Combating cyber threats

Combating cyber threats in the new normal

by | Aug 10, 2020 | Analysis, IT Security

A holistic strategy like threat lifecycle management and some specific measures such as browser isolation are both equally important.
Share to lead the transformation

The Covid-19 pandemic has impacted the information security priorities of enterprises drastically. With remote working becomes a new normal, IT and cybersecurity risks have grown manifold. The go-to-market needs of users have also transformed, and meeting client expectations in real time have become a challenge in the new environment. Combating cyber threats now needs a multi-pronged approach.

Despite stressed technology budgets, there has been a massive surge of optimism in the cloud and managed services solutions market due to organizations’ innate need to drive agility and scale. Businesses are continually looking at new-age solutions that could help their workforce deliver exceptional results even in the work-from-home environment.

Since millions of people are working remotely, there has been a deluge of new cyber and IT security threats that organizations are witnessing. According to a recent cyber threat report by SonicWall, a leading cyber security player, ransomware continues to be the most concerning threat to corporations and the preferred tool for cybercriminals, increasing a staggering 20% (121.4 million) globally in the first half of 2020. Moreover, 7% of phishing attacks capitalized on Covid-19 pandemic while there was 50% rise of IoT malware attacks. The report said it analyzed threat intelligence data gathered from 1.1 million sensors in over 215 countries and territories.

According to the Covid-19 Threats Report by McAfee Labs, the first quarter of 2020 saw significant increases in several threat categories. During this time, cybercriminals seem to have exploited the vulnerabilities caused by the pandemic and tried to make a substantial impact on the networks. The report states that the new mobile malware increased by 71%, primarily due to trozons, and total mobile malware grew by about 12% over the previous four quarters. Interestingly, new IoT malware saw a 50% increase.

This emerging threat landscape has compelled organizations to aggressively focus on disruptive technologies and solutions that could enable them to innovate confidently and provide consistent value to their clients without breaching trust.

Let’s look at how organizations can enhance their security architectures during these unprecedented times and reduce IT security risks.

Focus on threat lifecycle management

A continuous focus on the entire threat lifecycle management (TLM) provides much-needed assurance for tackling any unforeseen scenarios. Organizations need to evaluate the information assets that they need to protect continually, and then take advanced measures for detecting and mitigating cyber threats.

The depth and quality of threat intelligence softwares can help enterprises achieve the much-needed IT security resilency, even for employees who are on their home networks. Some of the major companies that are providing robust threat intelligence management solutions in the market are: IBM, Dell, Trend Micro, Symantec, Check Point, F-Secure, McAfee, and Juniper.

Upgraded tools and methodologies

As cloud deployments become more and more intricate, organizations should ensure to assimilate multiple ways of inventory classification and include them in overall asset management strategy. In the multi-cloud environment where organizations want the best of public and on-premise worlds, the list of cloud applications can change very quickly. Hence, enterprises should have the necessary tools and methodologies to know:

  • List of cloud inventory on their network
  • Why they exist
  • Are they still important?

Incident response automation

By employing security automation in cloud environments, organizations can control the damage at the right time. Automated incident response tools enhance the detection capabilities of vulnerabilities and threats. It accelerates the response time in the event of a security alarm and free up the time of security teams to focus on high-impact alerts. Some of the leading players in this segment are: FireEye, IBM, AT&T, Symantec, Verizon, and DXC Technology.

Browser isolation technology

Enterprises have been using sandboxing, a software management technique to isolate various enterprise applications from critical resources, as part of their efforts to strengthen security against new-age threats. However, in the current environment, information security practitioners consider web browsers as a chief target for cyber attacks and recommend to implement isolation technologies to physically isolate an employee’s web browser and related activities from the local machine and the network.

This model enables enterprises to track and identify the routine infiltration points on their networks and take remedial measures immediately.  Major vendors operating in this segment include Symantec, Cyberinc, and Web Gap.

There are also other tools available through which organizations can quickly isolate affected systems and analyze the breach methodology to prevent such instances in future.

MORE FROM BETTER WORLD

Top enterprise cybersecurity trends of 2020

Top enterprise cybersecurity trends of 2020

The world and enterprises panicked due to the unprecedented COVID-19 pandemic’s surge at the beginning of 2020. The ambiguity around the crisis and the sudden rush for setting-up work-from-home for all employees magnified the concerns related to cybersecurity and impacted the most elementary IT business operations.

One of the critical concerns that most IT leaders confronted was to develop a robust business continuity plan in remote work environments and augment their IT frameworks to manage growing cybersecurity threats. 

Based on our interactions with top cybersecurity leaders, we’ve identified some of the top cybersecurity trends of 2020. Let’s look at them and understand how they will evolve in 2021.

Businesses are adapting to the new normal

The majority of the enterprises are fast-tracking their digital transformation goals and modernizing their IT infrastructure to ensure their distributed organizational resources get secure access to the network (See: Combating cyber threats in the new normal).

The initial focus of organizations was to enable work-from-home in the quickest manner possible. As the businesses are getting settled in the new normal, enterprises are now focusing on protecting their people, devices, and data from cybersecurity threats.

Across organizations, there has been a greater emphasis on real-time security assessment across various endpoints, irrespective of employees’ location or network.

Zero Trust model gaining acceptance

Enterprises have been making efforts to deploy solutions that can immediately detect and halt anomalies and suspicious behaviors. One such approach that is now gaining mainstream acceptance is Zero Trust. It has become a key cybersecurity trend in 2020.

With the Zero Trust model, organizations can evaluate a remote-users’ behavior and bring up a timely alert to prevent any unscrupulous activity. Many tech-leaders believe that this methodology can circumvent over 90% of modern-day cyberattacks attempts.

Backed by real-time intelligence, the Zero Trust methodology verifies a user’s credentials through secure VPNs and monitors suspicious activity. It works on the concept of ‘never trust; constantly verify.’

The Zero Trust approach is different from the trust-based perimeter defense approach. In Zero Trust, users and their job requirements get adequately demarcated. It provides employees with adequate network permissions to access applications and tools relevant to perform their job virtually while withholding the rest of the corporate data visibility (See: Covid-19: Reimagining work with a zero-trust lens).

Focus on Dark Web monitoring for business 

Another cybersecurity trend in 2020 is the Dark Web monitoring for business. The Dark Web is that segment of the Internet that cannot be accessed via conventional search engines such as Google or Yahoo. Over the past twelve months, it has swiftly turned into a booming black market place where cybercriminals collaborate and deliberate nefarious ways to launch sophisticated cyber-attacks on various systems. It is a treasure trove for unscrupulous types who can find several tools and resources to execute their unlawful web activities.

Throughout the year 2020, several cyber breach incidents were reported globally where many companies’ data were stolen and put up for sale on the Dark Web.  Early this year, a global cyber risk intelligence firm Cyble, noted that the cybercriminals exposed personal details of around three crore Indian job seekers in one of the hacking forums.

These rising cases compelled many global organizations to set-up their intelligence units under their cybersecurity practices wing to monitor Dark Web. The trend is likely to pick-up further in 2021. CISOs are expected to keep a firm eye on the Dark Web to monitor various malicious and unethical activities to alert their security teams well in advance.

Emphasis on automation to control AI-based threats

While artificial intelligence (AI) is a great technology that can be leveraged to develop many modern-day IT security tools and resources, it is equally valid that cybercriminals can exploit the engineering for launching too sophisticated malware. During the year, many businesses saw the possibility of cybercriminals bypassing AI-driven security solutions by masking their activities and posing as real users.

In 2021, with 5G technology expected to be launched and IoT-based solutions to get mainstream, CISOs would be profoundly concentrating on protecting their AI-enabled digital systems and new process automation techniques to control AI-based threats.

Attention on closing the cybersecurity skills gap

The shortage of skilled security practitioners has become a growing pain for organizations across all sectors and getting wider.

According to a recent survey conducted by Cybrary, a cybersecurity and IT workforce development platform, growing skill gaps among IT and security professionals is seen as a significant factor that is negatively impacting the security team’s effectiveness. About 65% of surveyed IT Managers mentioned that skill gaps hurt efficiency. 

The study also indicates that organizations lack the vision or enthusiasm to conduct training and skill-development programs in the cyber-security space.

Similar sentiments were echoed by a DSCI-PwC study, according to which the cases of cyberattacks on Indian organizations increased by 117 percent in 2019 compared to 2018. However, due to inadequate funding and paucity of skillful professionals, cyber-security professionals’ job roles remained unfilled.

In 2021, many CISOs are expected to focus on this area and develop requisite solutions to address the cybersecurity skills-gap challenge.

 

 

India’s Razorpay joins Unicorn club with fresh funding, eyes expansion

India’s Razorpay joins Unicorn club with fresh funding, eyes expansion

 

One of the few successful Indian fintech startups, Bangalore-based Razorpay, joins the Unicorn club, as it has secured $100M in a new funding round. With this cycle of financing, the payment startup has also become the first Indian payment-gateway to achieve US$ 1bn valuation.

“Razorpay secures $100 million in Series D funding led by GIC, Singapore’s sovereign wealth fund, along with Sequoia & our existing investors Ribbit Capital, Tiger Global, Y-Combinator and Matrix Partners. The funding also comes with a significant milestone of Razorpay becoming the newest unicorn in India, informs Shashank Kumar, Co-founder, Razorpay, through the company’s official blog.

Set-up in 2013 by Shashank Kumar and Harshil Mathur, Razorpay had raised $75 million in Series C funding last year. 

Razorpay’s ambitions after joining Unicorn Club

Razorpay offers social media sellers and SMEs a convenient mechanism to take payments online without a website or a payment gateway integration.  The company plans to employ the fresh capital to scale up its solutions such as RazorpayX, a neo-banking platform, and Razorpay Capital, a quick business loan platform. It also plans to hire about 500 employees this fiscal year.

Razorpay also provides cash advance service to Micro, Small, and Medium Enterprises (MSME), through collaboration with banks. As Razorpay secures $100 million funding, this will enable it to expand its lending solution capabilities. The company says that over 50% of Indian SMEs still don’t have access to digital financial tools, and it is determined to help these businesses in the best possible manner.

“We strongly believe that RazorpayX will charter our next growth chapter – driving the mobile-first, technology-first transformation of business banking, suited to the digital needs of businesses today and helping them make better decisions,” adds Kumar.

Market onlookers view this development as spectacular since it demonstrates investors’ growing confidence in the Indian startup ecosystem despite the uncertain economic environment. The COVID-19 pandemic has accelerated digital technology’s acceptance, forcing people to alter their behavioral buying patterns and move to online channels.

Razorpay’s list of clients includes Facebook, Google, Jio, Hotstar, Wikipedia, Meesho, among many other independent contractors and SME’s.

Digital transactions gain steam during the pandemic

Led by the Indian government’s increased impetus and growing digitization, the country’s digital payments ecosystem is ready to see a monumental rise. According to the Bank for International Settlements (BIS), India saw digital transaction uptake of about 55% in 2018 compared to 11.4% in Brazil, 35% in Russia, and 23% in Indonesia.

With a mushrooming work-from-home and cautious approach due to COVID-19, the country is expected to see rapid growth in the digital transformation across all sectors and industries. Additionally, from a demographic perspective, more than 60% of India’s population is under 35 years, mostly extremely tech-savvy. This young population is equipped with high disposable income, inexpensive smartphones, and 24*7 data connectivity. It makes them prime potential customers of non-bank digital players.

Additionally, events such as demonetization and COVID-19 have also fast-tracked the digital payment ecosystem’s overall growth.

Companies like Razorpay seems to be cashing in on these exceptional attributes and expanding their solution capabilities. There is also a tremendous interest among many fintech companies and investors to set their shop locally and be a part of India’s growth story.

Besides Razorpay, other prominent digital payment gateway players battling for India’s market share include PayMate, Paytm, CC Avenue, PayU, Paytm, and Mobikwik.

IBM to split into two companies for better cloud opportunity

IBM to split into two companies for better cloud opportunity

Global tech major International Business Machines Corporation has surprised everyone by splitting itself into two companies by the end of 2021. The decision has been taken by IBM to focus on the high-margin cloud computing business and enterprise digital transformation efforts.

IBM mentioned that it would split into two companies by untying the managed infrastructure services unit of its Global Technology Services division. The new company would exclusively focus on legacy infrastructure business and gets its leadership structure in place soon. According to IBM, the unit presently serves around 4600 clients with an order backlog of $60 billion.

“We are focused on accelerating our growth strategy and seizing the $1 trillion hybrid-cloud opportunities. Today, hybrid cloud and AI are swiftly becoming the locus of commerce, transactions, and over time, of computing itself. This shift is driven by the changing needs of our clients, who find that choosing an open hybrid cloud approach is 2.5 times more valuable than relying on public cloud alone,” stated Arvind Krishna, IBM Chief Executive Officer, in a blog post.

The foundation stone of this spin-off was laid by IBM’s $34 bn acquisition of Red Hat. The Red Hat buy helped IBM to gain capabilities to build an exceptional-quality hybrid cloud. IBM believes that Red Hat’s open-source, hybrid cloud platform will form the basis for developing and market higher-end AI-enabled software applications and solutions in the future.

“With Red Hat in our portfolio, we have since launched our Cloud Paks and strengthened our systems portfolio. We built an industry-specific cloud designed to tackle the most stringent needs of the financial services industry. And we beefed up our hybrid cloud and AI capabilities by acquiring two companies, Spanugo and WDG Automation,” Krishna elucidates.

An intelligent move

This announcement of IBM to split into companies is an exciting development as it will enable the corporation to fortify its focus on a profitable business line, i.e., cloud. In the post-COVID-19 world, enterprises are expected to inspire their business models and infrastructure modernization with robust digital transformation initiatives (See: Technology trends for businesses in 2020).

The rising adoption of remote-work is accelerating the adoption of cloud solutions. Shortly, technologies such as artificial intelligence (AI), data analytics, automation, and augmented reality will be implemented hugely by organizations. As such, IBM would want to capture a bigger pie of the high-value cloud software and solutions. The move will also help IBM become more agile by simplifying and optimizing its operating model.

Due to the low demand for its software and mainframe servers, the company has been aggressively expanding its cloud portfolio in recent times. IBM has been making several rounds of reshuffle and readjustments in its business strategy over the last couple of years.

IBM has been facing significant challenges to improve its top line due to the strained services business. It has also announced massive job-cuts recently in a bid to restructure its business operations. It looks like this new spin-off may be a turning point in the company’s 109 years history and help it deliver more remarkable results in the times to come.

IBM currently has over 350,000 employees and expects to spend about $5 billion in expenses related to the division’s operational and other aspects. Immediately after the announcement, the company’s shares saw a jump of 6% on NYSE.

 

 

India’s 2020 4G Spectrum auction set for further delay

India’s 2020 4G Spectrum auction set for further delay

The next phase of the 4G spectrum auction in India seems to be heading for another delay due to the ongoing COVID-19 crisis. The auction, which was scheduled for this month, yet to see any government’s cabinet note. The cabinet note is mandatory for the commendation of the spectrum base price and quantity that requires to be put below the mallet.

One needs to note that before any spectrum auction in India, the Department of Telecommunications (DoT) issues a formal Notice Inviting Applications (NIA), inviting interested service providers to bid for the mobile services spectrum. The total procedure typically needs around 45 days to fill out before the actual auction starts.

This would be the second consecutive deferment of India’s 4G spectrum auctions, which includes seven bands in 22 circles. The radio waves for grabs include 700Mhz, 800Mhz, 900 MHz, 1800 MHz, 2100 MHz, 2300 MHz, and 2500 MHz bands. Earlier, the government intended to schedule the auction in March this year, but due to COVID-19 related restrictions, it had to postpone it to October.

The government has already pushed the auction of 5G spectrum in the 3300-3600 MHz band to 2021 due to telecom operators’ tight budgets and inability to meet the high reserve prices earmarked by India’s telecom sector regulator, Telecom Regulatory Authority of India (TRAI).

India is expecting to earn over INR 4 lakh crores from the auction.

Reliance Jio pushes for early 4G spectrum auction

India’s largest telecom operator, Reliance Jio, seems to be the only telecom operator who wants to speed up the 4G spectrum auction sale. Other telcos, Bharti Airtel and Vodafone Idea (Vi), are in no rush and have indicated that they would be happy if the auction is delayed.

“We are unable to find any reasonable rationale behind this sudden pause in a successful and fruitful policy of auctioning all available spectrum every year, since the Supreme Court decision in 2012,” stated Reliance Jio in a letter addressed to DoT Secretary, last month.

The Mukesh Ambani led Jio to expand its infrastructure in India and has a big concern over the 4G spectrum auction delay in India because its airwaves license in the 800 MHz bands is expiring next year. The company, which uses the 800 MHz band of Anil Ambani’s insolvent company Reliance Communications, has recently raised over 1.50 lakh crores funding from Google, Facebook, Microsoft, and Silver Lake. (See: Jio driving digital shifts in the economy)

Jio is also adding a significant number of subscribers every month, and need more spectrum to provide quality 4G services throughout the nation. Its mobile-first approach has helped it gain a substantial footing in the market, and improved data adoption in India enormously. (See: The Jio ecosystem has begun to unfold)

In contrast, Airtel and VI are financially stressed and witnessing a big challenge in improving their market share. Though their spectrum license in the 1800 MHz band is also due for renewal in 2021, it is less expensive. Both the operators also have backup airwaves to support their subscribers, hence keen to streamline their financial budgets before participating in the 4G spectrum auction in India.

 

Growth of Indian IT sector set for revival in 2021

Growth of Indian IT sector set for revival in 2021

After facing multiple headwinds due to the COVID-19 pandemic and sluggish economic recovery, the growth of Indian IT sector seems to be on the path of retrieval.

A recent study by Fitch, a global credit rating agency, says that due to the enormous demand for digital transformation solutions, the IT Services industry revenue will start upward by a high single-digit percentage in 2021-22.  The sector, however, will continue to see minimal revenue growth in FY20, says the report titled Spotlight: Indian IT Services Sector.

The IT industry has grown at a CAGR of 8% during 2014-2019, based on Fitch’s estimate.

The report comes as no surprise as most technology leaders have been extremely cautious about IT spending and exploring several ways to transform their businesses digitally in the wake of the current crisis.

New normal leading the growth of Indian IT sector

The new normal, where most of the employees work from home, has been a compelling force for businesses to transform every aspect of their operations and move from legacy systems.

The focus has been growing steadily on automation, artificial intelligence, and data science to swiftly increase employee efficiency and productivity. The industry expects that technologies like Analytics and AI would continue to play a more significant role in the growth of the Indian IT sector along with driving enriching experience for employees and customers. Moreover, the next twelve months will see faster adoption of transformative technologies such as the internet of things (IoT), Blockchain, and robotic process automation (RPA). These technologies will be used to build contactless solutions and strengthen process efficiencies. Customer Organizations will be seen ramping-up their research and development initiatives to kick-start the economy. (See: How is digital transformation shaping the new future?)

Most enterprises across sectors have realized the benefits of these technologies for the growth of their IT industry and putting a strong emphasis on improving their internal IT budget scope. (See: Anshuman Tiwari, Global Head of Delivery Excellence, DXC Technology; and CIOs to focus on network transformation for business continuity).

Digital transformation tailwinds favor India’s IT sector

To meet the growing demand, IT Services companies are rapidly increasing their competencies and will continue to enter into incredible collaborations and acquisitions that will further beef up their digital transformation capabilities and revenue prospects in 2021, despite the current decline. (See: Tech Cos take M&A route for digital transformation supremacy).

In addition, there is also a cost advantage, i.e., the salaries in India are much lower as compared to the countries like the U.S. This is expected to create a massive growth opportunity for the U.S. and European firms to expand their base in India.

Top recent partnerships

Company

Partner

Initiative

TCS

IBM

Develop a new unit to help clients achieve a greater level of digital and cognitive enterprise transformation using IBM’s cloud service

Infosys

Genesys

AI solution to augment query management and scale helpdesk operations to enhance productivity and customer satisfaction.

 

Wipro

Intel

Provide remote work solutions with enhanced cybersecurity measures to customers

 

Tech Mahindra

Microsoft

Develop enterprise cloud solutions leveraging Microsoft platforms and technologies to meet customer needs and pursue growth

 

Mphasis

Amazon Web Services (AWS)

Provide an end-to-end cloud and cognitive portfolio of services leveraging its partnership with AWS, with its new status of premier consulting partner

 

Hexaware

Freshworks

Offer customer and employee-engagement software for digitally native business

 

Source: Fitch.

Quote:

“We expect the Indian IT services industry to continue to take advantage of its low-cost operations and maintain its strong foothold in the global IT sector”

-Keith Poon, Fitch Ratings

Paytm Mini App Store: A threat to Google’s dominance?

Paytm Mini App Store: A threat to Google’s dominance?

Digital payments firm, Paytm, has tossed a new android mini-app store or links to progressive web apps (PWAs), intending to support Indian startups and contest Google’s dominance in the play store. Paytm Mini App Store is an exciting development for the Indian digital ecosystem, where many of the startups and developers can leverage Paytm’s reach and payment arrangements.

Paytm’s new app store will enable local developers to test their mobile applications’ capabilities on an all-new local app platform, for free of cost.

For the last few months, many Indian app developers have been mulling the idea of an alternate Indian local app store. The aim is to give an alternate option to house India’s android based mobile applications and counterbalance the dependency on the Google Play store. The mini-apps platform provides an engrossing one-click experience for users without downloading the apps. This new ecosystem will also help millions of Indian smartphone users who use budget-friendly low-storage phones.

Paytm Mini App store launch resonates with the “Atmanirbhar Bharat” mission, a popular PR tactic for many companies since the ban of several China-based apps. According to Paytm, over 300 apps, such as ride-hailing major Ola, online pharmacy store Netmeds, fast-food giant Domino’s, online food startup Fresh Menu, No Broker, etc have joined the Paytm app store.

 What influenced the development of the Indian App Store?

 It seems like the Paytm Mini app store’s idea has been triggered because of the two factors. Both Paytm and Google entered into conflict last month when Paytm owned ‘First Games’ app was removed from Google’s Play Store.

Google had alleged that Paytm’s app violated play store gambling policies by introducing a real cash-based fantasy cricket tournament. Paytm, on the other hand, confronted that Google’s move was a deliberate attempt to confine Paytm’s growing dominance in the Indian market and control the growth of a potential rival.

Though Google reinstated the Paytm’s app within hours, the incident triggered an acrimonious war of words between the tech giants.

The second factor that compelled many developers and companies to support the idea of a new Indian app store was Google’s fresh mandate. According to Google, all app developers on the Play Store would need to use its in-app payment system from the near future, i.e., the US company’s billing system, where app developers will have to shell out a 30 percent fee from their payments.

Google’s 30% fee for in-app purchase decision has been slammed by many developers and startups in India who voiced their displeasure of this move. After the pushback, Google analyzed the situation in time and decided to delay the 30 percent Play Store cut in India.

An ambitious gamble

Google Play is the world’s leading android app store and houses over 3 million apps. Besides, many other players such as Amazon AppStore, GetJar, Aptoide, and Opera Mobile store have been battling to up their popularity charts with limited uptake.

It would be interesting to see if Paytm’s new app store could become a game-changer or turns out to be an extempore in response to the recent events and its squabble with Google.

The app store marketplace is no laid-back business. Paytm would need much investment, technology upgrades, and innumerable alliances to develop an alternative app distribution ecosystem for Indian android users. Others will be watching this space closely and may throw some competitive elbows.

Paytm has recently been investing significantly in marketing its UPI, and claims to hold about 50 percent market share in the segment. The company also plans to foray into the US market and plans to compete with Amazon and Flipkart’s likes in the e-commerce space.

0 Comments