So far in 2016, we've seen everything from compromised banking systems resulting in costly cyber heists to a widespread acceptance of public cloud technology. Enterprise technology is rapidly changing and with it, so too must companies. But the answer to keeping up with technological innovation is not always to purchase a new solution. Instead, enterprises can use technology in smarter ways, saving both money and time.
Below are four enterprise technology trends we expect to see in the second half of the year and in years to come:
Rising DDoS attacks
For malicious actors, the field of cybercrime is booming. Enterprising criminal organizations have set prices for their services, where individuals can pay hackers to access corporate email accounts or break into websites to steal data.
Those looking to wreak havoc on a system can purchase a distributed denial of service, or DDoS, attack at a per-hour, per-day or per-week, according to an April SecureWorks underground hacking market analysis.
A weeklong DDoS attack costs between $200 and $555. For an hour, you could buy DDoS attack for the bargain price of between $5 and $10.
Often launched by botnets, these types of attacks employ a large number of devices from across the internet, making them more difficult to deflect, according to Imperva Incapsula, a cloud-based application delivery service.
The frequency of DDoS attacks increased 125% in Q1 of 2016 when compared to the first quarter of last year, according to Akamai’s Q1 2016 security report. Not only are there more attacks, but they are also increasingly powerful with attackers using more sophisticated tools.
DDoS attacks could be used on everything from cyberwar to corporate ransom, according to Carl Herberger, vice president of security solutions at Radware, an application delivery and cybersecurity solutions provider.
"Security is a lot like a perpetual chess match," Herberger said. It acts as a constantly shifting game, where "adversaries" sometimes move in a way that could potentially cause great harm.
With advancements in cybercrime, many companies cannot necessarily determine what is under the surface of an attack. DDoS attacks, for example, provide for a "beautiful diversionary tactic," Herberger said. By the time a company detects an attack, they don’t know what’s missing.
The cost of DDoS attacks on a business is also rising. Globally, 50% of organizations would lose $100,000 or more per hour in a peak-time DDoS related outage, according to a Neustar survey. Of those surveyed, 33% said they could lose as much as $250,000 in the event of an attack, if not more.
Even the threat of a DDoS attack can become costly. Recently, several VPN companies were asked to pay in bitcoins to prevent an attack. Since March, companies have sent more than $100,000 to bitcoin addresses to avoid the threatened attacks. Thus far, none of the threats have resulted in an attack.
To successfully stop a DDoS attack, businesses have to understand "what is legitimate and what is illegitimate," Herberger said. To do that, he said, you have to sift through the normal traffic to identify the malicious activity.
DDoS attacks are not without some defenses. Some hardware solutions, such as load balancers, can help companies distribute incoming network traffic, potentially preventing networks from becoming overburdened.
"One of the biggest problems with DDoS is being able to identify non-volume activity in the malicious attack," Herberger said.
"Like in your water systems, you wouldn’t think of not having filtration systems," said Herberger. "We believe the internet is the same way."
Automation in the enterprise
Technology is becoming smarter and more intuitive. As it evolves, companies are working to streamline internal processes, making way for more innovation inside the enterprise.
"Today, computing has changed," said Jim Manias, vice president of Advanced Systems Concepts, Inc., a workload automation provider. "It’s gone from an era of being expensive and scarce" to where it is now highly available and affordable.
The problem of human capital goes hand in hand with technology’s increased accessibility.
Between five and six years ago, Advanced Systems Concepts had just 15 servers in place, according to Manias. Now they have almost 500.
"I can assure you every CIO is faced with the following dilemma, which is ‘I don’t have people to handle that kind of growth, nor do I have the budget to handle that kind of growth,’" Manias said.
Numerous challenges arise, because not only is there a skills gap but there is also a lack of resources, according to Manias. Whether it is cloud or on premise systems, "the sheer number are being quite impactful to today’s CIO."
So, how can companies manage, maintain and update these systems?
One way to approach the problem is to begin automating internal processes and deployment cycles, helping to mitigate the gaps in required talent. Some companies are even looking to automate enterprise functions, such as infrastructure management, as an alternative to outsourcing IT work.
Automation is designed to make work in a company a bit easier. Beyond servers, infrastructure and application deployments, some companies are even starting to use technology such as bots to automate some of the more mundane workplace tasks.
AT&T, for example, is using 200 types of bots across the workplace to help free up employee time. Used to target particularly repetitive tasks, the bots are cloud-based and made easily accessible so employees can see the bots others have created. Employees can even learn how to make their own.
Other organizations are taking a similar approach. At the Department of Defense, "anything that can be automated and virtualized needs to be automated and virtualized," said Maj. Gen. Sarah Zabel, vice director for the Defense Information Systems Agency, in May.
Bridging the tech talent gap
The number of CIOs facing a tech talent shortage is the highest it’s been since 2008, according to a recent survey from Harvey Nash and KPMG. Of those surveyed, 65% said the tech talent shortage is barring them from keeping up with the demanding pace of digital change and innovation. Failing to keep up with shifts in technology is poisonous to any business.
Even if IT hiring managers do find the people they need, swiftly and accurately verifying an individual’s skills can be extremely challenging.
According to Stack Overflow’s 2016 survey of more than 50,000 developers worldwide, 69% of the programmers said they were primarily self-taught, without computer science degrees.
And with the move toward frequently using open-source technology in the enterprise—a space where 87% of hiring managers had a difficult time finding talent in recent survey—organizations need different ways to vet talent.
As a result, companies are starting to use alternative IT training methods to help meet the demand for talent. Rather than four-year degrees, organizations are using bootcamps, Massive Open Online Courses (MOOCs), certifications and nanodegrees to help close the IT skills gap without long-term education commitments or debts.
Certification programs, in particular, can assist in the IT hiring process. "You’re getting independent, third-party validation of a person’s skills," said Randy Russell, director of certifications at Red Hat, an open-source solutions company.
Rather than sifting through a stack of resumes, "certifications give you a sense of what they do and it’s verified," Russell said. They can act as an "efficiency mechanism." Though hiring managers may still conduct a technical interview, certifications help "vet and qualify" some of the candidates before they move forward in the hiring process.
With the fast pace technology changes, some companies need to develop teams and move them in new directions from inside an organization, according to Russell. For open source technology in particular, "everyone is seeking this talent but they’re having trouble finding it."
Red Hat has its own certification program and just announced in June a new subscription-based learning model, which gives subscribers unlimited access to the company’s trove of online training content and certification exams. Such learning models can work to keep staff up-to-date on technological changes, allowing IT managers to look internally for the staff they need, rather than looking in the open and sparse tech talent market.
Hiring managers "can’t always look out in the market for emerging tech," Russell said. Instead, "they need to look internally too."
The (continued) scourge of the password
Time and again, reports are surfacing of system breaches that stem from weak passwords and other security shortcomings.
In May, LinkedIn confirmed that a 2012 data breach had compromised about 117 million accounts in addition to the 6.5 million passwords previously reported to have been stolen. Hackers have used that trove of passwords—combined with those stolen from MySpace and other networks—to access numerous social media accounts, including some high-profile targets.
In June, Facebook CEO Mark Zuckerberg’s Twitter and Pinterest accounts were compromised. During the social media takeovers, hackers pointed to password reuse as the culprit in the security breach and the reason they were able to access his accounts.
The same hacking group, OurMine, also claimed responsibility for the recent takeover of Google CEO Sundar Pichai’s Twitter and Quora accounts, according to a Fortune report. Unlike in the Zuckerberg breach, where the group used a password leaked from data breach, the team used the question and answer service on Quora to enter Pichai’s account. From there, the group used the same credentials to access Pichai’s Twitter account.
In both cases, password reuse was, at least in part, to blame. In the 2016 Verizon Data Breach Digest, 80% of data breaches studied involved the exploitation of stolen, weak, default or easily guessable passwords.
"The whole world needs to be at a higher level of security then we’re giving it credit for," said Herberger of Radware.
Instances like the Pichai and Zuckerberg account breaches involve social media accounts. With accounts across the internet demanding a unique password, end users look to their own, supposedly foolproof, password and account login information for multiple accounts. But that same type of information could be exploited to access other sites, and even some enterprise systems as well, with the possibility of exposing personal identifiable information, such as social security numbers or bank account information.
In response, some companies are working to take the human error out of securing systems. Password managers can save users the headache of remembering each unique set of login information.
Many end users are also calling for changes to account logins. A recent password study from Gigya found that more than half of the 4,000 consumers interviewed preferred biometrics and other authentication methods over traditional usernames and passwords.
One company, Dashlane, is offering a cross-enterprise password management solution to securely manage passwords, credit cards, IDs and other important information via encryption and local storage. The tool is intended to give IT professionals comprehensive, real-time control over an organization's password health and provides them with access control and password management capabilities, the company said.
Microsoft, too, is combating potential password reuse, moving to ban common passwords, such as "123456" or "password," from its Microsoft Account and Azure AD system.
To keep up with the constantly evolving security landscape, companies will continue to see changes in account authentication to better secure systems and rid users of the nuisance stemming from finding a truly unique and unbreakable password that they can remember.
