“The overnight move to remote-working in reaction to the pandemic exposed organizations’ vulnerabilities,” said Prateek Bhajanka, Senior Principal Research Analyst at Gartner. “While security leaders had to cut down on their security spending in 2020 because of IT budget-cuts, in 2021, this trend is reversing. A secure digital environment is now foundational to organizations’ growth and in preparation to another crisis that may arise. Security leaders are ready to reinvest in cybersecurity with a renewed and refreshed rigor.”

Gartner analysts shared how security and risk management leaders (CISOs) can advance their IT cybersecurity and risk strategy at the Gartner Security & Risk Management Summit India taking place virtually through Thursday (March 18).

In 2021, organizations are expected to increase their spending across all segments of security and risk management. Continuing the trend from last year, cloud security and integrated risk management will experience the highest growth in 2021, up 251% and 27.8%, respectively (see Table below).

Shift to cloud drives triple-digit spending on cloud security

“India is at an early stage of cloud adoption and the pandemic only accelerated this shift as organizations moved to the cloud to achieve cost efficiency and business continuity,” said Bhajanka. “In 2020, hyperscalers, such as Amazon Web Services, Microsoft Azure, and Google Cloud, increased their investment in data centers in India, further catalyzing Indian organizations’ move to cloud during the pandemic.”

CISOs and security leaders are aware of the risks and vulnerabilities that their organizations can be exposed to while migrating to the cloud from legacy systems. To manage these risks, organizations are increasing their spending on cloud security tools, driving the market up 251.1% in 2021. Cloud access security brokers (CASB) and cloud workload protection platforms (CWPP) will be some of the major technologies that CISOs in India will increase their spending on within the cloud security segment in 2021.

In addition, Indian CISOs and security leaders will focus on establishing and deploying threat detection and response programs and capabilities, such as endpoint detection and response (EDR), and move to cloud-delivered security capabilities to have consistent security coverage whether working from the office, home, or off-site.

Gartner clients can read more in the report “Forecast: Information Security and Risk Management, Worldwide, 2018-2024, 4Q20 Update.” 

Cybersecurity and the Board

Gartner also said that by 2025, 40% of Boards of directors will have a dedicated cybersecurity committee overseen by a qualified board member, up from less than 10% today.  “This shows increased commitment to cybersecurity coming from top management. And it will increase the success of projects undertaken by the execution teams,” said Bhajanka.

“In the past, security was seen as an inhibitor and a cost center. But that perception changed during the pandemic when cybersecurity and ransomware became a major concern for businesses across the world. Today, cybersecurity is being addressed at a higher level and is now a concern of the Board.”

Bhajanka says the investments and commitments towards cybersecurity were slow to pick up and the challenge is the way cybersecurity is communicated to the board.

“Cybersecurity is an enabler for (digital) business, but the security team has not been able to communicate that effectively to the Board of directors. That’s because the security teams communicate in technical terms and have not been successful in communicating and translating cybersecurity language to the business language that the board of directors understands. If they understand it, they would be able to internalize it, and take action on it,” added Bhajanka.

And that reinforces our belief that communication will be a key skill for CISOs in 2021.

The post Enterprise Information Security and Risk Management Spending in India to Grow 9.5% in 2021: Gartner appeared first on CISO MAG | Cyber Security Magazine.

Overall, IT spending in India is projected to total $81.9 billion in 2021, an increase of 6% from 2020, according to the latest forecast by Gartner. Total IT spending in 2020 is expected to total $79.3 billion, down 8.4% from 2019. 

“The COVID-19 pandemic stalled many digital transformation projects for Indian enterprises, mainly because of the market uncertainties and reduced cash flows,” said Arup Roy, research vice president at Gartner. “Organizations that were digitally sound in a pre-pandemic world could contain the impact on their business. The pandemic situation was a wake-up call for many organizations to relook and revive their IT strategies and increase their spending on IT in 2021.”

Table: Total Information Security and Risk Management End-User Spending for All Segments in India, 2018-2021 (Millions of U.S. Dollars)

CISO MAG spoke to Prateek Bhajanka, Senior Principal Analyst, Gartner to discuss factors driving increased spending on Information Security, particularly for Cloud Security. He said cloud security spending is increasing primarily because enterprises are using more SaaS applications.

“If you look into the definition of cloud security spending, as per the forecasting report that we put out, that is more on the CASB side, which is Cloud Access Security Broker. It is about securing enterprise resources like ERP and Salesforce, which are delivered through SaaS models,” said Bhajanka.

He said organizations want to maintain the same set of policies across these cloud applications.

“You want to make sure that all the identity orchestration and access management happens consistently. And that is the reason why cloud security expenditure has been increasing in India and also worldwide,” he added.

Related Story:

Endpoint Security is a Lot More Than Just Technology: Gartner

The post Cloud Security Spending to Grow 250.3% in 2021: Gartner appeared first on CISO MAG | Cyber Security Magazine.

• End-to-end digital customer experience (CX)
• AI-based analytics to continually improve the CX
• Core enterprise systems in the cloud
• Highly automated core business processes
• Digital sensors tracking products
• Key partnerships in digital ecosystems

Key Findings:

• Among shifts in technology spends due to the pandemic, companies reported maximum increases on collaborative technologies (65%), cybersecurity (56%), cloud-native technologies (51%) and advanced analytics (39%).
• Higher levels of automation in core business processes is another priority area, already deployed at 23% of companies and under development at 44% of companies.
• Prior to the pandemic, the average organization surveyed had only 9% of its workforce working mostly from home. That percentage has increased seven-fold and is expected to remain elevated through 2025, when the average company projects 40% of its employees will work largely from home.
• While 68% of companies have seen revenue declines amid COVID-19, 90% of organizations have either maintained or increased their digital transformation budget.
• Business initiatives around an end-to-end CX have seen most traction, already deployed at 25% of companies and under development at 44%. Similarly, the use of analytics and AI to improve CX is deployed at 24% and under development at 39% of companies.

The survey findings are based on the responses from 300 senior business leaders from enterprises across North America, Europe, and Asia.

“Before the pandemic, companies’ digital capabilities were rapidly becoming central to their success and business transformation initiatives. The study revealed how several enterprises were not as far along in developing a digital backbone as they hoped. Companies that had embraced digital transformation more whole-heartedly performed better during the pandemic and expect a faster rebound, whereas others are now focused on making necessary investments and racing to catch up,” said Rajashree R, Chief Marketing Officer at TCS.

The post Digital Revolution! 90% of Enterprises Increase their Digital Transformation Budgets appeared first on CISO MAG | Cyber Security Magazine.

According to a Barracuda report, Singapore, which ranks in the top 5 for the most prepared in cybersecurity readiness, is also feeling complacent with more than half (51%) of the businesses saying that cybersecurity is now a secondary consideration despite the sharp rise in the number of threats to the remote workforce.

 Key Highlights

• 43% of Singapore organizations have cut their cybersecurity budgets to save costs as they responded to the pandemic.
• 39% lacked IT resources or time to upgrade their IT infrastructure in the shift to a remote working model.
• 48% of respondents said their employees are not properly trained in the cyber risks associated with remote working.
• 80% plan to provide improved online cybersecurity training and awareness for remote working staff.

Causes for Complacency

The report revealed that more than complacency, it was the shoestring budget that turned out to be the key factor in this case. The findings showed that 43% of Singapore businesses and organizations cut their cybersecurity budgets to save costs while responding to the pandemic. Additionally, 39% of the businesses had inadequate IT resources or little to no time to upgrade their IT infrastructure in the shift to a remote working environment. This highlights that spending on critical controls needs prioritization in the budget discussions held across various board rooms. Organizations can consider consolidating cybersecurity measures by investing in specialized third-party vendors, adopting SaaS-based tools, or assessing how automation could help free budget and resources for security.

The Need for Added Protection

Employees are often more distracted when working remotely and couple that with a lack of protection on BYOD devices and networks, it makes them more susceptible to cybersecurity attacks. Singapore also reported staggering numbers when it came to reporting cyber incidents. Nearly 51% of the organizations surveyed reported a minimum of at least one data breach or cybersecurity incident since the shifting to remote work. Of these, 51% reported that email phishing attacks was the primary source of attacks, which also emphasizes the need of additional security training for remote workers as human is generally considered as the weaker link in the cybersecurity chain.

Talking about training, 48% of Singapore respondents said their employees are underprepared or not properly trained in the cyber risks associated with remote working. In addition to this, 50% said they lacked confidence in the security of their web applications, which is another major target for malicious actors seeking access to corporate networks and data.

The Silver lining

The good news, however, is that most Singapore decision makers are already aware of the problems related to the cybersecurity posture of their remote workforce. This brings clarity and makes the job easier for them to design steps for improvement.

88% of the respondents said that they will need to upgrade their IT infrastructure to improve visibility and productivity, while 85% already knew that cross-industry collaboration was key to improving security standards. Additionally, for being better prepared, 80% respondents were planning to provide improved online cybersecurity training and awareness for remote working staff.

The post More than Half of Singapore Businesses Admit that Cybersecurity is on the Back Burner appeared first on CISO MAG | Cyber Security Magazine.

“Under existing laws, rules, and regulations, the Confidential Expense item is for lawful monitoring and surveillance of systems and networks to support the DICT’s functions, which include cybersecurity, the formulation and effective implementation of the National Cybersecurity Plan, and international cooperation on intelligence on cybersecurity matters,” DICT said in a statement.

It also stated that the amount was disbursed in three tranches and was liquidated with the Commission of Audit (COA). The DICT also added that the COA did not disallow the disbursements, and the recommendations made by COA was merely a procedure the department is adhered to follow to keep up with the timeframes of disbursement. However, a series of reports from Rappler suggests COA has contradicted statements from DICT stating that DICT underspent for projects from the budget as the funds allotted for the agency were used up as confidential funds.

“The information systems in our country [need] continuous monitoring so that both domestic and foreign cyber threats and cyberattacks can be identified, addressed, and promptly neutralized to protect the safety and security of our nation. These cybersecurity threat monitoring activities have a direct impact on national security,” DICT said. “As a member of the National Security Council, the DICT is mandated to protect the nation’s critical infrastructure, its government networks both civilian and military, its small-medium enterprises to large businesses, the corporations and its supply chains, and every Filipino citizen using the internet.”

After the memo was released by the auditors, DICT Undersecretary Eliseo Rio Jr. also resigned from his post citing that he was excluded from planning for the use of the confidential funds. “My position is that the DICT does not need intel or confidential funds because it is not [within] its mandate to conduct intel or surveillance activities. But the position of Secretary Honasan is that this is needed by him,” Rio told GMA News Online.

The post Philippines DICT Admits Using P300 Million for Cybersecurity and Surveillance appeared first on CISO MAG | Cyber Security Magazine.

The study also stated that Banking, Financial Services and Insurance (BFSI), IT, and government are the top three sectors with the largest market share in cybersecurity expenditure in the country.

“The BFSI sector accounts for 26 percent of the total expenditure in the cybersecurity market and is expected to increase its expenditure to US$810 million from the existing US$518 million by 2022, at a CAGR of 16.1 percent,” the report stated.

The growth in cybersecurity expenditure is due to several factors like tightened norms from regulators, data localization, utility payments, e-commerce, and online insurance marketplaces. Also, the revolution in payments technology using AI, blockchain, IoT, and the introduction of mobile point of sale (POS) devices has brought a host of financial solutions in the country, according to the report.

The report also highlighted that the average cost of a data breach in India has gone up to INR 11.9 Cr (US$ 16M), which is an increase of 8 percent from 2017.

Cybersecurity Products in India

The study anticipates that cybersecurity products in India will grow at a higher rate. It is believed that data protection and endpoint security tools will grow at a CAGR of 22.2 percent and 19.1 percent respectively over three years.

“Artificial intelligence and machine learning applications are being embedded into the cyber suite of offerings—especially in security intelligence, detection and response (IDR), endpoint security and security testing. The key use cases stem from the ability to use predictive analytics and heuristics in drawing quick statistical inferences, thereby helping in detecting and lessening threats with an optimized number of resources and savings. A natural outcome of such developments is the emergence of products and platforms specializing in these areas,” the report added.

DSCI also mentioned that global regulations like General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), and Health Information Trust Alliance (HITRUST) will continue to have an impact on the Indian cybersecurity market.

The post Cybersecurity Market in India Rise to US$3.05 Bn by 2022: Study appeared first on CISO MAG | Cyber Security Magazine.

With a recent shift in gears, the automotive sector is zooming towards a connected vehicle industry. This shift has its own problems though. The biggest concern is the cybersecurity of connected vehicles and commercial fleet services. This is where Upstream steps in. It provides cloud-based automotive cybersecurity solutions which not only help in achieving cybersecurity for the vehicles but also help build a secure perimeter around the vehicle’s other integrated services.

Yoav Levy, Upstream Security Co-founder, and CEO said, “This first of its kind investor syndicate, which includes some of the most important smart mobility companies in the world, is a testament to the severity of the problem the industry is tackling and a ringing endorsement of Upstream’s technology and the progress our team has made. Our mission is to protect every connected vehicle and smart mobility service on the planet–the completion of our funding is perfectly timed to meet the growing demand for our data-driven cloud-based platform, providing our customers with the capabilities they need to accomplish this vitally important task.”

Anna Westerberg, acting CEO of Volvo Group Venture Capital and Senior Vice President, Volvo Group Connected Solutions stated, “Upstream Security has a promising offering and capability to support with cybersecurity solutions to meet our future requirements”

Earlier in the year, Upstream Security had entered into a technology partnership with Arilou, a provider of in-vehicle network security for carmakers. This partnership was aimed at creating a fully integrated cybersecurity offering for vehicle OEMs which surely is now reaping them the benefits.

The post Upstream Security Hits Top Gear with Series B Funding appeared first on CISO MAG | Cyber Security Magazine.

The bounty program, named Hack the Proxy with HackerOne, was sponsored by the U.S. Cyber Command with a focus on content intermediaries, like proxies, VPNs, and virtual desktops. “Hack the Proxy program was the first initiative that’s focused on securing content intermediaries for publicly accessible proxy servers owned by the government,” DoD said in a statement.

The Department of Defense stated that security researchers around the world submitted 31 valid vulnerabilities from September 3, 2019, to September 18, 2019. The hackers are rewarded US$ 33,750 for their findings.

“With each new initiative, the Department of Defense further bolsters its cyber defenses against rogue enemy actors thanks to white hat hackers from across the globe,” said Alex Romero, Digital Service Expert at the Department of Defense Digital Service. “As our adversaries become more sophisticated in their tactics, we must stay one step ahead to protect our citizens and defense systems. HackerOne’s global community of vetted hackers have helped us discover and remediate vulnerabilities that represent a real risk to national security.”

“Since 2016, the DoD has embraced hacker-powered security with open arms by consistently collaborating with hackers worldwide to help them find areas where they can be vulnerable to attack,” said Marten Mickos, CEO at HackerOne. “Each initiative has not only bolstered the DoD’s cybersecurity posture but also served as an example of how trusting hackers can improve the defense system on an ongoing basis.”

Earlier, the Department of Defense ran a bug bounty program, a challenge focused on the Corps’ public-facing websites and services. The nine-hour program paid out $80,000 in prizes to researchers for discovering 75 unique vulnerabilities. The researchers are also allowed to report flaws they find through the HackerOne-managed Marine Corps vulnerability disclosure program until August 26, 2018, but without earning a prize.

The post Hackers Rewarded with US$ 33,750 in DoD Bug Bounty Program appeared first on CISO MAG | Cyber Security Magazine.

Based out in Japan, Trend Micro is a major player in the information and network security landscape. Founded in 1988, the company holds a variety of cybersecurity merchandise for multiple operating systems, including threat detection, and antivirus products. Hybrid cloud security, network defense, user protection, and small business products are at the core of its product line.

In India, Trend Micro holds around 1,000 large enterprise customers, which provides security across the hybrid cloud, network, and endpoints. The company also has its presence across the government, BFSI, IT/ITeS, manufacturing, pharmaceutical, and telecom sectors.

“Today, data is collected and analyzed in silos, however, what enterprises need is to collect and analyze data as a whole and be able to generate high-priority, actionable intelligence with context. To address this challenge, we recently launched our XDR solution that will be a gamechanger for the industry. Managed XDR is a great service for customers who have detection and response tools, but don’t have the required resources or skillsets to maximize them,” said Nilesh Jain, Vice President, Southeast Asia and India, Trend Micro.

“The engagement around cybersecurity is no longer limited to CISOs and CIOs. At Trend Micro, we have taken the engagement to the next level by speaking to the application team and the operations team. We are also looking at initiatives like community day to deepen our interactions with the DevOps professionals. Our top three priorities for India this year are to – first, focus on hybrid cloud customers who are looking to grow aggressively; second, build on existing customers including those who are sitting on the fence evaluating prospective options; and, finally, to recruit and grow our partner ecosystem,” Jain added.

Recently, Trend Micro launched its new headquarters in Singapore for Asia-Pacific, Middle East and Africa (AMEA) operations. The facility will be a part of Trend Micro’s new managed detection and response (MDR) security operations center across North America, Europe, and Southeast Asia.

Trend Micro stated its new center comprises an executive briefing area to host cybersecurity sessions for customers and government officials in the AMEA region. The company is also offering Certification Programs in IT Security to train the security officials in Singapore.

The post Trend Micro Launches its XDR Data center in India appeared first on CISO MAG | Cyber Security Magazine.

For starters, cognitive security is the application of AI technologies spinning around on human thought processes to detect threats as well as securing digital and physical systems. “The increasing shift toward the use of cognitive security services for data storage of confidential and private data of an organization and the rise in employee mobility contribute to the need for cognitive security in IT & telecommunication,” ResearchAndMarkets.com stated in a release.

According to the research, the upward trend is driven by the spurt of cyber attacks, increasing migration toward the cloud, the proliferation of connected devices and the increasing popularity of bringing your own device (BYOD). While the major restraints were lack of common security platform, awareness about security solutions and the price of security solutions.

“With the increasing adoption of the cloud-based services in various business platforms, such as enterprise business, has led to the need to secure the information of organizations. The implementation of cloud-based cognitive security by small and medium enterprises is increasing rapidly and fuels the growth of the market,” the study points out. “Cognitive security is widely being adopted across diverse set of industries for the protection of crucial information that includes public safety and utility companies. An increase in the adoption of the cloud-based services and the Internet across the IT & telecommunication sector, the need to protect the data has rapidly increased.”

With opportunities in analytics, growth of machine learning and AI, cognitive security may soon retell the story of tomorrow.

The post Cognitive security to drive the future of infosec appeared first on CISO MAG | Cyber Security Magazine.