Advertisment

Numbers of Note: Security under arc lights; Shadows of IT 

Cloud, IoT and cyber-security are coming up as attention-grabbers in the security universe. Do figures corroborate some fears of the shadows lurking around insiders tapping Cloud and IoT?

author-image
Pratima Harigunani
New Update
ID

INDIA: When you find 52 per cent of the lines of business in a study hinging on expectations that IT should secure their unauthorized department-sourced cloud services and worry about lack of visibility into cloud usage; you can’t help wonder how big is the umbra out here.

Advertisment

Shadow IT, as a driver of IT departments’ concern when it comes to security, came up significantly when 58 per cent of respondents surveyed in ‘Orchestrating Security in the Cloud’ avowed that this shade of IT has a negative impact on their ability to keep cloud services secure.

As per a New Intel Security survey gleaning trends from IT professionals in Australia, Brazil, Canada, France, Germany, Spain, U.K. and U.S., it seems that even if 77 per cent inject more trust in the cloud than a year back, just 34 per cent feel C-level executives and senior management understand security risks of the cloud. The study titled, ‘Blue Skies Ahead? The State of Cloud Adoption’ also points that merely 13 per cent completely trust public cloud providers to secure sensitive data.

The irony becomes profound when one observes that 81 per cent organizations are planning on investing in infrastructure-as-a-service (IaaS) and 60 per cent into software-as-a-service (SaaS). Here, when concerns were ascertained, 13 per cent of respondents picked knowing whether or not their organizations stored sensitive data in the cloud; and more than one in five respondents expressed that their main concern around using SaaS is having a data security incident too.

Advertisment

The threats that loom under oblivion, neglect and seemingly harmless ignorance are not limited to cloud per se.

Alongside, Gartner has predicted that over 25 per cent of identified attacks in enterprises will involve IoT (Internet of Things), by 2020 despite IoT accounting for less than 10 percent of IT security budgets. What will muddle the waters more is that vendors will be challenged to provide usable IoT security features because of the limited assigned budgets for IoT, with the focus amplifying on spotting vulnerabilities and exploits, rather than segmentation and other long-term means that better protect IoT.

Gartner predicts worldwide spending on IoT security to touch $348 million in 2016, a 23.7 percent increase from 2015 spending of $281.5 million and spending on IoT security to hit $547 million in 2018. This is where IoT security market spending is slated to rise at a faster rate after 2020, as improved skills, organizational change and more scalable service options improve execution.

Advertisment

With over 6.4 billion connected things to be in use worldwide in 2016, or 11.4 billion by 2018; the attention to security is understandable. The market for IoT security products is dependent on IoT adoption by the consumer and industry sectors. The research firm reckons endpoint spending to be dominated by connected cars, as well as other complex machines and vehicles, such as heavy trucks, commercial aircraft, and farming and construction equipment.

Management, analytics and provisioning of devices and their data will come to the forefront and keeping pace with requirements in monitoring, detection, access control and other security needs would become crucial. Interestingly, by 2020, Gartner predicts that over half of all IoT implementations will use some form of cloud-based security service.

The latest Verizon’s 2016 Data Breach Investigations Report incidentally finds cybercriminals exploiting human nature (ransomware and phishing stay as big patterns); as well as warns that proof of concept exploits are real and it’s only a matter of time before a large scale breach impacts mobile and IoT devices. So yes, organizations should continue to be vigilant about protecting smartphones and IoT devices.

Advertisment

The report has pointed to repeating themes from prior-year findings and storylines that continue to play off of human frailty. Like, 89 per cent of all attacks involve financial or espionage motivations. Most attacks exploit known vulnerabilities that have never been patched despite patches being available for months, or even years and 63 per cent of confirmed data breaches involve using weak, default or stolen passwords.

At the same time, Ransomware attacks have been observed to have increased by 16 per cent over 2015 and basic defenses continue to be sorely lacking in many organizations.

If Clouds and Things did not suffice to raise threat alarms, insiders are doing the rest silently and invisibly.

Advertisment

Another report, the Forcepoint 2016 Global Threat Report (based on data from three billion data points per day in 155 countries around the world), mentions a new crop of opportunistic ransomware, anti-malware tools and issues due to the ever-dissolving perimeter in cyber-security.

It highlights increases in data breaches caused by both malicious and ‘accidental’ insiders as well as inconsistent security controls between cloud providers and businesses, which are complicating data protection. The report observes that ‘Insiders’ – malicious and accidental – shape up as the biggest threat to company security and the one for which businesses feel least prepared.

A known enemy compares nothing to an unknown, invisible insider goofing up expensively. Threat-meters clearly show how the mercury level has been rising and it would be a good time to look beyond the obvious.

security shadow-it