I belong to the Cyber Security industry. Security is at a crossroads as cyber crime is growing dramatically even though more money is being spent on it. The industry is witnessing some major trends such as attacks becoming more targeted and sophisticated. Secondly, the endpoint has evolved to be the most vulnerable link and existing defenses such as anti-virus and firewalls fail to function. Additionally, mobile devices, especially those that are Android based, are increasingly targeted and have become a headache for IT administrators. As the Apple Mac becomes more popular in the enterprise, we will see more attacks that target it. The other trend is Convergence of Big Data and Security. Passwords have become increasingly obsolete and will be replaced by two factor authentication. Lastly, Keyloggers have emerged as the single biggest threat, being the common factor in all the big data breaches.

In the Near Future

Two factor authentication, especially using a cellphone as a second factor (out-of-band authentication) will become the norm for accessing VPNs and websites. Big Data techniques will be used to automate cyber incident handling and automated response. Finally, Endpoint security will be overhauled with an increasing emphasis on mitigating key logging, using techniques such as keystroke encryption. And, Mobile security software will be more prevalent and will become standard on Mobile OS's. Also, there will be more security software for Apple products.

Despite recent advancements, the industry encounters some challenges. Due to the growth in offshoring, the cost of product development has come down dramatically. As a result, the barrier to entry has come down and there are a lot more people starting companies today. This means that there is more competition for capital and increased difficulty in having your product stand out against the competition. Also, it is more difficult to attract talent as they tend to go to well capitalized companies. However, the rewards for successful entrepreneurs have increased dramatically.

In the security industry, the emphasis has been on detection - detecting viruses, detecting malware, and intrusions. This is typically after the endpoint or server has already been compromised. What is needed are solutions that are more preventive in nature for hardening OS's, encrypting all data - especially keystrokes (the point where confidential data is entered), preventing stolen credentials from being used (using techniques such as out-of-band authentication).