Cybersecurity is fast emerging as a key area of concern for enterprises today. According to a report by McAfee, cloud-based cyberattacks on businesses by external actors increased by 630 per cent between January and April 2020. Most of these attacks were aimed at accessing cloud accounts with important credentials and targeted collaborative services like Microsoft 365. The Covid-19-induced remote working of employees seems to have added to the stress of chief information security officers (CISOs) of enterprises.
In view of the evolving threat landscape, companies and cybersecurity leaders are turning to new methods and approaches to effectively tackle this problem. Moreover, given the drastic financial implications that a potential cyber breach can have on a company, cybersecurity has emerged as one of the top priority focus areas for all organisations. According to a Gartner report, worldwide spending on cybersecurity is estimated to reach $133.7 billion in 2022.
There is already a lot happening in this space and cybersecurity is perhaps one of the few areas that is buzzing with opportunities amidst the Covid-19 pandemic. Consequently, venture capitalists and the entire investor community are eyeing the booming cybersecurity market and large sums of money are being infused into the sector.
Evolving threat landscape
The Covid-19 situation has completely altered the threat landscape for companies. As work from home has became the new reality of our times, the perimeter that needs to be secured by security teams is no longer restricted to just office networks. Rather, as the majority of company employees are now working remotely, the environmental, physical and technological controls that used to exist in an office environment have now ceased to exist. As per industry analysts, software-defined perimeter and endpoint security are emerging as a new reality.
The Covid-19 pandemic lockdown and its implications for companies have completely altered the way businesses operate. The priorities of companies have been realigned. One area that has made its way to the top of this pyramid of priorities is cybersecurity. As such, businesses are ensuring that cybersecurity risks are taken care of and CISOs are getting involved in the business of decision-making.
Given the sudden turn of events, cybersecurity leaders are now moving from a “good to have” approach to a “must have” approach. CISOs are working towards redesigning their cybersecurity plans to suit the new situation, balancing digitalisation with security and educating employees and vendors. As part of their renewed focus, cybersecurity leaders are now adopting various new approaches to effectively counter the new threats that have surfaced.
Given the change in the work dynamics of employees, the majority of whom are now working remotely, cybersecurity leaders are increasingly devising ways to train employees better.
As part of this renewed focus, CISOs are now taking the initiative to educate employees on best practices that they should follow to secure their respective systems from any potential breach. Raising awareness about the proper usage of home networks, devices and personal accounts is essential. Further, regular security training is provided to employees to brief them on the action plan that they should follow in case they encounter any attacks.
Industry analysts are of the view that employees have to be trained in multiple areas and that companies should engage in regular monitoring activities, while making sure not to breach an individual’s privacy. Further, organisations can run predictive analyses and then extract reports to get a better picture of any loopholes and fix them accordingly.
Securing all applications
With the advent of social distancing, companies across sectors are jumping on to the digital bandwagon. Financial institutions, in particular, are trying to reduce the number of physical touch points by increasing the number of digital touchpoints. This is likely to increase the number of applications and other digital solutions provided to customers. Consequently, the traffic on these platforms is also expected to rise. This imposes an additional burden on companies to make sure that all their digital solutions are secured from end to end.
At the same time, companies need to adopt an all-inclusive approach to securing their applications. Most organisations have a wide portfolio of digital solutions but not all of these are at par when it comes to security attention. While until now companies followed a somewhat biased approach as far as security of their applications is concerned, such a piecemeal approach can no longer be sustained. They need to reprioritise their application portfolio to align with the new threat landscape.
Adopting a zero-trust security model
Traditionally, companies used to deploy security models that broadly classified everything (users, devices and applications) within the corporate network as trustworthy. Such a model entails deployment of legacy technologies, such as virtual private networks and network access control, which are used to verify the credentials of users outside the network before granting access.
However, under the prevailing circumstances wherein the boundaries of a corporate network cease to exist, these traditional models cannot serve the purpose of security. Thus, industry is now moving towards a new approach called zero-trust security architecture.
Of late, many industry leaders have started advocating the adoption of the zero-trust security model as it relies on continuous verification of trust across every device, user and application. Moreover, this model can best support the remote working culture, which is currently taking shape in the corporate world. In comparison with traditional security models, a zero-trust security model is more dynamic, flexible and simple.
The basic crux of this model is never trust and always verify. What this essentially means is that all devices, users and other elements across the network are considered external and are, therefore, subjected to a continuous process of verification before granting access.
The zero-trust security model is particularly critical for organisations that are deploying a combination of platforms and computing capabilities.
New opportunities for cybersecurity players
According to a recent report, the global cybersecurity market is expected to grow from $183.2 billion in 2019 to $230 billion by 2021. Globally, funding in the cybersecurity space seems to be at an all-time high, worth $1.5 billion of capital in the first quarter of 2020.
As far as India is concerned, Covid-19-induced digitalisation is expected to accelerate investment in the cybersecurity space. As companies increase the deployment of technology solutions such as artificial intelligence, internet of things, blockchain and machine learning, the need for proper cybersecurity solutions will be more apparent. This presents a great opportunity for start-ups working in this space, who can tap it by building scalable solutions that effectively cater to the evolving needs of companies. As per the Data Security Council of India, there has been an uptick in cybersecurity patent filing and grants in India, which is indicative of the growing innovation ecosystem in the country.
The way forward
The coronavirus outbreak has brought the entire global economy to a standstill. However, there have been a few exceptions as some sectors have either remained immune to the financial impact of Covid-19 or have, in fact, benefited from the pandemic. Cybersecurity is one such sector in current times.
Going forward, investment in the cybersecurity space will soar exponentially, as it emerges as one of the key focus areas for companies across the board. Effective capitalisation of these opportunities would require constant innovation and upgradation in security solutions.