Last week, the Australia government joined other countries in the Asia Pacific region in highlighting the growth of attack surface in the midst of the COVID-19 pandemic.
In our recently launched study Digital Priorities in the New Normal, we find that 87% of organisations in the Asia Pacific have increased investments in one or more cybersecurity solutions. However, this has to be backed by a reassessment of organisations’ risk positions and a re-evaluation of data protection and compliance policies.
There has been a widespread adoption of hybrid and multi-cloud architectures in the recent past and this trend is only expected to go up in the near future. A hybrid cloud adoption has its challenges though; including the need for organisations to baseline their security practices across so many different environments. Organisations that are aware of the cybersecurity risks associated are increasingly looking for external specialised help in managing their cloud security measures, especially with an aim to automate the processes.
Zscaler Acquires CloudNeeti
In a recent announcement, Zscaler announced its intentions to acquire Cloudneeti, a niche Cloud Security Posture Management (CSPM) start-up based in Redmond, Washington. This is set to expand Zscaler’s Cloud Security Platform capabilities to include data protection. With this acquisition, Zscaler will be able to complement its own offerings to provide:
- A complete Data Protection and Exposure Prevention suite, that works across locations, users and applications and ensures better compliance with regulations
- A Unified Compliance Assurance platform that provides compliance visibility and breach mitigation across the multiple SaaS applications an organisation uses
- Risk Reduction through automated remediations following both industry compliance laws and organisations’ own risk management program guidelines
Ecosystm research finds that organisations are struggling with their cybersecurity implementations, especially as the solutions get increasingly complicated to combat the complex and evolving threat environment (Figure 1). Integration with existing cybersecurity measures, and a lack of sufficiently skilled IT staff to handle the myriad needs of the multiple systems and applications, builds a strong case for automation in cybersecurity practices.
Ecosystm Principal Advisor, Alex Woerndle says, “Automation is critical in cybersecurity, given the volume of data, alerts and incidents that are being dealt with on a daily basis, globally. Automating recurrent and high-volume tasks is a critical step in getting on top of this challenge.”
Importance of Automating Cybersecurity Processes
Woerndle sees a growing role for CSPM providers for multiple reasons. “Firstly, a lot of companies are finding that they cannot be ‘fully cloud’ and as such, end up with a complex architecture spanning on-premise, private cloud environments and multiple public cloud tenancies. Secondly, due to poorly planned cloud migrations, changing priorities, differences in service requirements, cost differences and also personal preferences across multiple teams, a lot of companies end up consuming different services across multiple public cloud providers (Azure, AWS, GCP, and so on). IT teams are struggling to be experts in all aspects of the shared responsibility model and with the capabilities to secure the various services. Finally, there is a constant stream of upgrades and addition of new services team members, given the easy accessibility public cloud environments provide. CSPM solutions provide the ability to establish baselines, enforce security controls and run regular checks to ensure compliance. Doing this manually is time consuming, expensive and always three steps behind.”
Woerndle also sees further complications because of the COVID-19 crisis. “COVID-19 has shifted the world to remote working overnight. Once workers are outside of the trusted corporate network and have access to cloud resources from their home networks, additional complexity to the corporate security posture is highlighted. Depending on how organisations have prepared for this, they either maintain control of all services and applications, and the access into each, or if not prepared, open direct access to a lot of unsecured applications from potentially very unsecured networks.” In fact Zscaler has seen its stock prices rising in the aftermath of the global crisis.
However, Woerndle warns, “While the conversation certainly supports the use of CSPMs, there is a lot more to it in terms of securing home networks, identity and access management, and so on.”
Zscaler’s acquisition of CloudNeeti certainly appears to be a timely move, in the current environment when organisations are struggling with a lack of resources with the extensive knowledge to understand all private and public cloud environments. There are controls required to secure each application, resource and system within an organisation – along with the time and effort required to implement, monitor, audit and improve cybersecurity measures over time.
Cybersecurity will remain an important topic of discussion on the world forum. 2020 is predicted to see an increasing number of state-sponsored cyber-attacks especially on utilities and public infrastructure. In addition, the number of AI based devices will increase which will receive specific attention from regulators for data and cybersecurity. Finally, there will be opportunities for mergers and acquisitions and investments in established cybersecurity providers to remain innovative and growing.
Here are the Top 5 Cybersecurity Trends for 2020, that we believe, will impact both businesses and consumers in 2020.
The Top 5 Cybersecurity Trends for 2020
The Top 5 Cybersecurity Trends for 2020 are drawn from the findings of the global Ecosystm Cybersecurity Study and is also based on qualitative research by Ecosystm Principal Advisors Alex Woerndle, Carl Woerndle and Claus Mortensen.
-
API Vulnerabilities will Become a Main Hacker Target
APIs grant access and provide transparency for developers – providing access and insights from both internal and external data. But they are inherently insecure. We have already seen several high-profile API breaches and announced API bugs. For example, in October 2018, Google had to shut down Google+ after an API bug exposed details for over 500,000 users.
We believe the problem will get significantly worse in 2020, with API attacks quickly becoming one of – if not the most – frequent target for hackers.
-
Operational Technology Security will Continue to Lag in 2020
Operational Technology (OT) refers to the hardware and software used to monitor and manage how devices that run on an organisation’s infrastructure perform. These devices have become smarter, remotely accessible and increasingly connected to networks. However, they were never designed with this in mind.
With organisations continuing to focus on data breaches – the investment in OT security will continue to lag. This will create a ‘security debt’ over coming years for those that do not invest in preventative controls now.
-
AI Training will Receive Attention from Regulators and the Public as a Possible Infringement of Privacy
News that Amazon’s Alexa was eavesdropping on its users, and that Apple’s Siri and Google’s Assistant, also kept recordings to help train their AI raised many concerns about how data to train AI is collected and stored. Apart from the initial consternation in the press and on social media, nothing much seems to have happened from a regulatory perspective.
2020 will be the year when AI training relying on consumer data will start to become regulated.
-
Major GDPR Fines in 2020 will Force MNCs to Invest in Security Compliance
GDPR came into effect in May 2018, but we still have not seen huge amounts of fines being issued in the EU. Only two fines were issued in 2018, while at least 17 were known to be issued in the first half of 2019, totalling about EUR 52 million. In the third quarter of 2019, at least 12 fines were issued totalling about EUR 328 million.
The trend is clear: Expect to see a magnitude of companies across EU be penalised in 2020. We also expect several fines above EUR 100 million and GDPR impacting countries outside the EU.
-
Mergers & Acquisitions will Ratchet up Significantly in 2020
The fragmented global security market consists of thousands of vendors and consultancies. Every day a swathe of new start-ups announces their ground-breaking new technology. Coupled with significant investments in tertiary education and industry certifications for a growing workforce, the next generation of cybersecurity entrepreneurs are entering with force.
We believe that this creates both threats and opportunities for established cybersecurity providers that need to remain innovative and growing. Similarly, this presents smaller or more niche cybersecurity start-ups with an avenue for funding or acquisition.
Ecosystm in partnership with SGInnovate, the government-backed organisation that promotes Deep Tech in Singapore, released a series of four reports covering areas of mutual interest: Cybersecurity, Artificial Intelligence, Cities of the Future and Healthtech. ‘Ecosystm Predicts: The Top 5 Cybersecurity Trends for 2020’ report is a part of this collaboration and is available for download from Ecosystm and SGInnovate websites.
Download Report: The top 5 Cybersecurity trends for 2020
The full findings and implications of the report ‘Ecosystm Predicts: The Top 5 Cybersecurity Trends for 2020’ are available for download from the Ecosystm platform. Signup for Free to download the report and gain insight into ‘the top 5 Cybersecurity trends for 2020’, implications for tech buyers, implications for tech vendors, insights, and more resources. Download Link Below ?
