By Jaydeep Saha, Contributing Writer, HCL Technologies Ltd. 

 

With the rise in cyberattacks across the world, including recent attacks on Uber and the UK-based Intercontinental Hotels Group (IHG), the European Union has announced that electronic items connected to the internet will now have to abide by the draft Cyber Resilience Act.

From laptops and refrigerators to mobile apps and smart devices connected to the internet will have to be assessed for their cybersecurity risks under the proposed EU rules. Companies that fail to comply could receive fines of as much as $15 million or up to 2.5 percent of their total global revenue. The law will also require manufacturers to fix any problems that are identified.

The EU also recognizes the importance of emerging disrupting technology (EDT) in fighting off more evolved cyberattacks. In December 2020, its Cybersecurity Strategy for the Digital Decade identified AI, encryptions, quantum computing, and future generation networks as key cybersecurity technologies.

The US market

In the last 12 months, US businesses faced a seven percent increase in cyberattacks, with approximately 47 percent of all US businesses suffering an attack in this period.

According to the same report, 40 percent of attack victims are incurring costs of $25,000 or more per attack. The US is bearing a high cyberattack cost and the most common entry point for cybercriminals are cloud-based corporate servers.

In June, the US government introduced two cybersecurity laws:

  1. The State and Local Government Cybersecurity Act of 2021 is aimed at improving coordination with the Cybersecurity and Infrastructure Security Agency (CISA). State, local, tribal, and territorial governments will be able to share security tools, procedures, and information more easily with CISA.

  2. The Federal Rotational Cyber Workforce Program Act of 2021 is aimed to raise the skill sets and experience of government employees in IT, cybersecurity, and related fields.

Earlier this month, the CISA, along with the FBI, convened the first meeting of its new Joint Ransomware Task Force, which aims to increase cooperation between several government agencies. This taskforce will also identify the highest threat ransomware groups and prioritize operations to disrupt specific ransomware actors.

The APAC markets

The advent of IoT, AI, ML and the growing speed and scope of digital transformation, including the introduction of 5G network and migration to the cloud, has caused significant cybersecurity issues in Asia Pacific (APAC). Its cybersecurity network infrastructure is becoming more exposed to cyberattacks.

According to IBM X-Force Threat Intelligence Index 2022, Asia received 26 percent of all worldwide attacks in 2021, making it the most-attacked area globally. India tops the list of the most frequently attacked country in Asia and ranks third in the number of DNS hijacks, indicating a sharp rise in cybercrime registration. India’s official cybersecurity organization, CERT-In, stated that the country had recorded over 2,12,000 cybersecurity incidents as of February 2022.

According to Cloudflare, in March China accounted for 45 percent of the world’s cyberattack traffic. However, to keep the country’s network secured the Cyberspace Administration of China issued new measures on cybersecurity.

Under this step, the critical information infrastructure operators (CIIO) purchasing network products – like high-performance computers or servers, mass storage equipment, large database, or applications – and services, such as cloud computing, need to apply to the Cybersecurity Review Office for cybersecurity review.

The rise in cyberattacks globally, in part fueled by remote cloud-based work during and after the pandemic, is giving rise to the adoption of cybersecurity services.

The cybersecurity solutions market

At a global level, countries and regions are recognizing the cyberthreat and releasing stringent cyber laws, while embracing technology to keep their systems and citizens safe.

The global cybersecurity market — driven by the increasing awareness of data risks and threats — has witnessed robust growth. It is projected to reach $376.32 billion by 2029 from $155.83 billion in 2022.

The cyber security market is segmented geographically, and the North American region is expected to lead the market growth with approximately 35 percent of the market share. The US is expected to dominate the market with the highest number of cybersecurity providers and consumers, globally.

The cyber situation at an organizational level

At an organizational level, Gartner research recently stated that “security and risk management leaders who are aware of their attack surface can improve their risk posture by prioritizing security hygiene and increasing its visibility.”

By 2025 Gartner predicts that, 45 percent of organizations worldwide will have experienced attacks on their software supply chains, a three-fold increase from 2021.

“CISOs need to transition their roles from technologists who prevent breaches to corporate strategists who manage cyber risk,” said Peter Firstbrook, VP Analyst at Gartner. He added that sophisticated ransomware, attacks on the digital supply chain, and deeply embedded vulnerabilities have exposed technology gaps and skills shortages at the same time.

With organizations increasingly facing more sophisticated cyberthreats, there is a need to shore up approaches to cybersecurity. Let’s look at the top tech strategies organizations are embracing to tackle this security menace.

Among the very important technologies organizations are focused on are access management that protects apps and data by ensuring the right user has access to the right resource. It is also advised to regularly change and create strong passwords, along with the adoption of secure Wi-Fi that is restricted to each individual organization.

Crucially, it’s important for organizations to regularly train their workforce about security best practices, including information about new threats and ways to secure their systems.

Organizations should also ensure endpoint protection, back up organization data daily, use multi-factor authentication that requires two or more factors to verify a user’s identity before granting access, install a firewall that provides extra protection against viruses and malware, and keep software up to date.

Working with a partner to combat the threat

Organizations need help when it comes to cybersecurity. By working with a trusted partner, they can focus on product innovation and growing the company’s market share.

HCLTech has been offering cyber security and governance services for the past 25 years. Today, it has operations across the globe, including in the UK, the US, and APAC. The security portfolio offers holistic solutions integrated with Microsoft security products that encompass the full breadth of supply chain security, for both on-premise and in the cloud.

For example, in the case of a global company engaged in the development, manufacturing, and sales of anatomical pathology solutions, it needed to migrate from their existing ArcSight system to a more cloud-native threat analytics platform.

HCLTech designed the Azure Sentinel solution for the company, along with the complete integration of their systems, which streamlined the collection of security and application logs. This allowed the client to adopt more cloud-led solutions and facilitated a tighter integration of the complete infrastructure, leading to more stringent cybersecurity across its endpoints.