By Sudeep Das, Technical Leader, IBM Security Systems, IBM India/South Asia
2020 witnessed the threat landscape in India changing and evolving quickly, data breaches, ransomware attacks, privacy failures, and other cybersecurity challenges are now on everyone’s radar screen more than ever. Yet most businesses still struggled with effectively preparing for them. Challenges that continue to hold companies back include:– complex regulatory requirements, lack of alignment on security strategy as well as cybersecurity and compliance maturity, frequent organizational changes, security skills shortages, uncertainty regarding security “best practices” and lastly insufficient practice of plans for responding to a cybersecurity incident — that is if they have an incident response plan at all. A recent IBM and Ponemon Institute study highlighted that 41% of the respondents from India review and test their cybersecurity incident response plan (CSIRP) only once each year. This is an alarming fact, specifically in the light of the current pandemic since many organizations had to overnight shift to a Hybrid work environment leading to many unforeseen risks.
Further, as per our 2020 Cost of Data Breach report, Indian companies witnessed an average of ₹140 million total cost of a data breach in 2020, an increase of 9.4% from 2019. Additionally, companies with fully deployed security automation were able to detect and contain a breach 27% faster than those with none. Showcasing the importance of technology preparedness.
We believe the next wave of the tech security landscape will be enhanced by these five trends helping organizations innovate and be prepared for all present and future uncertainties.
1. Security to drive modernization efforts: Most large organizations that already have significant security deployment would be looking to drive modernization and transformation of their tools to better cover the increased threat landscape. Organizations are optimizing and scaling their existing tools both in terms of newer use cases and newer detection scenarios being operationalized. All of this leading to more coverage of their infrastructure across on-Prem, operational technology (OT) infrastructure as well as cloud infrastructure and services. Further, along with upscaling the tool’s output organizations would also look to modernize the security insight exchange between these controls in a platform-based manner rather than the existing manual methods of information and security context sharing.
2. Blueprinting a Zero-Trust Framework: There is a renewed vigour around combining Identity, Data, Network, and Device security into a common analysis platform to better deliver security context and build on an organization’s Zero-Trust journey. Companies are realizing that all the siloed security programs are not delivering the right level of risk view to them and it is necessary to drive horizontal data analysis across “all” the security telemetry data that is available for the most critical resources in the organization – people, data and infrastructure.
3. Adoption of Security From the Cloud: With a lack of skilled personnel being a major inhibitor to maximize the efficacy of security investments, we are seeing more and more organizations evaluating Security as a Service option. This empowers the organization to work with a security firm specializing in various security services. Security as a Service can help with the maintenance and operationalization of the security controls thereby driving security through an SLA-driven program rather than a traditional path of consuming an on-Prem security solution.
4. AI/ML-powered security to be ubiquitous – While we have witnessed the use of AI/ML within the realm of security, moving forward, organizations will embrace the power of machine learning to help them monitor their risks across all security controls. There are mountains of security telemetry data available with all IT landscapes and not all of this data is being analyzed and used for security monitoring and threat hunting. ML-based tools could provide the necessary insights from each of these controls – be it the security information and event management (SIEM) system or the user behavior analysis system or the identity risk monitoring system and more importantly the data security systems. Companies will need to evaluate their AI journey for security to ensure that it is moving from just a promise phase to actual delivery of AI-based security insights.
5. Automation and Orchestration to be the core of security strategy- Organizations have traditionally struggled to take quick and auditable action on security insights that are provided by the various protection systems in the organizations due to either lack of man-power or lack of process. Investments in orchestration and automation technologies can help ensure that the detected incidents are addressed in a systematic and compliant manner.