Trends overview

Background of the Radar

The PCSI Security Radar provides an understanding of which trends have the greatest impact (either from a risk or opportunity perspective) on the cyber security posture of the PCSI partners. The Security Radar is thereby a starting point for topic selection to start cyclical innovation projects within the PCSI program, with the aim of strengthening the cyber security of the participating organizations.

Read more

security radar
security radar security radar
Later
2023
2022
2022
2023
Later
  • 1

    Growth of hybrid forms of working place and time

    Increased remote working and working in flexible hours has been a major shift accelerated by the COVID pandemic, which also has significant implications for cybersecurity, as it allows employees to work from their personal devices and/or network/internet connection.
    February 2022
  • 3

    Evolvement of highly personalized social engineering

    Social engineering is a technique of manipulating people so they give up confidential information. People are being tricked by personalized content, phone calls and scams. Phishing is a type of common social engineering scam that attempts to fraudulently obtain sensitive information using email. By using spear phising a single individual will be targeted with a more personal approach. For example deepfake voice technology allows people to spoof the voices of other people and commit identity fraud.
    Related project
    AIwareness
    April 2022
  • 4

    Growing shortage of cyber security knowledge and workforce

    There is still a growing scarcity of cyber security personnel in all industries. People needed to perform cybersecurity jobs are in short supply; there is a high turnover and a growth of unfilled cybersecurity positions. It is difficult and expensive to keep the knowledge within the organization up to date regarding all cyber security developments. Additionally, new personnel tends to receive limited time to 'build up' cybersecurity knowledge, further complicating the acquisition / retention of cyber security personnel and knowledge.
    April 2022
  • 7

    Growth of data involved in Cybersecurity

    A lot of sectors are increasingly becoming data-intensive. Security related matters such as Security Incident Management (enrichment, triage) and Threat Hunting demand for more and more data sources to improve their performance. As a consequence, questions arise regarding how such data can and should be managed (Architecture, what data, what governance, what policies and where to store data (private cloud, Azure, ...)
    April 2023
  • 8

    Stricter rules and enforcement on information sharing

    The DNB ('toezichthouder') is paying more attention to privacy, as expressed in the GDPR, and other regulations. For example it becomes more important to demonstrate compliance with privacy regulation at every step taken in capturing or modifying data.
    March 2022
  • 9

    Growing interdependencies between parties in the (globalized) supply chain

    Organizations are working together with and utilize products from software vendors and equipment vendors all over the world. This causes an increase in dependency on third parties which are sometimes not that familiar. Vendor lock-in is one of the possible consequences, and it decreases the overall transparency on how data is managed or where it is stored. Furthermore, the overall security of an organization becomes dependent on the quality of security in the products and services of third parties.
    May 2022
  • 11

    Increase in the amount, complexity, speed and scale of attacks

    Cyber attacks are increasingly becoming more prevalent, whereas also the speed and complexity of the attacks increases. For example, software is used that can carry out attacks autonomously and report back to the malicious parties, creating a widespread scale of attacks and increasing the speed by which attacks occur. In terms of complexity, attackers increasingly use red team tooling to bypass security defenses. Similarly, criminals increasingly target weaker parts of the value chain, acting as a stepping stone to penetrate security defenses. These aspects make it highly complex to respond to cyber attacks.
    August 2022
  • 12

    Increasing activity of nation state actors

    The threat of espionage and disruption of vital infrastructure is one of the biggest cyber threats to the Netherlands. Although the probability is still low, hostile activity of nation states has already been detected several times. Several states have proven the ability and willingness to use digital sabotage to achieve their geopolitical goals. Examples of this are making back doors in IT components within a supply chain.
    November 2022
  • 13

    Growing importance of data manipulation attacks

    Besides data theft, also data manipulation attacks occur. In this case a threat actor gains access to a target system and makes undetected changes to data for their own gain. Because manipulated data does not look any different than normal data, these attacks are extremely difficult to detect and prevent.
    August 2023
  • 15

    Growing number of insider attacks

    Employees are increasingly getting involved in data leaks intentionally or unintentionally due to social as well as technical reasons. A growing market has emerged for confidential data on the Dark Web. As a result, on the social side, data is increasingly being stolen and sold by malicious employees or used in other kinds of ways. There are different forms of intentional insider attack threats; e.g. an employee radicalizes, is extorted or has been premeditated to work in an organization. Also due to technical reasons (access without official permission) attacks (can) take place.
    February 2022
  • 16

    Growing cost and impact of cybercrime incidents

    The (reputational) damage and consequences of cyber attacks is growing, resolving an incident is becoming more expensive for organisations. It is becoming increasingly expensive and time intensive to repair the damage, to handle clientrelations and to return back to normal operation after an attack. Also there is a risk of regulatory fines in case of an incident.
    March 2022
  • 18

    Growing commercial and professional use of cybercrime

    DDoS-as-a-service, Phising-aaS, Ransomware-aaS are spreading. Selling cyber crime tooling becomes a real business model, indicating that cyber criminals are professionalizing. Additionally, attackers are increasingly working together within supply chains, or leveraging services such as the Dark Web to communicate or collaborate. This gives them more resources and more funding to professionalize.
    May 2022
  • 19

    Maturing of quantum technology

    Quantum technology is increasingly maturing. It entails a fundamentally different approach to computing than classical computers. This approach allows quantum computers to perform complex computations in a fraction of time it would take classical computers to run the same calculations. This offers, on one end, new possibilities to strenghten current cyber security activities, but on the other hand, it allows quantum-capable attackers to break most currently-used cryptographic systems.
    August 2025
  • 20

    Growing use of encription technology

    It becomes increasingly difficult to detect security events in network traffic. One reason is that traffic over IT infrastructures and the internet increasingly is encrypted and new technologies such as DNS over Https (DoH) are soon to become commonplace. Also, messaging and teleconferencing applications make more use of end-to-end encryption. Another reason is that attackers make increasingly use of stealth attacks, to evade detection by most security solutions. An example is fireless malware, a type of malicious software that uses legitimate applications already installed to infect a computer. These kind of attacks don’t require code to be installed, but an attacker still needs to be able to gain access to the environment to modify the native tools already in a user’s operating system. Detecting these kind of attacks is essential for creating a completely secure environment events.
    June 2022
  • 21

    Transition to predictive technologies

    In the past, security defences were built around preventive measures. This was complemented with monitoring & response, to be able to detect attacks that circumvented preventive measures. But the gap between attackers' odds and defenders' strategy is still growing. That is why we also have to make use of predictive technologies (based on deep or reinforcement learning algorithms) to be able to better prepare for sophisticated attacks, and to support predictive or 'smart' decision making in cybersecurity or proactive risk management regarding cyberthreats.
    June 2023
  • 22

    Growing importance of identity and access management

    There is a growing significance of managing identities within or across enterprises. Through identity and access management, businesses can record employee activity and moderate access to programs and applications, so denying unauthorized access and detecting suspicious patterns, transactions and patterns. Initiatives around password-less manners, controlling one's own attributes with SSI-technology or multi-factor authentication are increasingly more prevalent.
    March 2022
  • 25

    Growing need to share information while preserving confidentiality

    There is a growing need to share information and sometimes even resources between organizations to improve on collective security, comply with regulations, and improve business position. However, such sharing also poses greater risks of violating confidentiality or privacy requirements. Privacy-Enhancing Techologies, or PETs, are increasing in maturity and efficiency and can provide a solution to this conflict.
    August 2022
  • 27

    Increasing use of agile software development

    The waterfall methodology for software development is increasingly making room for the agile methods to software development. Agile methods promote iterative development (as opposed to linear development in the waterfall methodology), self-organizing cross-functional teams, and shorter development-testing-support cycles (e.g. CI/CD, DevOps). This impacts how security should be addressed by design. Elements here are transferring security responsibility to the agile teams, education, automation etc.
    February 2022
  • 28

    Growing use of AI applications

    Artificial Intelligence (AI) is the ability of systems to display (human) intelligent behavior with automatic decisions or decision support as a result. Smart algorithms offer new possibilities for linking different data sources. The use of counter AI and reinforced learning for detection could be a possible way to make cyber security more effective. AI is increasingly used by defenders and attackers both, AI can be used to automatically find vulnerabilities, automatically patch, and automatically generate exploits. Explainability and responsibility must however always be taken into account.
    Related project
    PurpleAI
    April 2023
  • 30

    Increase of malicious uses and abuses of AI

    Artificial Intelligence (AI) is the ability of systems to display (human) intelligent behavior with automatic decisions or decision support as a result. Smart algorithms offer new possibilities for linking different data sources. The use of counter AI and reinforced learning for detection could be a possible way to make cyber security more effective. AI is increasingly used by defenders and attackers both, e.g. red teaming can experience significant improvements as traditional penetration testing outpaced by today’s complexity. AI can be used to automatically find vulnerabilities, automatically patch, and automatically generate exploits. Explainability and responsibility must however always be taken into account.
    Related project
    PurpleAI
    May 2024
  • 31

    Increasing ‘hybrid systems situations’ and complexity of systems

    Systems are becoming more complex, which makes it harder to secure them. One reason is that currently old and new technologies and programs co-exist within company systems: old legacy systems are not ready to be phased out, while new ones have to be added. This leads to highly complex systems, which makes it harder to keep an overview and understand the weaknesses. More so, when these systems are attacked, we see that limited backup systems are in place to temporarily take over part of the operation (lacking robustness). Another reason is that new technologies, which sometimes are not fully understood yet and which are not fully controlled by the organisation, are introduced at high speed. Examples are distributed ledger and virtual reality.
    September 2022
  • 32

    Growing need for impactful awareness campaigns and behavioral change programs

    There is a growing need for educational, behavioral change programs targeting unsecure behaviors of end-users, educating such users on how to behave in cyber environments. Cyber security gaming (potentially with VR) is one of the tools developed nowadays which can be a possibility for increasing attention. However, the question remains whether such programs are effective. To answer that question, metrics and measurement methods are needed to measure the effectiveness of awareness and interventions.
    February 2022
  • 33

    Growing need for security automation in cyber defense

    Because attackers become more automated, there is a growing need for defenders to automate cyber security, because the human operator can not respond sufficiently fast to automated attacks. Currently Cyber Security Incident Management in general is still a predominantly human-based process, e.g. the overwhelming number of alerts for SDC's/SOC's ask for triage automation where possible. Not only rule-based triage, but also AI-driven triage.
    August 2022
  • 36

    Growing use of online productivity tools / 3rd party IT applications

    Use of unauthorized services (outside of the trusted organization's software packages) is increasing. Software such as Dropbox, Google Drive, Wetransfer are used frequently by employees for day-to-day business activities. As a result, it becomes increasingly difficult for organizations to monitor where sensitive information is stored and as a result to control/protect data. Insufficiently secured personal devices and home routers, transfer of sensitive information over unsecured or unsanctioned channels consequently will play a key role in data breaches and leaks.
    March 2022
  • 37

    Growing urgency for strategic autonomy and export control for Europe on cybersecurity

    Europe has become aware of its dependence on foreign raw materials, products and services. Especially in the field of digital technology, the EU risks falling behind. Strategic autonomy is important to be able to set one's own course in terms of regulation and self-determination. This is because of the importance of ensuring the physical, economic and digital security of citizens. Choices have to be made on the dependencies of foreign (American or Chinese) products. This also relates to directives being more focused towards export control - thinking about with which countries companies are allowed to do business with and what things are allowed to be exported in the context of cyber security.
    November 2023
  • 38

    Increasing dependency on open source libraries and software

    Open-source software is becoming increasingly popular, as it can improve module communication and combat vendor lock-in; the format in which it’s used most often is to include OS libraries in software applications. Open source, however, has effects on security: on one hand, public scrutiny can improve the security of a library, while on the other hand, open-source projects can more easily be infiltrated by malicious participants who try to add malicious code to libraries. For example, it was recently detected that Log4j, an open-source logging library, had severe security issues. If left unfixed, attackers can break into systems, steal passwords and logins, extract data, and infect networks with malicious software or conduct espionage.
    March 2022
  • 39

    Growing interest in zero-trust initiatives

    Zero trust is the principle of 'never trust, always verify'. The assumption is that there is no hard line between trusted and non-trusted zones. Zero trust allows an organization to use contextual information to make (risk based) security decisions (such as authentication or access management). Contextual information can be e.g. identity, credentials, authenticators, location, device, time of day etc.
    Related project
    Zero Trust
    October 2022
  • 41

    Growing dependency on cloud and (same) CSP and/or vendor

    Organizations are increasingly leveraging cloud infrastructures to support their business activities, improving accessibility of data and helping in striving for resilient or advanced services. However, this also creates dependencies for organizations on such service providers. It can become a risk when such CSP's and vendors will suffer downtime in their primary services.
    August 2022
  • 43

    Growth of exerting pressure on organizations by ransomware attacks

    Ransomware attackers are leveraging new methods to force organizations to pay ransom for de-encrypting their files, for example by exposing / leaking the data that is collected or by contacting the customers of organizations to target these customers. Often, those parties are targeted that cannot afford downtime, and thus are more likely to pay.
    January 2022
  • 45

    Growing need for IT application based upon open security standards

    In the security market there are a many providers who also are making vertical solutions that create lock-ins. There is a growing need for modular systems for which it is easy to link product A to product B, which can help in fostering collaborative efforts and services. In addition, open or European / global standards or unified architectures will contribute to fewer complications in terms of integration.
    September 2023
  • 46

    Growing need for risk-based security instead of compliance based

    The compliance-based manner of legislation may miss the mark. When compliance-based legislation is growing, organizations increasingly feel the pressure to 'comply', even if policies sometimes do not provide the support needed to cope with modern online or cybersecurity challenges. As a result, this makes it either too bureaucratic or too restrictive for organizations to adopt cybersecurity practices that fit their respective needs and help them deal with cybersecurity challenges and minimize risks.
    July 2022
  • 47

    API security is becoming more important

    APIs are increasingly used as they offer programmers and application developers programmable communication interfaces with (parts of) software and services elsewhere. However, through these interfaces, sensitive data or certain parts of an application may be communicated, which logically makes them a popular target for cybercriminals. In addition, many APIs can be accessed from the Internet and can be exploited remotely by an attacker with technical knowledge.
    May 2022
  • 48

    Growing need for customized threat information

    There is a growing need to enhance the situational awareness and the foresight on new threats. Therefore Cyber Threat Intelligence is needed, that is both actual and actionable but also relevant for the specific context. Raw information that is received therefore needs to be processed and customized, so it turns into usable and actionable threat intelligence. This essential for an organization to build and improve cyber security strategies.
    November 2022
  • 49

    Increasing speed of technology (IT) innovation

    Development in especially cloud services is going faster and new services are released rapidly and continuously. This is making it increasingly hard to uphold existing risk management processes of assessing before adoption or life cycle management of the changes. It is also leading to vulnerabilities as software may be not as thoroughly tested in the race for releasing faster. At the same time, this is also true for security services that are (natively) available in the cloud.
    May 2022
Beeldmerk PCSI
PCSI is a collaboration of
    ABN-AMRO Achmea ASML Belastingdienst ING TNO Volksbank
This project is co-funded by Holland High Tech with a PPP Grant for Research and Innovation in Top Sector HTSM ® 2022 Partnership for Cyber Security Innovation