Latest Technology News Today – Get Latest Information Technology Updates and Services Latest Technology News Today – Get Latest Information Technology Updates and Services 
The cybersecurity landscape is as shifting and unpredictable as the cyber attacks that threaten it. While it is quite evident that cyber threats will get murkier, let’s analyze where we stand when it comes to counter-threat strategies and utilizing technologies like AI and machine learning
By Amit Singh
The security landscape is changing its form in terms of vectors and types of attacks. It is no secret that the evolving and furious frequency of cyber attacks has been winning the war against cybersecurity defenses. And the attacks are going to be much fierce and sophisticated as the organizations are still bracing to save themselves.
Obviously, point-based and siloed approach will not work anymore as the stakes are getting higher by the day.
Cost of breach
It turns out that cyber breaches have generated over $460 billion in cash for cybercriminals. “However, if we consider the unreported data as well as the loss of brand value, it’s a $1 trillion industry. Hence, security has become the top-3 discussions in the boardrooms,” shares Harpreet Bhatia, Director, Channels and Strategic Alliances, India & SAARC, Palo Alto Networks.
As per most of the analysts, ransomware attacks will become more pervasive and varied during 2018, and will not merely target individual users, but also entire networks.
Indian organizations are not spared by the looming threat as the average cost of the breach is increasing in India. According to a study sponsored by IBM and conducted by the Ponemon Institute, the average cost of a data breach for the Indian organizations surveyed has grown from Rs 97.3 million in 2016 to Rs 110 million in 2017.
Almost 41 percent of the surveyed companies reported malicious or criminal attacks as the cause of data breach. About 33 percent experienced a data breach as a result of system glitches and 26 percent breaches involved the employee or contractor negligence (i.e. human factor).
“The Cost of Data Breach study clearly outlines the rapidly changing threat scenario through a significant rise in both number and sophistication of breaches,” says Kartik Shahani, Integrated Security Leader, IBM India/South Asia.
Change in perception towards security
The recent cyber attacks like WannaCry, Petya, NotPetya and Equifax breach have changed the way IT decision-makers now look at security. Earlier they used to deploy few products like firewall, SSL, VPN and some ATP (advanced threat protection), however, this is changing now.
“Many organizations are now connected to IoT devices, moving to the cloud, and are driven by apps, which has changed their perception towards security. In fact, apps are becoming one of the most popular vulnerability points for breaches. CXOs are aware that if they don’t have right security posture they can be hit,” elaborates Rajesh Maurya, Regional Vice President, India & SAARC, Fortinet.
A recent survey carried out by a leading consulting firm found that outdated information security architecture and controls are the key factors that have increased the risk exposure for India over the last 12 months. “What is interesting to take cognizance of, is that vulnerabilities related to mobile computing, social media and cloud computing feature prominently as contributing to enhanced risk exposure for Indian enterprises,” highlights Nilesh Jain, Vice President, South East Asia and India, Trend Micro.
Companies of all sizes are now looking more at solutions approach for their security posture, which is driving the cyber security market. Gartner expects spending on cybersecurity products and services in India to grow to $1.7 billion in 2018.
Organizations are spending more on security as a result of regulations, shifting buyer mindset, awareness of emerging threats and the evolution to a digital business strategy.
“Overall, a large portion of security spending is driven by an organization’s reaction toward security breaches as more high profile cyber attacks and data breaches affect organizations worldwide,” says Rajpreet Kaur, Senior Research Analyst, Gartner.
In addition, regulations from RBI as well as GDPR (General Data Protection Regulation) played a significant role in sensitizing Indian organizations with operations in European Union countries. These regulations are translating into increased spending, particularly in data security tools, privileged access management, and SIEM, adds Anand Vaideeswaran, Global Integrated Delivery Leader, IBM Security.
Gartner forecasts that by 2020, more than 60 percent of organizations will invest in multiple data security tools such as data loss prevention, encryption and data-centric audit and protection tools, up from approximately 35 percent currently.
“In fact, before any company ventures into a new business decision today, the right security measures for infrastructure, cloud, and apps are thought much before. That is the new mantra,” adds Vishal Bindra, CEO, ACPL Systems.
Is prevention better than cure?
The pace of change combined with the advancement in the level of attacks means it will be impossible to protect against every threat. Even the best preventative controls will not stop all incidents from occurring.
Historically, organizations focused heavily on perimeter network security to protect their networks from cyber attacks; however, this is changing with increased stress on detection and response. In 2015, less than 20 percent of organizational cybersecurity budgets were allocated for rapid detection and response approaches. In contrast, by 2020 this will rise to 60 percent as per industry estimates.
“The shift to detection and response approaches spans people, process, and technology elements and will drive a majority of security market growth over the next five years,” discloses Kaur of Gartner. “While this does not mean that prevention is unimportant, it sends a clear message that prevention is futile unless it is tied into a detection and response capability.”
The need to better detect and respond to security incidents has also created new security product segments, such as endpoint detection and response (EDR), software-defined segmentation, cloud access security brokers (CASBs), and user and entity behavior analytics (UEBA). These new segments are creating net new spending, but are also taking spend away from existing segments such as data security, endpoint protection platform (EPP), network security and security information and event management (SIEM).
In fact, many of the security vendors are propagating that IT risk and security leaders must change from trying to protect against and prevent every attack, and instead focus on detecting and responding to malicious incidents.
However, the key is finding the right balance across prevention, detection, and response, given an organization’s risk profile. For most enterprises, security investments are substantially ‘over-weighted’ in favor of prevention. “The information security industry has ballooned largely by selling prevention tools and technology that have become inadequate in the face of increasingly sophisticated and abundant attackers. However, abandoning prevention completely is not an option; the fact is that perimeter protection is still an essential part of a mature cyber risk program,” explains Bindra of ACPL.
In fact, enterprises need to invest in both detection and prevention capabilities. “It is necessary to have both preventative mechanisms as well as ways to detect and address breaches after they have already occurred. In fact, proactive and offensive approaches (rather than strictly defensive) that help detect and respond to possible threats, are able to stop threats before they expose the organization to risk,” elaborates Hari Krishan Lal, CIO, RSWM Limited, an LNJ Bhilwara Group company.
The decision must be made by organizations as to whether to deploy detection and response technology in the network, or in the endpoints. Larger enterprises will have the resources to have components from different vendors and integrate them in a SIEM while smaller enterprises will favor more integrated suites that do not require manual integration, cost less to implement and have lower operational costs.
Managed security matures with cloud
Skills shortages, technical complexity, and the threat landscape are continuing to drive the move to automation and outsourcing. “Skill sets are scarce and therefore remain at a premium, leading organizations to seek external help from managed security service providers (MSSP),” says Kaur of Gartner.
According to the analyst firm, spending on security outsourcing services will total $18.5 billion in 2018, an 11 percent increase from 2017. Gartner predicts that by 2019, total enterprise spending on security outsourcing services will be 75 percent of the spending on security software and hardware products, up from 63 percent in 2016.
Many Indian enterprises are in their first or second iteration of creating and maturing their security program. It means that they have a need for a wide range of security services to help build and grow their security processes and technologies. “In particular, security monitoring and detection is a hot area for investment with organizations having to choose from a variety of architecture and delivery models that security services providers are offering,” shares Ronny Ferrao, COO, Essen Vision.
With cloud and virtualization technology now mature, many enterprises prefer to buy cybersecurity software as SaaS rather than as an expensive item of licensed software. Consequently, MSSPs are also increasingly using the cloud to deliver widely used security services such as identity and access management, intrusion detection, and SIEMaaS, but with an overlay of managed services.
Many of the MSSPs are expanding their cloud-based managed SaaS offerings into the equivalent of a security operations center in the cloud (SOCaaS). “Such security-as-a-service solutions will be very attractive to midmarket and SME customers that do not have the skills or finances to invest in their own bespoke on-premise SOCs but want to implement SIEMs or other more advanced analytics tools,” shares Ferrao of Essen Vision.
However, the next generation of security operations needs technologies beyond traditional SIEM and newer skills beyond eye-on-glass monitoring. Building such next-generation capabilities for threat detection and response is not feasible for many organizations. A managed detection and response (MDR) provider can help bridge this gap by delivering advanced detection and response as-a-service, thereby removing the complexity and cost of building in-house next-generation security operations.
MDR is a combination of technology and skills to deliver advanced threat detection, deep threat analytics, global threat intelligence, faster incident mitigation, and collaborative breach response on a 24×7 basis.
MDR services are becoming increasingly popular worldwide. Gartner estimates that the number of organizations using MDR services will grow 15 times in the next 3 years.
However, MDR services are not a replacement for traditional managed security services such as log management, log monitoring, vulnerability scanning, and security device management. Both solutions have a role to play; MDR enhances managed security services with the focus on detecting and responding to breaches by bringing in complementary technologies and services on security analytics, response orchestration, and threat intelligence.
Cloud security becomes more essential
More applications and servers are moving to the cloud to take advantage of cost savings, scalability, and accessibility. As per IDC, at least half of IT spending will be cloud-based in 2018, reaching 60 percent of all IT infrastructure, and 60–70 percent of all software, services, and technology spending by 2020. It is also predicted that in the same year, the cloud will be the preferred delivery mechanism for analytics.
As a result, cloud environments will be a potential target of security breaches. The complex, hyper-connected networks that cloud providers have developed can produce a single point of failure for hundreds of businesses, government entities, and critical infrastructures. “Cybercriminals are combining AI with multi-vector attack methods to detect and exploit weaknesses in cloud provider’s environment. These attacks could create massive payday for a criminal organization and disrupt services for potentially thousands of businesses and millions of their customers,” discloses Maurya of Fortinet.
With cloud services being the key for digital enterprise transformation, securing data on the cloud is of top priority. Cloud Security and cognitive driven security services are going to be defining trends in the next few years, adds Vaideeswaran of IBM.
On the other hand, a Gartner study said that 64 percent of companies consider the cloud infrastructure to be more secure than legacy systems. Of those using the cloud, 75 percent are taking additional protective measures on top of protection options offered by cloud providers. As to additional security measures, 61 percent of clients are resorting to data encryption, 52 percent are introducing stricter access policies and 48 percent are pushing frequent system audits.
“Attackers don’t really care whether data is located on virtual or physical machines; their goal is to gain access by any means. Therefore, to protect data in the cloud, you should use the same tools a data center may be using. There are three main areas of cloud security: data encryption, limited access to data, and data recovery in the event of an attack,” discloses Bindra of ACPL.
Moreover, another Gartner study highlights that 80 percent of all data leaks happening in the cloud is due to incorrect configuration, account management and other mistakes by IT departments rather than the vulnerability of the cloud provider. Therefore, IT companies must pay attention to their internal business processes and personnel training to strengthen overall security.
In addition, experts advise taking a closer look at the API. Open and unprotected interfaces can become a weak link in data protection and a major vulnerability in cloud platforms.
AI: The double-edged sword
Humans are incapable of keeping up with the sheer volume of incoming threats, and their ability to make quick and highly-impactful decisions to manually address such an attack is equally inefficient. Analysts depict artificial intelligence (AI) and machine learning (ML) as the future for winning the war against cybercriminals.
“Full network visibility is key to stop hackers, and machine learning can help here by understanding the behavior of devices, including IoT devices, and identifying ‘soft spots’ on the network that are waiting to be breached. In 2018, ML and AI will undoubtedly be integral to the future of the cybersecurity landscape,” claims Amit Jain, MD & CEO, Integrated Tech9 Labs.
However, there is a lot of hype around AI, and while the technology can be useful, it does have limitations. Indeed, most AI and ML projects fail when either the software hasn’t been programmed to ask the right questions in order to learn, or, when trying to learn, the software is presented with flawed data.
While AI has a big role to play in cybersecurity, the current reality is that it cannot work independently from humans. “However, as humans point out false positives and potential issues with the system it learns to ensure that there are fewer mistakes in the future, so it is constantly improving,” shares Vaideeswaran of IBM.
Nevertheless, as this improvement is taking place, AI is also being adopted by hackers to improve their systems and make it more likely to break through.
The use of AI bots placing more targeted phishing adverts and emails is already here, analyzing large amounts of social media information to profile their targets. So expect a rise in the number of malicious chat bots found on the internet.
A word of advice
Given that breaches can happen in multiple ways, reducing the risk of infections requires a portfolio-based approach, rather than a single product.
“Another suggestion would be implementing a clear strategy on vulnerability assessment (VA). Some recent ransomware attacks indicate that many patches available were not implemented by companies. CISOs and CSOs should make sure that the patches provided by software vendors including security players are updated in their IT Infrastructure. VA should be built in as a periodic exercise and should be conducted preferably by the third party to build more intelligence into the system,” says Ferrao of Essen Vision.
Often, victims of ransomware choose to pay the ransom, because they have no other means to restore their systems and data. “Instead of paying the ransom, organizations must create strong plans for system and data recovery as soon as possible, including backing up all systems daily,” concludes Bindra of ACPL. “The bottom line is that there is no silver bullet. We need more trained professionals, as well as smarter tools that make cybersecurity more effective – for both businesses and their consumers. Cybersecurity is our shared responsibility.”
