In 2020 and in 2021 as well, breaches are the digital pandemic proving to be just as insidious and difficult to stop as Covid-19. The pandemic is in fact revolutionizing the cyber security landscape in India as businesses and their customers are forced to take a holistic approach, which has delivered multiple years’ worth of transformation in a matter of months. Let’s analyse few of the trends that are helping organizations be prepared for all present and future uncertainties
The year 2020 was the one that everyone would like to forget. From a cyber security perspective too, 2020 was buzzing for all the wrong reasons. While the world was focused on the health and economic threats, cyber criminals were capitalizing on the crisis.
2021 is not much different either. The Union transport ministry recently received an alert from the Indian Computer Emergency Response Team (Cert-IN) regarding targeted intrusion activities directed towards the country’s transport sector. This comes after a slew of cyber security attacks on Indian government’s domains over the past few months. In February 2021, there were reports of new phishing emails using compromised government accounts to target groups of officials, attempting to lure them into sharing their passwords on a page that mirrored the government’s official mail server sign-on website. Earlier in March, American cyber intelligence company Recorded Future said that it uncovered a cyber operation that was focused on India’s electricity grid and other critical infrastructure. While the company did not link the power outage in Mumbai to the operation, it did not rule out a link.
These are mere glimpses of the cyber security threat landscape which has become a major scare for businesses and governments, alike. Today’s cyber criminals are often well-funded, some even sponsored by rogue government organizations. In addition, stealthy and persistent attackers now have the skills and tools to do everything from taking down power grids to targeting hospitals and financial institutions with ransomware.
Remote work makes security complex
The threat scenario has got further complex with the higher dependence on cloud and distributed workspaces. “There is a rise in the need to secure endpoints, as multiple access points from multiple locations are connected to a corporate network. However, the lack of security in remote work environments exposes vulnerable devices to potential cyber attacks,” elaborates Indranil Chatterjee, General Manager, Security & Compliance, Jio Platforms. “The massive work-from-home directive has upended security professional’s responsibilities. In fact, a recent survey of executive decision-makers conducted by Deloitte found: 69 percent executives expect the number and size of cyber events to increase over the next 12 months,” he adds.
The increase in remote working calls for a greater focus on cyber security, because of the greater exposure to cyber risk. This is apparent from a recent study which highlights that almost 47 percent of individuals fall for a phishing scam while working at home. In addition, as per NTT’s 2020 Intelligent Workplace Report, 76.9 percent of organizations find it more difficult to spot IT security or business risk brought about by distributed working.
Yet, most businesses still struggle with effectively preparing themselves with cyber security response system. A recent IBM and Ponemon Institute study highlighted that 41 percent of the respondents from India review and test their cyber security incident response plan (CSIRP) only once each year. This is an alarming fact, specifically in the light of the current pandemic since many organizations had to overnight shift to a hybrid work environment leading to many unforeseen risks.
Further, as per IBM’s 2020 Cost of Data Breach report, Indian companies witnessed an average of Rs 140 million total cost of a data breach in 2020, an increase of 9.4 percent from 2019. In contrast, companies with fully deployed security automation were able to detect and contain a breach 27 percent faster than those with none. This showcases the importance of technology preparedness, highlights Sudeep Das, Technical Leader, IBM Security Systems, IBM India/South Asia.
In fact, intellectual property will be hackers’ next golden ticket. In 2020, we saw a rise in healthcare breaches, likely because patient records often fetch up to $1,000 each. Compared to credit card data, which goes for just $12-20 and email addresses, which average around $100 in bulk, it makes complete financial sense.
Enterprises get proactive
The ongoing Covid-19 pandemic has forced the enterprises to adopt a proactive rather than a reactive approach to address the potential security threats. This is bolstered by a recent PwC study which found that 55 percent of executives are planning to ramp up their cyber security spending in 2021 despite the majority of them, 64 percent, expecting business revenues to decline. PwC found that cyber security is more business-critical than ever before. Almost 51 percent of the executives are adding full-time cyber security staff in 2021.
The growing seriousness towards cyber security is pushing the cyber security spending in India. According to a joint study conducted by PwC India and the Data Security Council of India (DSCI) the cyber security market in India is set to grow from USD 1.97 billion in 2019 to USD 3.05 billion by 2022, at a compound annual growth rate (CAGR) of 15.6 percent. The growth rate is nearly 1.5 times the global growth rate of cyber security expenditure.
As per market experts, escalating threats make it clear that regardless of what you do, you cannot protect against everything. All organizations need to plan for allowable levels of vulnerability based on their risk tolerances. Instead of solving a specific problem, enterprises must establish built-in resilience that allows them to adapt, evolve and change their security posture.
The confluence of mobility, cloud, and social networking has multiplied risks across the distributed workforce. These factors call for a new approach to security that’s driven by knowledge of threats, assets, and adversaries. One in which security incidents are seen as a critical business risk that may not always be preventable but can be managed to acceptable levels. “We call this model ‘Awareness to Action.’ This approach comprises of four key precepts: security is now a business imperative; security threats are business risks; the most valuable information must be protected; and all activities and investments should be driven by comprehensive, current information about assets, ecosystem threats, and vulnerabilities,” informs Chatterjee.
Customers are now looking for security technologies which can help protect their data, provide end-to-end security across multiple environments, new authentication methods, monitoring services and most importantly re-imagine their risk assessment. Indeed, few of the trends are helping organizations innovate and be prepared for all present and future uncertainties.
Zero Trust gains currency
With the explosion of cloud computing, adopting Zero Trust approach makes more sense as it assumes no barriers: don’t trust anything by default, starting with the network. ‘Zero Trust’ ensures that critical assets can only be reached by those offering proof positive that they have the credentials, identity, and need to access them.
Developed by Palo Alto Networks’ John Kindervag, unlike traditional systems that believe data needs protection from only the players outside of the organisation, Zero Trust model treats all users as potential threats and sets authentication and access restrictions accordingly.
Though the concept of Zero Trust has been around for some time, it gained currency in 2020 due to the perimeter-less approach useful for employees working from different locations.
Organizations are displaying renewed vigour around combining identity, data, network, and device security into a common analysis platform to better deliver security context and build on an organization’s Zero-Trust journey. “Companies are realizing that the siloed security programs are not delivering the right level of risk view to them and it is necessary to drive horizontal data analysis across all the security telemetry data that is available for the most critical resources in the organization – people, data and infrastructure,” explains Das.
Data, endpoint to stay critical
The regulatory landscape for privacy and data protection is expected to reach a tipping point in 2021, forcing Indian organisations to comply with not only global regulations (like General Data Protection Regulation) but also with the proposed Indian legislation – the Personal Data Protection Bill, 2019 (which was sent to a joint standing committee of the Parliament and is expected to be tabled in the Parliament soon), the Aadhaar Act, 2016, and other such regulations.
Gaining complete visibility and control on each and every piece of information leaving enterprise boundaries will be an important step in their war against cyber-attacks. “We see a newer data security approach being adopted, that keeps data at the centre of all security measures to prevent data exploitation. Security solutions will need to transform their product architectures so that they help enterprises to step up from traditional allow/block binary security approach to a more modern ‘Allow But Monitor’ approach, considering the increase in work from home setup using collaborative business, cloud and SaaS applications. This is possible only if they have deeper data context visibility to ensure smoother and controlled operations, preventing data breaches and attacks,” shares, Sonit Jain, CEO, GajShield Infotech.
Security architectures have to move closer to data and need to have an integrated context-based data security approach that helps organisations to secure data and prevent unauthorised access to critical data, through Zero Trust framework, thus ensuring protection of data even with the remote and roaming users. Data security edges will become the new normal, he adds.
The recent PwC-DSCI report reveals that data security products will grow at a CAGR of 22.2 percent in India; the fastest in the world. The demand for privacy-related solutions is expected to pick up as organisations will compete to gain business advantage in this technological environment and avoid hefty fines or penalties for non-compliance. Organisations actively serving in other markets will spend to comply with critical regulations like the UK’s Privacy Protection Act, 2018, and the California Consumer Protection Act.
Further, in the current scenario when businesses are operating from remote locations, centralized security systems prove ineffective. “Hence, endpoint security has become a necessity to manage multiple open points and help regulate data traffic and monitor the incoming and outgoing connection of sensitive and mission-critical data. Soon, more organizations will find the answers to their security problems in endpoint security. It reduces the risk of harmful data breaches, ensures advanced threat prevention and can also avoid remediation costs in the long run,” shares Ripu Bajwa, Director and General Manager, Data Protection Solutions, Dell Technologies.
In fact, organizations are looking at extended detect and response (XDR) and endpoint protection which is more based on behavioural analysis than just your signatures. So, XDR has now become the new model for end point security, adds Harpreet Bhatia, Director, Channels & Strategic Alliances, India & Saarc, Palo Alto Networks.
Defined as SaaS-based threat detection and incident response tool, XDR integrates multiple security products into a single security operation system. It provides a holistic view of the threats across the technology landscape and helps organisations go beyond the typical detective controls.
Cloud security moves towards SASE
To keep their operations smooth and running, businesses are adopting a multi-cloud setup and it is predicted that almost 83 percent of enterprise workload will move to the cloud, further complicating their security. A recent study suggested that over 34 percent of data breaches involve internal actors with financial and non-financial motives, increasing the risk of data leak by these remote users up to 60 percent, discloses Jain.
Hence, organizations are opting for cloud security to protect data and applications running on multiple cloud infrastructures. Gartner estimates a growth of 31.2 percent on cloud management and security services, thereby emphasizing the need for sure-fire cloud-based security.
However, as the cloud management and security get complex with multi-cloud environment, it is driving a need for converged services to reduce complexity, improve speed and agility, enable multicloud networking and secure the new SD-WAN-enabled architecture. “There will be more cloud-first security mechanisms such as the Security Access Service Edge (SASE), which is the consolidation of several existing security mechanisms such as SD-WAN, NGFW, Zero-Trust and more. SASE is a security framework for enabling secure and fast cloud adoption. It ensures users and devices have secure cloud access to data and services, from anywhere and anytime,” states, Mathivanan Venkatachalam, Vice President, ManageEngine.
From a customer’s perspective SASE is a platform that solves complexity in securing the remote employees. With reduced hardware footprint in SASE architecture, it lowers the operations cost and operational management workload. SASE is going to be a big trend going forward,” suggests Bhatia.
Talent crunch puts focus on SOC
With a lack of skilled personnel being a major inhibitor to maximize the efficacy of security investments, we are seeing more organizations evaluating Cyber Security-as-a-Service (CSaaS) or Security Operations Center (SOC) option. “SOC empowers the organization to work with a security firm specializing in various security services. Security as a Service can help with the maintenance and operationalization of the security controls thereby driving security through an SLA-driven program rather than a traditional path of consuming an on-prem security solution,” specifies Das.
Businesses are increasingly focused on adopting SOCs to strengthen breach response capabilities. The adoption of SOCs which are modern and boast of integrated incident response, threat intelligence and threat hunting capabilities will increase. This will be driven primarily by the need to protect the crown jewels, such as intellectual property, brand equity, business systems and data.
CSaaS offers benefits such as cost-effectiveness, scalability, and digital transformation. “Though CSaaS has significant advantages, but its adoption had been slow in India. However, Covid-19 has accelerated its adoption and made enterprises realise its importance in securing an organisation with no boundaries,” highlights Jain.
AI to deliver on security
To keep up with the rate and speed of cyber-attacks is extremely difficult for humans. Thus, using technologies such as AI to beef up cyber security and improve the rate of responding to attack is more of a necessity than a matter of choice. Many of the experts expect that advances in AI and ML will allow devices to self-secure, and heal by as much as 80 percent by 2022. In fact, AI can help the understaffed and under-resourced security teams to stay on top of cyber threats and attacks.
According to a recent research report, the market cap of AI-in cyber security is expected to hit USD 14.18 billion by 2025. But, what makes AI a big deal in cyber security? There are three significant reasons:
• AI provides proactive threat mitigation capabilities required for constant supervision and adaption to security vulnerabilities.
• With AI, users receive security alerts in real-time to activate quick threat mitigation.
• Along with machine learning, AI can be hands-on in preventing threats rather than detection.
An AI algorithm can, not only be used to scan emails for simple spam and phishing campaigns, but also for more dangerous threats like thread-jacking and business email compromise attacks. “But more than that, these algorithms can learn to spot suspicious patterns in network traffic, authentication, and user behaviour. AI solutions act as an early warning system for organisations. It allows the security team to react to events as they are happening and well before any long-lasting damage can occur,” shares Sunil Sharma, Managing Director, Sales, Sophos India & Saarc.
Further, AI and ML applications are being embedded into the cyber suite of offerings – especially in security intelligence, detection and response (IDR), endpoint security and security testing. In addition, companies are evaluating their AI journey for security to ensure that it is moving from just a promise phase to actual delivery of AI-based security insights.
“While we have witnessed the use of AI/ML within the realm of security, moving forward, organizations will embrace the power of machine learning to help them monitor their risks across all security controls. There are mountains of security telemetry data available with all IT landscapes and not all of this data is being analyzed and used for security monitoring and threat hunting. ML-based tools could provide the necessary insights from each of these controls – be it the security information and event management (SIEM) system or the user behavior analysis system or the identity risk monitoring system and more importantly the data security systems,” elaborates Das.
However, many say that it’s early days for AI in cyber security with some unique challenges. “False positives are a big challenge as no one likes to hamper the UX for security. Then there’s challenge about security of the training data. What if the malicious actors target the training data? These are some real challenges and we need to take care of these before we see more AI in security. At the same time, there are few great innovations happening in this space with IBM Watson introducing intelligent threat analytics. Google has been doing spam filtering for years now using sophisticated machine learning algorithms. Considering the growth in volume and complexity of attacks, there will be an increased AI adoption in security,” states Ujwal Ratra, Chief Operating Officer, Astra Security.
Automation to drive security strategy
Cyber risks are here to stay and they are going to rise (as it only takes one bad click to breach your system). In 2020, we saw the rise of threat attackers cherry pick protocols that were used for meaningful exploitation. Even with the increased awareness on the importance of cyber security, globally, it is predicted that in 2021, there could be one attack every 11 seconds. Hence, the need of the hour moving forward, is to focus on the entire threat lifecycle in a proactive manner.
Moreover, organizations have traditionally struggled to take quick and auditable action on security insights that are provided by various protection systems in the organizations due to either lack of man-power or lack of process. Like the application of automation in other fields, in security too, it frees the workforce to concentrate on more skill-based tasks. As per a research, due to the sheer volume of tasks associated with cyber security, IT teams miss out on 74% of events/alerts that sometimes blow out of proportion. With automation in place, such detection and lower-level problem resolution can be taken care of by the machines. In fact, investments in orchestration and automation technologies can help ensure that the detected incidents are addressed in a systematic and compliant manner.
Security has always been fundamental to digital transformation, while earlier it was just an enabler, now it has become a business accelerator. This is the reason why cyber security leaders have now become a part of business decision-making processes and as the years’ progress, we can expect their role to become crucial for the success of a business.
“As the dependency on technology increases, the reliability of new-age technologies like AI will also increase to nurture a relationship between humans and machines. Not only this, but security automation will become a buzzword for organizations looking to secure their critical data in the future,” states Bajwa.
Further, the usage of IoT devices and 5G networks will open up a whole lot of security gaps with hardware-based authentication seen as a solution. “Similarly, emerging/new security models such as password-less authentication, User Behavior Analytics (UBA) and more will continue to evolve at a far quicker rate than usual in order to keep pace with the growing cyber security needs. With the incorporation of deep learning into security setup, next-gen security products are expected to be self-governing, self-learning, and self-aware, thus, requiring minimal manual intervention,” concludes Venkatachalam.