There’s no denying it: what we‘re currently experiencing is the beginning of a crisis on a global scale. However, I am not directly referring to the health crisis caused by the Coronavirus outbreak. I strongly believe, that all measures being taken now will help preventing a breakdown of the health system, and that is the most urgent reason for those measures. The Coronavirus itself is here to stay – the objective now is to slow down the spreading of Covid-19. The real crisis will be economic – and that is where the cybersecurity industry will be affected, too.
On the other hand, there will be some opportunities for the industry as well. Some of the measure currently in place will actually help to raise security awareness. For example, more and more companies order their workforce to work from home wherever this is possible. Naturally, the corporate IT – and the IT security department – doesn’t have as much control over the home network as they would have in the office. Being faced with that challenge and the knowledge that most likely attackers will leverage this opportunity, IT security departments will increase spending in the areas of securing remote access to their corporate networks. This is good news for security vendors being active in that space, be it endpoint security, VPN connections or even cloud security.
Also, and very unfortunate, cyber criminals are already exploiting the Coronavirus by setting up webpages which pretend to inform about the current developments of the outbreak, but in reality will infect computers with malware or ransomware. Again, the cybersecurity industry can protect against these risks, which presents another opportunity for the industry’s offerings.
Thirdly, the dynamic of the outbreak leads to sometimes hectic activity, which in turn leads to security protocols not being followed as strictly as in “regular” times. Another opportunity for hackers, but also an opportunity for security vendors which enforce security policies in an automated way.
Do these examples mean that the cybersecurity industry will benefit from the outbreak? Clearly not. As mentioned in the introduction, the real crisis at hand is an economic crisis. A lot of industries and services suffer from the measures being taken. That includes not only the obvious, such as the event industry, sports industry or restaurants and hotels, which feel an immediate impact now. We will increasingly experience the consequences in other industries, as the supply chains for a lot of products break down worldwide. Our globalized economy is built on things like just-in-time supplies, warehouses only keep a minimum stock to optimize costs. The crashing stock markets – while their reaction is somewhat exaggerated – are just one indication that there will be budget cuts, job losses and even bankruptcies.
For the cybersecurity industry, this is bad news. Every cybersecurity professional will tell you that securing the IT infrastructure is essential and probably the most important measure IT departments should take. The reality, however, is different: the simple fact that usually there is no business case for security in the sense that protecting your assets will increase your revenue (or decrease your costs). Therefore, security budgets will be the first to be cut down or even eliminated.
The cybersecurity industry therefore needs to prepare for the ongoing and upcoming crisis. That does not mean that the industry is doomed – quite the contrary. In the short term, there will be turmoil, even in cybersecurity, no question about it. In the long run, however, the crisis will lead to a change in the way we work and live. Some of these changes, like those mentioned above, will result in cybersecurity finally getting the status it deserves. For now, however, we should all focus in fighting this crisis, together.