In our recently launched study Digital Priorities in the New Normal, we find that 87% of organisations in the Asia Pacific have increased investments in one or more cybersecurity solutions. However, this has to be backed by a reassessment of organisations’ risk positions and a re-evaluation of data protection and compliance policies.
Get more insights on the adoption of key Cybersecurity solutions and investments through our “Market Insights and Vendor Selection” research module which is live and ongoing on the Ecosystm platform.
A complete Data Protection and Exposure Prevention suite, that works across locations, users and applications and ensures better compliance with regulations
A Unified Compliance Assurance platform that provides compliance visibility and breach mitigation across the multiple SaaS applications an organisation uses
Risk Reduction through automated remediations following both industry compliance laws and organisations’ own risk management program guidelines
Ecosystm research finds that organisations are struggling with their cybersecurity implementations, especially as the solutions get increasingly complicated to combat the complex and evolving threat environment (Figure 1). Integration with existing cybersecurity measures, and a lack of sufficiently skilled IT staff to handle the myriad needs of the multiple systems and applications, builds a strong case for automation in cybersecurity practices.
Ecosystm Principal Advisor, Alex Woerndle says, “Automation is critical in cybersecurity, given the volume of data, alerts and incidents that are being dealt with on a daily basis, globally. Automating recurrent and high-volume tasks is a critical step in getting on top of this challenge.”
Importance of Automating Cybersecurity Processes
Woerndle sees a growing role for CSPM providers for multiple reasons. “Firstly, a lot of companies are finding that they cannot be ‘fully cloud’ and as such, end up with a complex architecture spanning on-premise, private cloud environments and multiple public cloud tenancies. Secondly, due to poorly planned cloud migrations, changing priorities, differences in service requirements, cost differences and also personal preferences across multiple teams, a lot of companies end up consuming different services across multiple public cloud providers (Azure, AWS, GCP, and so on). IT teams are struggling to be experts in all aspects of the shared responsibility model and with the capabilities to secure the various services. Finally, there is a constant stream of upgrades and addition of new services team members, given the easy accessibility public cloud environments provide. CSPM solutions provide the ability to establish baselines, enforce security controls and run regular checks to ensure compliance. Doing this manually is time consuming, expensive and always three steps behind.”
Woerndle also sees further complications because of the COVID-19 crisis. “COVID-19 has shifted the world to remote working overnight. Once workers are outside of the trusted corporate network and have access to cloud resources from their home networks, additional complexity to the corporate security posture is highlighted. Depending on how organisations have prepared for this, they either maintain control of all services and applications, and the access into each, or if not prepared, open direct access to a lot of unsecured applications from potentially very unsecured networks.” In fact Zscaler has seen its stock prices rising in the aftermath of the global crisis.
However, Woerndle warns, “While the conversation certainly supports the use of CSPMs, there is a lot more to it in terms of securing home networks, identity and access management, and so on.”
Zscaler’s acquisition of CloudNeeti certainly appears to be a timely move, in the current environment when organisations are struggling with a lack of resources with the extensive knowledge to understand all private and public cloud environments. There are controls required to secure each application, resource and system within an organisation – along with the time and effort required to implement, monitor, audit and improve cybersecurity measures over time.
API Vulnerabilities will Become a Main Hacker Target
APIs grant access and provide transparency for developers – providing access and insights from both internal and external data. But they are inherently insecure. We have already seen several high-profile API breaches and announced API bugs. For example, in October 2018, Google had to shut down Google+ after an API bug exposed details for over 500,000 users.
We believe the problem will get significantly worse in 2020, with API attacks quickly becoming one of – if not the most – frequent target for hackers.
Operational Technology Security will Continue to Lag in 2020
Operational Technology (OT) refers to the hardware and software used to monitor and manage how devices that run on an organisation’s infrastructure perform. These devices have become smarter, remotely accessible and increasingly connected to networks. However, they were never designed with this in mind.
With organisations continuing to focus on data breaches – the investment in OT security will continue to lag. This will create a ‘security debt’ over coming years for those that do not invest in preventative controls now.
AI Training will Receive Attention from Regulators and the Public as a Possible Infringement of Privacy
News that Amazon’s Alexa was eavesdropping on its users, and that Apple’s Siri and Google’s Assistant, also kept recordings to help train their AI raised many concerns about how data to train AI is collected and stored. Apart from the initial consternation in the press and on social media, nothing much seems to have happened from a regulatory perspective.
2020 will be the year when AI training relying on consumer data will start to become regulated.
Major GDPR Fines in 2020 will Force MNCs to Invest in Security Compliance
GDPR came into effect in May 2018, but we still have not seen huge amounts of fines being issued in the EU. Only two fines were issued in 2018, while at least 17 were known to be issued in the first half of 2019, totalling about EUR 52 million. In the third quarter of 2019, at least 12 fines were issued totalling about EUR 328 million.
The trend is clear: Expect to see a magnitude of companies across EU be penalised in 2020. We also expect several fines above EUR 100 million and GDPR impacting countries outside the EU.
Mergers & Acquisitions will Ratchet up Significantly in 2020
The fragmented global security market consists of thousands of vendors and consultancies. Every day a swathe of new start-ups announces their ground-breaking new technology. Coupled with significant investments in tertiary education and industry certifications for a growing workforce, the next generation of cybersecurity entrepreneurs are entering with force.
We believe that this creates both threats and opportunities for established cybersecurity providers that need to remain innovative and growing. Similarly, this presents smaller or more niche cybersecurity start-ups with an avenue for funding or acquisition.
Ecosystm in partnership with SGInnovate, the government-backed organisation that promotes Deep Tech in Singapore, released a series of four reports covering areas of mutual interest: Cybersecurity, Artificial Intelligence, Cities of the Future and Healthtech. ‘Ecosystm Predicts: The Top 5 Cybersecurity Trends for 2020’ report is a part of this collaboration and is available for download from Ecosystm and SGInnovate websites.
Download Report: The top 5 Cybersecurity trends for 2020
The full findings and implications of the report ‘Ecosystm Predicts: The Top 5 Cybersecurity Trends for 2020’ are available for download from the Ecosystm platform. Signup for Free to download the report and gain insight into ‘the top 5 Cybersecurity trends for 2020’, implications for tech buyers, implications for tech vendors, insights, and more resources. Download Link Below ?