Trends for Cyber Security & GRC

Authored by Maninder Singh, Corporate Vice President - CyberSecurity Services, HCL Technologies

                  1. Summary

1. Acute shortage of Skilled Talent – Focus on in house skill building and human effort augmentation through Automation
2. Increasing Regulatory Compliance is opening up new opportunities as well as impacting service delivery decisions

iii.      Focus on integrated approach to cybersecurity operations

1. Data Protection and Privacy considerations are driving both upstream and downstream services
2. Customers looking for real use cases of AI/ML/Automation that drive value and efficiency

1. Escalating threat landscape with a spate of high profile breaches and increase focus on regulations, have ensured that the cybersecurity and governance risk and compliance services are much sought after. 
2. The key industry trends that impact the business are:

iii.      Cloud insecurity grew in 2018 and, unfortunately, it will carry on growing even more in 2019. Increasing amounts of data are being deployed from disparate parts of organizations, with more and more of that data ending up unsecured.

1. IoT - the challenge will only increase – 2019 will significantly demonstrate the upward trend in this area. Driven by the convenience and benefits that IoT can deliver, the technology is being increasingly deployed by many organizations, with minimal thought by many as to the security risks and potential consequences.
2. Supply Chain Attacks – With more suppliers and service providers accessing sensitive data than ever before, the risks associated with supply chain attacks—also known as third-party attacks—have never been higher. Data breaches caused by third parties are on the rise, and cybercriminals will continue to focus on infiltrating target systems through outside providers in 2019.
3. Attack and response complexity in cyber arena leading to uptake in Managed Detection and Response – Attackers are leveraging advanced tactics and technologies to breach enterprise environments and persist in it.  This is driving the uptake in enterprise level adoption of Managed Detection and Response services.

vii.      Software Defined Infrastructure revolutionizing security –  As large enterprises conduct PoCs and adopt Software defined Infrastructure, the cybersecurity frameworks evolve leading to lesser consumption of hardware security controls. This also requires massive upskilling for current practitioners. HCL is working towards ensuring security controls in this new age infra are also securely monitored and managed 

viii.      Phishing attacks leveraging AI – AI enabled phishing attacks have ensured large scales success for intruders. Security solutions hinge on educating users as well as establishing AI enabled controls. Organizations need to focus on these technologies. 

1. Security Skillset remains a major challenge -  The acute scarcity of skilled security talent in the market remains a major challenge and is foreseen to remain that way in the coming few years. To counter this skill shortage, enterprises are partnering with managed security services providers through the managed services model.
2. Basic Hygiene is a foremost contest – the root cause for majority of the breaches comes out to be as failure to maintain the basic hygiene. A few factors being Poor passwords, abuse of privileged access, poor data governance (especially within shadow IT), Lack of timely patching, Out-of-date anti-virus software and Lack of end to end monitoring.
3. AI and ML impacting cybersecurity - the speed and advanced attack techniques of cyber criminals require prevention and response at machine speeds therefore requiring use of artificial intelligence and machine learning algorithms that can predict and accurately identify and respond to attacks swiftly with a high confidence. 

1. Digitalization and cloud adoption – Digitalization of enterprises is driving the security consulting and application security revenue and with the adoption of public cloud services, enterprises are spending to ensure secure migration and continuous monitoring of cloud environment. 
2. Compliance & Regulations -  With the rollout of GDPR, China Privacy Law, global enterprises are rushing to assess their compliance posture and are working towards aligning their policies and controls.

iii.      Increase in enterprise wide material attacks – Ransomware attacks like Wannacry, Bad rabbit and security breaches like Equifax have increased the clamour within enterprise boards to review their existing security posture infused with a sense of urgency. This is leading to large scale downstream focus on security services.