Month: May 2020

• Enterprises are predicted to spend $12.6B on cloud security tools by 2023, up from $5.6B in 2018, according to Forrester.
• Enterprise spending on cloud security solutions is predicted to increase from $636M in 2020 to $1.63B in 2023, attaining a 26.5% CAGR.
• Spending on Infrastructure Protection is predicted to increase from $18.3B in 2020 to $24.6B in 2023, attaining a 7.68% CAGR.
• Endpoint security tools are 24% of all I.T. security spending, and by 2020 global I.T. security spending will reach $128B according to Morgan Stanley Research.
• 71% of UK-based business decision makers believe the shift to 100% remote working during the COVID-19 crisis has increased the likelihood of a cyber-breach according to research by Centrify.
• 70% of all breaches still originate at endpoints, despite the increased I.T. spending on this threat surface, according to IDC.

Cybersecurity now dominates the priorities of every organization as each adapts to a post-COVID 19 world. Remote workers identities’ and devices are the new security perimeter. This is what Zero Trust Security was designed for, and the post-pandemic world is its acid test and crucible. To learn more about how zero trust works, be sure to watch Forrester Principal Analyst Dr. Chase Cunningham’s video, Zero Trust, in Practice here. Dr. Cunningham’s latest book Cyber Warfare – Truth, Tactics, And Strategies, is a good read. Cyber attackers are quick to attack new unprotected threat surfaces created when tens of millions of employees started working from home. In a post-COVID-19 world, cybersecurity is as critical as Internet access itself.

Key insights from the series of cybersecurity market forecasts and market estimates include the following:

• The global cybersecurity market is currently worth $173B in 2020, growing to $270B by 2026. By 2026, 77% of cybersecurity spending will be for externally managed security services.  While money spent on in-house or internal cybersecurity functions is expected to grow 7.2% each year to 2026, global spending on external cybersecurity products and services is projected to increase by 8.4% annually over the same period. Source: Australian Cyber Security Growth Network, SCP – Chapter 1 – The global outlook for cybersecurity, 2020. 
• Network, data, and endpoint security are the three leading use cases of A.I. in cybersecurity today, according to I.T. executives. Capgemini interviewed I.T. executives from ten nations to gain new insights into A.I.’s most popular use cases for cybersecurity. The COVID-19 pandemic has accelerated each of these use cases, with endpoint security becoming the most urgent priority, as nearly every organization has employees working from home. Source: Statistica.

• The global cybersecurity market is predicted to grow from $167.1B in 2019 to $248.26B by 2023, attaining a 10.4% CAGR, according to Statista. Worldwide security spending on Identity Access Management reached $10.58B in 2019. The study also found that spending on security services, the largest segment of the information security market, reached $64.24B in 2019 as well. Source: Statista.

• 87% of enterprises are seeing mobile threats growing the fastest this year, outpacing other threat types, based on Verizon’s Mobile Security Index 2019. Mobile devices and the identities they represent are the new security perimeter for every organization today.  By killing passwords and replacing them with a zero-trust framework, breach attempts launched from any mobile device using pirated privileged access credentials can be thwarted. Leaders in the area of mobile-centric zero trust security include MobileIron, whose innovative approach to zero sign-on solves the problems of passwords at scale. When every mobile device is secured through a zero-trust platform built on a foundation of unified endpoint management (UEM) capabilities, zero sign-on from managed and unmanaged services become achievable for the first time. Sources: Verizon’s Mobile Security Index 2019 and Verizon Mobile Security Index (MSI) 2020.

• The global cyber insurance market, as measured by gross written premiums, is forecast to be $8B by 2020, compared to a $124B global cybersecurity market.  Organizations primarily focus their cyber risk management strategies on prevention by investing in technological frontline cyber defenses. Meanwhile, spending on other tools and resources for cyber risk management, such as cyber insurance or event response training, remains a fraction of the technology budget. Source: Microsoft, 2019 Global Cyber Risk Perception Survey, September 2019
• Over 42% of endpoints experience encryption failures, leaving entire networks at risk from a breach and 100% of all devices experiencing encryption failures within one year. They’re most commonly disabled by users, malfunction, or have error conditions or have never been installed correctly in the first place. Absolute Software’s 2019 Endpoint Security Trends Report found that endpoints often failed due to the fragile nature of their encryption agents’ configurations. 2% of encryption agents fail every week, and over half of all encryption failures occurred within two weeks, fueling a constant 8% rate of decay every 30 days. Multiple endpoint security solutions conflict with each other and create more opportunities for breaches than avert them. The study is based on data gathered from over 1B change events on over 6M devices is the basis of the multi-phased methodology. The devices represent data from 12,000 anonymized organizations across North America and Europe. Each device had Absolute’s endpoint visibility and control platform activated. Source: Absolute Software 2019 Endpoint Security Trends Report.

• There has been a 667% increase in spear-fishing e-mail attacks related to COVID-19 since the end of February alone. Microsoft thwarts billions of phishing attempts a year on Office365 alone by relying on heuristics, detonation, and machine learning, strengthened by Microsoft Threat Protection Services. Kount discovered that e-mail age is one of the most reliable identity trust signals there are for identifying and stopping automated, fraudulent activity. Based on their research and product development, Kount announced Email First Seen capabilities as part of its AI-powered Identity Trust Global Network, which consists of fraud and trust signals from over half a billion email addresses. It also spans 32 billion annual interactions and 17.5 billion devices across 75 business sectors and 50-plus payment providers and card networks. The following is an overview of Kount’s technology stack and their Email First Seen solution. Source: How To Know If An E-Mail Is Trustworthy, March 11, 2020.

• Fraud detection, malware detection, intrusion detection, scoring risk in a network, and user/machine behavioral analysis are the five highest A.I. use cases for improving cybersecurity. Capgemini analyzed 20 use cases across information technology (I.T.), operational technology (O.T.), and the Internet of Things (IoT) and ranked them according to their implementation complexity and resultant benefits (in terms of time reduction). The following graphic compares the recommended use cases by the level of benefit and relative complexity. Source: Capgemini, Reinventing Cybersecurity with Artificial Intelligence, A new frontier in digital security