Rakesh Kharwal
MD, Cyberbit – India
Cybersecurity, for businesses, often comes as something that holds little value. However, the global economy is expected to shed $6 trillion on an annual basis by 2021 due to wide-ranging cyberattacks and cybercrimes – as also pointed out in a report by Cybersecurity Ventures. To give a picture, this figure is more than double of what India’s GDP is at present, and $1 trillion more than what it aims to become by 2025.
This must surely ring a bell. Cybersecurity’s value goes beyond mere economic losses, as it also has a far-reaching impact on its image and involves legal implications. So, let us have a look at what are going to be the major cybersecurity predictions for 2020 and what approach must businesses adopt.
The Cybersecurity skill gap continues to widen drastically
The global shortage for cybersecurity professionals has reached 4 million according to ISC Research, and more than 1 million of this shortage is in India alone. This will continue to be the top challenge for security leaders as organizations will face difficulty in finding quality cybersecurity professionals. Also, many studies suggest that most security professionals experience their first real-life malware attack on the job and learn about such incidents by going through what they call ‘Baptism by Fire.’ So, the remediation of an ongoing attack is usually haywire since the cybersecurity team is not able to manage such incidents effectively.
Therefore, SOC analysts and incidence response teams need to be trained pre-emptively using simulation by mirroring real attacks. Otherwise, they will be unable to handle the impending threats.
SOC automation & orchestration will be critical
Organizations are threatened by advanced attacks from multiple threat vectors and cybersecurity teams need to respond within minutes. On top of this, they are also bombarded with too many alerts and a labyrinth of security tools. Infact, lack of automation and orchestration was observed second-biggest pain-point by SANS SOC Survey 2019 in the utilization of the full potential of cybersecurity solutions.
Therefore, SOC automation and orchestration will continue to be critical for organizations. This will help build a centralized, integrated tool set to streamline the security analyst’s job and make cybersecurity professionals more efficient at monitoring and eliminating threats.
The attack on Critical infrastructures continues to rise
Critical infrastructure organizations such as oil and gas, nuclear power plants, water utilities, and manufacturing hubs will continue to rise as they create an integrated infrastructure based on IoT. Organizations that use critical infrastructures need to do away with the myth that IT and OT are two separate entities. With the emergence of IoT-based use cases to monitor and analyse production data, the air-gapped environment no longer exists. Most of the SCADA attacks we’re seeing today are initiated from the IT world, which can either be through spear phishing, social engineering, infected USB sticks, vulnerability related to the standard IT environment or some other source. The security leaders hence need to invest in technologies that can provide unprecedented IT and OT asset discovery and visibility to detect known and unknown OT threats and anomalies.
Ransomware to become ever more threatening
A study by Cybersecurity Ventures shows the towering volume of cyberattacks that companies have to face on a daily basis. According to this study, a business fell victim to a ransomware attack every 14 seconds in 2019, and by 2021, this figure is projected to become 11 seconds. Ransomwares are getting more sophisticated and can penetrate most of the conventional or sophisticated solutions such as antivirus, firewalls and even enterprise-grade endpoint detection and response (EDR).
Highly targeted organizations today require military-grade protection that is reliable, and collects and analyses the across the-board data of the organization using big data, designed for air-gapped environments, and uses advanced behavioral detection.
MSPs will focus on detection & response capabilities to acquire new customers
Many organizations of varying shapes and sizes lack the internal security resources and expertise required to move beyond preventative security technologies. Today, they need to proactively address detection, response, and drive 24/7 monitoring. As organizations are struggling with increasing alerts and skill shortages, security information and event management (SIEM) system alone can’t meet the demands of the ever-growing threat landscape. There is a need for establishing capabilities that let organizations perform dedicated threat monitoring, detection and response capabilities through a turnkey approach.
In a recent research note, Gartner highlights the fact that many MSSPs are adding MDR-type services to their portfolios. The report predicts that by 2020, 15% of organizations will be using MDR service. Managed Detection and Response (MDR) envisions creating a proficient service that combines the forces of the perimeter, as well as advanced endpoint-telemetry with SOC analysts.
Prevention is better than cure. However, in cybersecurity, prevention has now become just a single aspect of comprehensive security. Today, organizations need a lot more than mere prevention, as a number of recent cyberattacks have also illustrated to us. 2020 will obviously witness a shift towards a holistic and robust cybersecurity framework that has all of its elements, including human resources, well connected, thereby ensuring that no stone is left unturned in terms of addressing the modern threats.
