests, setting up firewalls and other security tools. However, over the past decade, irreversible segmentation and information security has begun. Irreversible because, specializing in one thing, the employee began to lag behind in other areas, which, meanwhile, developed by leaps and bounds, and it became more and more difficult to catch up with them every day.
The object of protection is changing
Over the past time, the object of protection itself, the information system and the information stored in it have also been reborn and continue to change today. Somehow, imperceptibly, information systems from the category of business reflection (that is, there is some kind of business outside the IT system, data from it enters the IT system and is processed in it for analysis and reporting) have moved into the business itself. In short, there is no longer any business outside of IT systems.
There are practically no “primary documents” – paper documents, from which, in the event of an accident, data can be restored in the IT system. Today, transactions and formal documents about their completion are born immediately in the IT system, and they do not appear on paper at all or, if necessary, are printed out for “paper” reporting.
The attacks of cryptographers in recent years have shown that even if a company has a traditional, absolutely material “offline” business, it is impossible to carry it out without IT. Thus, a carrier company, having vessels loaded with goods, simply cannot withdraw these vessels from ports without information technologies that have suffered from the “encoder”, since the request for the fairway must be transmitted electronically. Or a network of gas stations with storage facilities full of fuel is unable to fill up cars, because the dispensers are under computer control, and electronic cash desks cannot break the check.
Not so long ago, information attacks have grown together, which are a phased publication of fake news on social networks and cyber attacks. That is, for example, mass publications that a bank’s license is about to be taken away are combined with an attack on the bank’s Internet services. Clients read publications, go to check the status of the account – services are not available. Customers are nervous and rush to the bank office.
where they meet hundreds of equally excited people, lack of operators and queues. They write indignantly about it on social networks, which only causes a new influx of worried investors. The organizers of the attack can already leave, since the process they started has become self-sustaining. Well, the massive closure of accounts and the withdrawal of money by depositors can be critical for the bank, and it is in danger of ruin.
Don’t forget, we are still going into digitalization and digital transformation processes threaten to change the security paradigm again. State and municipal services, finance, housing and communal services, medicine, distribution of media content, telecommunications – all this is becoming digital and, along with dizzying opportunities, creates new risks. For example, biometrics is a good solution in terms of the human-to-digital interface. After all, a fingerprint or a retinal pattern cannot be forgotten or lost, so it is very convenient to use it for identification and authentication. But if your password or passport is stolen from you, you just come up with a new password or get a new passport.
Digitalization will not only make traditional services convenient, as happened, say, with calling a taxi, but will also give rise to new services and businesses that are impossible without “digits”. But will they be safe? And safe both in terms of protecting our data, and in terms of real threats to life and health. The recently sensational horrific crime of the murder of a ridesharing girl driver was made possible because the killer.
How will security react?
There are many threats to IT systems, and even more means to counter them. And information security is constantly being segmented, churning out special tools for various types of attacks, and these tools themselves are constantly evolving, and by no means in the direction of simplification. Today it is impossible to be equally well versed in antiviruses, anti-DDoS, WAF, SIEM, DLP, SAST, DAST, IAST, PUC, anti-SPAM, IDS, anti-APT, anti-fraud, UBA, UTM, CASB, IDM, VMS, NGFW (we need to stop.
otherwise I know a dozen more combinations of letters that say nothing to most readers). And this is just protection, but there is also offensive security and related penetration tests, research into the security of systems, etc. And also clouds, neural networks, blockchain, artificial intelligence and “machine-learning” … There is monitoring of social networks for prevention of information attacks.
There is internal control and work with personnel. And, of course, paper security – compliance with the requirements of numerous international, state and industry regulators. Such requirements vary significantly for different industries, so the transition of information security from industry to industry, which was a common thing 10 years ago, has become rare today, the entry threshold and the specifics of regulation and attacks have sharply increased. That is why today in information security we see both verticalization and specialization, division into “defense” and “attack”, focus on countering specific attacks, such as DDoS, etc.
In combination with the trend towards total digitalization, this means for information security professionals an increase in the number and simultaneous complication of critical business applications, an exponential growth in the amount of data that needs protection and the emergence of new types of attacks using artificial intelligence technologies and even attacks on artificial intelligence algorithms.