Worldwide VPN market to reach $75.59 billion by 2027

The global VPN market was valued at $25.41 Billion in 2019 and is projected to reach $75.59 Billion by 2027, growing at a CAGR of 14.7% from 2020 to 2027, Valuates Reports reveals. Major factors driving the growth of VPN market size, increase in data security concerns, rise in advanced & complex cyber threats, and an upsurge in usage of mobile & wireless devices within organizations. This study includes the analytical depiction of the virtual … More

The post Worldwide VPN market to reach $75.59 billion by 2027 appeared first on Help Net Security.

Server market revenue reached $22.6 billion in 3Q20

Vendor revenue in the worldwide server market grew 2.2% year over year to $22.6 billion during the third quarter of 2020 (3Q20), according to IDC. Worldwide server shipments declined 0.2% year over year to nearly 3.1 million units in 3Q20. Volume server revenue was up 5.8% to $19.0 billion, while midrange server revenue declined 13.9% to $2.6 billion, and high-end servers declined by 12.6% to $937 million. “Global demand for enterprise servers was a bit … More

The post Server market revenue reached $22.6 billion in 3Q20 appeared first on Help Net Security.

CFOs taking strategic roles after overcoming COVID-19 challenges

CFOs are taking on greater strategic and enterprise-building roles after guiding their organizations through the challenges of COVID-19. CFO Research of Argyle Advisory & Research Services and FTI Consulting surveyed 325 corporate finance executives to better understand how CFOs and the finance function drive enterprise value. Five key themes The work of CFOs during the pandemic has earned them the right to be strategic leaders in their organizations, as the pandemic shined a spotlight on … More

The post CFOs taking strategic roles after overcoming COVID-19 challenges appeared first on Help Net Security.

CFOs optimistic, expect the economy to improve in 2021

Each quarter, Deloitte tracks the thinking and actions of leading CFOs representing North America’s largest and most influential companies. Participating CFOs represent diversified, large companies averaging more than $10 billion in annual revenue. CFOs unveil economic expectations for 2021 This quarter, just 18% of CFOs rate the North American economy as good, but 59% expect better conditions in a year. Europe was flat at 5% and 37%, respectively, and China improved markedly to 47% and … More

The post CFOs optimistic, expect the economy to improve in 2021 appeared first on Help Net Security.

Cloud ITSM market size to grow to $12.2 billion by 2025

The cloud ITSM market size is expected to grow from $4.7 billion in 2020 to $12.2 billion by 2025, at a CAGR of 21.2% during the forecast period, according to MarketsandMarkets. The flexibility and agility of cloud-based models would support the IT service needs of enterprises. The leading CSPs/hyperscalers—Microsoft, IBM, and AWS—are expected to increase their CapEx primarily for data center expansion to support the increasing workload for their internal and external stakeholders. The increasing … More

The post Cloud ITSM market size to grow to $12.2 billion by 2025 appeared first on Help Net Security.

High-risk vulnerabilities discovery increased 65% in 2020

2020 has been a record year for crowdsourced cybersecurity adoption, with enterprises across all industries implementing crowdsourced cybersecurity programs to keep up with the evolving threat landscape.

high-risk vulnerabilities discovery

High-risk vulnerabilities discovery

Bugcrowd saw a 50% increase in submissions on its platform in the last 12 months, including a 65% increase in Priority One (P1) submissions, which refer to the most critical security vulnerabilities.

The report gives a comprehensive view of how COVID-19 redefined cybersecurity practices across industries. The World Health Organization reported that attacks directed at its staff and email scams targeting the public at large increased by 500% soon after the pandemic began, driven by a sevenfold increase in ransomware and new attack vectors that opened up in a remote-first world of work.

The software industry saw a critical need for crowdsourced security

The software industry in particular saw a critical need for crowdsourced security due to the new security challenges created by the pandemic. Vulnerability submissions were up 24% in the first ten months, compared to all of 2019.

Across the board, computer software companies paid out almost five times as much as any other industry for submissions. Most notably, P1 submissions in the software industry nearly tripled in 2020.

“Our Priority One report findings clearly show that leading organizations across all sectors are embracing crowdsourced security as a core element of their security strategy,” said Ashish Gupta, CEO, Bugcrowd.

“Comparing data from the last two years, we see that crowdsourced cybersecurity is growing rapidly as a result of rapid digital transformation and increased threats caused by the COVID-19 pandemic. Vulnerability submissions are up, with higher numbers of critical vulnerabilities, and total payouts are growing steadily by about 15-20% per quarter.”

API and Android vulnerabilities on the rise

The report found that eight of the top 10 bugs submitted in 2020 were also featured on the 2019 list. This illustrates that managing known risks remains a challenge for most enterprises.

In the last year, submissions to all industries increased. Most notably, API and IoT vulnerabilities doubled, while those found in Android targets more than tripled. The heavy focus on remote work and subsequent growth in IoT device adoption in 2020 made IoT devices more attractive targets for cybercriminals.

Human error is the driving force behind the most submitted vulnerability

The most submitted vulnerabilities in 2020 stem from broken access controls, while the second-highest number of vulnerabilities were related to cross-site scripting (XSS).

The broken access control vulnerability is driven by human error and can often be prevented through the correct use of code frameworks that have XSS prevention built-in. The findings underscore the fact that human error is a major source of security risk.

Financial services sector investing more for critical vulnerabilities

Companies in the financial sector doubled their payouts for P1 vulnerabilities from Q1 of 2020 to Q2. Bank branch closures and other business process changes caused by the pandemic forced the financial service industry to accelerate digital transformation at a faster rate than most verticals.

This led to an expanded attack surface, which the industry responded to by engaging the crowd with strong incentives to identify new risks. This resulted in the financial services sector returning more submissions from January to October of 2020 than in all of 2019.

Speed is a competitive advantage for customers

In almost all industries, ethical security researchers will discover vulnerabilities in a week or less when participating in a Bugcrowd Vulnerability Disclosure, Attack Surface, Bug Bounty or Pen Test program.

In sectors like consumer services and media, researchers often find vulnerabilities in less than a day. While it typically takes a few days for researchers to find vulnerabilities in the government and automotive sectors, the vulnerabilities are typically much higher risk.

“The speed of discovery across the board demonstrates the tremendous value crowdsourced security can add to security teams and companies looking to fast-track digital transformation efforts and bring new infrastructure online,” added Gupta.

“This speed is replicated by adversaries too, which places even more of a premium on having a crowdsourced security platform that allows a company to tap into the expertise and agility of the Crowd to keep their organizations safe.”

Rising physical threats putting leaders under pressure

Physical threats are rising and increasingly unmanageable, putting unprecedented financial, reputational and liability pressures on business leadership and security teams, according to a study by the Ontic Center for Protective Intelligence. As physical security operations budgets are expected to increase in 2021, driven and accelerated by COVID-19, the study showcases the collective perspectives of chief security officers, chief legal officers, chief compliance officers and physical security decision-makers — on their physical security operations, what keeps … More

The post Rising physical threats putting leaders under pressure appeared first on Help Net Security.

Cybercrime costs the world more than $1 trillion, a 50% increase from 2018

Cybercrime costs the world economy more than $1 trillion, or just more than one percent of global GDP, which is up more than 50 percent from a 2018 study that put global losses at close to $600 billion, McAfee reveals. Beyond the global figure, the report also explored the damage reported beyond financial losses, finding 92 percent of companies felt effects beyond monetary losses. “The severity and frequency of cyberattacks on businesses continues to rise … More

The post Cybercrime costs the world more than $1 trillion, a 50% increase from 2018 appeared first on Help Net Security.

Six cryptographic trends we’ll see next year

2020 was a “transformative” year, a year of adaptability and tackling new challenges. As we worked with organizations to deploy mission-critical data security, cryptography was comparatively stable. What cryptographic trends will gain traction in 2021?

cryptographic trends

The cloud will play a bigger role, especially in financial services

The movement toward broad acceptance of cloud-based encryption and key management will accelerate as more of the pieces come together. Organizations have become more aggressive with the cloud, especially financial services organizations that are moving toward payment processing in the cloud.

Cloud providers are offering more robust and flexible security to meet the demands of organizations who want to retain control of the keys and avoid being vendor locked. Cloud providers have been listening to enterprises about their concerns around data security practices and are making forward strides with data access, key management, and data retention policies.

Homomorphic encryption will be part of your vocabulary

Homomorphic encryption allows for data to remain encrypted while it is being processed and manipulated. Homomorphic encryption could be used to secure data stored in the cloud or in transit. This gives organizations the ability to use data — such as doing analytics on your customer base — without compromising the integrity of the data as a whole.

BYOE adoption will increase

Bring Your Own Encryption (BYOE) will increase. BYOE is the next evolution of organizations being able to determine the level of control they want when it comes to managing their data security policies.

For example, what happens if an organization gets subpoenaed and its cloud provider turns its files to the authorities? If the organization controlled its keys and could do client-side encryption on-premises, the data would be useless. There will likely be a big catalyst event whereby a company goes, “Whoa — what do you mean, a third party can release my information over to a legal authority?”

Encryption + key management, critical with shorter certificate lifecycles

Organizations need both encryption and key management to be tighter than ever. As the industry moves to one-year certificates, organizations are managing shorter digital certificate schedules. It’s ever important to keep track of expiration dates and automation will play a big role.

To improve their security postures, organizations will emphasize bringing key management up to the same level as their encryption programs. What happens if you have deployed good policies, you deployed good encryption, but you deployed poor key management?

Cryptography will be significant in DevSecOps, especially for code signing

Getting tools that DevOps needs to secure its infrastructure — without slowing it down — will be critical. Looking at key management, hardware security modules (HSMs), crypto, and third-party monitoring tools, organizations will emphasize giving DevOps teams what they need to integrate security and quickly identify and troubleshoot trouble areas.

The goal will be to take away the pain points while expanding the use of encryption within the organization. When it comes to code signing, HSMs play a critical role. Code signing certificates, secure key generation, and certificate storage should be centralized and automated, natively integrating with CI/CD systems.

Manufacturers of long-term devices to embrace crypto agility

There has been a lot of talk in 2020 about quantum computers breaking current cryptography. In 2021, manufacturers of devices — satellites, cars, weapons, medical devices — that will be used for 10 to 20 years, will be smart to embrace quantum-safe cryptography. A crypto-agile solution could entail implementing hybrid certificates: signing them with conventional asymmetric encryption now but incorporating enough flexibility so they will transition smoothly to counteract the quantum computing threat when the time comes.

Whether it’s the cloud and organizations retaining control of the keys, BYOE and homomorphic encryption, DevSecOps embracing cryptography, or hybrid certificates for crypto agility, two themes stand out:

  • Encryption and key management: you can’t have one without the other
  • Shorter certificate lifecycles require more attention to key management than ever

We’re in for an exciting year ahead!

Demand for private network deployments will be driven by heavy industry verticals

With enterprise 5G maturing, the importance of private networks for the enterprise domain will continue to grow.

private network deployments

According to ABI Research, the demand for private network deployments will be driven primarily by heavy industry verticals. Industrial manufacturing, energy production (including mining, oil and gas, and logistics) alone will generate private network revenues of $32.38 billion by 2030, representing half of the $64 Billion overall private network revenues.

“These findings show the importance of private networks, particularly for automating mission- or even life-critical use cases, that require the highest possible network reliability and availability and are characterized by a high degree of network integrity to prevent data from leaving the enterprise premises,” says Leo Gergs, Research Analyst for 5G Markets at ABI Research.

“Enterprises that require network slicing capabilities to separate mission-critical from non-mission-critical use cases within the same physical network will turn to private networks.”

What’s causing the surge in private network demand?

Two main factors are causing the surge in private network demand. Gergs explains, “First, there is a huge rise in demand for automation and enterprise digitization. What has started with Industry 4.0 is now exacerbated by the aftermath of the global COVID-19 outbreak.

“Enterprises in industrial manufacturing, logistics, and oil and gas are now accelerating their digitization plans to reduce their dependency on manual labor availability and increase the resilience of their business operations against sudden disruptions to supply chains. The second is the addition to the demand-side effect.”

Gergs continues, “The market for private network deployments will also benefit from a supply-side effect. The freeze of Release 16 gives enterprises the much-needed reassurance of 5G capabilities for enterprise-grade connectivity, which allows chipset and module manufacturers to grow the device ecosystem for compatible hardware.

“The maturing device ecosystem, in turn, drives down prices per module and therefore makes the deployment of private 5G network more cost-efficient, which will spur additional interest from enterprises.”

A durable business strategy is key

There is a growing number of private network offerings emerging on the market to address this rising opportunity. While private network operators like Ambra, Citymesh or Edzcom are threatening traditional CSPs’ market share by monetizing managed services other than connectivity, hyperscalers like AWS, Google, and IBM are launching their private network offerings in co-creation efforts with telco players.

In addition, software companies like Athonet or Quortus benefit from trends toward network virtualization, which allows them to offer a virtualized core network either through System Integrators or to enterprises directly.

“These breathtaking developments show the amazing pace at which this market is evolving. Against this backdrop, it is important that all players in the enterprise connectivity domain develop a durable business strategy to profit from this rising market,” concludes Gergs.

Financial services lead when it comes to fixing open source flaws

The financial services industry has the best flaw fix rate across six industries and leads a majority of industries in uncovering flaws within open source components, Veracode reveals.

fixing open source flaws

Fixing open source flaws is critical because the attack surface of applications is much larger than developers expect when open source libraries are included indirectly.

The findings came as a result of an analysis of 130,000 applications from 2,500 companies.

Fixing open source flaws

The research found that financial services organizations have the smallest proportion of applications with flaws and the second-lowest prevalence of severe flaws behind the manufacturing sector.

It also has the highest fix rate among all industries, fixing 75% of flaws. Still, the research found that financial services firms require about six and a half months to resolve half of the flaws they find, indicating it is slower than other industries to remediate.

“Financial services firms have a median time to remediation of more than six months, despite having a high fix rate compared to other sectors,” said Chris Wysopal, CTO at Veracode.

“However, developers in the financial services industry are often limited by the nature of the environments they are working in, as applications tend to be older, have a medium flaw density, and aren’t consistently following DevSecOps practices compared to other industries.

“With some additional training and sticking to best practices, they can quickly remediate issues and start to reduce security debt.”

Financial services specific findings

The research found compelling evidence that certain developer behaviors associated with DevSecOps yield substantial benefits to software security. The findings detail that financial services firms:

  • Are a leading industry when it comes to fixing flaws in their open source software and establishing strong scan cadences.
  • Fall to middle-of-the-road for scanning frequency and integrating security testing, and are not likely to be using dynamic analysis (DAST) scanning technology to uncover vulnerabilities.
  • Outperform averages across all industries in dealing with issues related to cryptography, input validation, Cross-Site Scripting, and credentials management – all things related to protecting users of financial applications.

Global number of industrial IoT connections to reach 36.8 billion by 2025

The global number of industrial IoT connections will increase from 17.7 billion in 2020 to 36.8 billion in 2025, representing an overall growth rate of 107%, Juniper Research found.

industrial IoT connections

The research identified smart manufacturing as a key growth sector of the industrial IoT market over the next five years, accounting for 22 billion connections by 2025.

The research predicted that 5G and LPWA (Low Power Wide Area) networks will play pivotal roles in creating attractive service offerings to the manufacturing industry, and enabling the realisation of the ‘smart factory’ concept, in which real-time data transmission and high connection densities allow highly-autonomous operations for manufacturers.

5G to maximise benefits of smart factories

The report identified private 5G services as crucial to maximising the value of a smart factory to service users, by leveraging the technology to enable superior levels of autonomy amongst operations.

It found that private 5G networks will prove most valuable when used for the transmission of large amounts of data in environments with a high density of connections, and where significant levels of data are generated. In turn, this will enable large-scale manufacturers to reduce operational spend through efficiency gains.

Software revenue to dominate industrial IoT market value

The research forecasts that over 80% of global industrial IoT market value will be attributable to software spend by 2025, reaching $216 billion. Software tools leveraging machine learning for enhanced data analysis and the identification of network vulnerabilities are now essential to connected manufacturing operations.

Research author Scarlett Woodford noted: “Manufacturers must exercise caution when implementing IoT technology, resisting the temptation to introduce connectivity to all aspects of operations. Instead, manufacturers must focus on the collection of data on the most valuable areas to drive efficiency gains.”

Direct digital transformation investment to approach $6.8 trillion by 2023

Despite a global pandemic, direct digital transformation (DX) investment is still growing at a compound annual growth rate (CAGR) of 15.5% from 2020 to 2023 and is expected to approach $6.8 trillion as companies build on existing strategies and investments, becoming digital-at-scale future enterprises, according to IDC.

direct digital transformation investment

Digital transformation investment predictions

Prediction 1: accelerated DX investments create economic gravity. The economy remains on course to its digital destiny with 65% of global GDP digitalized by 2022 and will drive over $6.8 trillion of direct DX investments from 2020 to 2023.

Prediction 2: digital organization structures and roadmaps mature. By 2023, 75% of organizations will have comprehensive digital transformation implementation roadmaps, up from 27% today, resulting in true transformation across all facets of business and society.

Prediction 3: digital management systems mature. By 2023, 60% of leaders in G2000 organizations will have shifted their management orientation from processes to outcomes, establishing more agile, innovative, and empathetic operating models.

Prediction 4: the rise of the digital platform and extended ecosystems. By 2025, driven by volatile global conditions, 75% of business leaders will leverage digital platforms and ecosystem capabilities to adapt their value chains to new markets, industries, and ecosystems.

Prediction 5: a digital first approach. While “digital first” prevails in every experience, 60% of enterprises will invest heavily in digitalizing employee experience in 2021, transforming the relationship between employers and employees.

Prediction 6: business model reinvention. By 2021, at least 30% of organizations will accelerate innovation to support business and operating model reinvention, fast-tracking transformation programs to future-proof their businesses.

Prediction 7: sustainability and DX. By 2022, the majority of companies will realize greater value by combining digital and sustainability, giving rise to digitally driven and sustainably enabled projects as the de-facto standard.

Prediction 8: digitally native cultures. To thrive in digital supremacy economy, 50% of enterprises will implement the organizational culture optimized for DX in 2025, based on customer-centric and data-driven.

Prediction 9: accelerating digital experiences. By 2022, 70% of all organizations will have accelerated use of digital technologies, transforming existing business processes to drive customer engagement, employee productivity, and business resiliency.

Prediction 10: business innovation platforms. By 2023, 60% of G2000 companies will build their own business innovation platform to support innovation and growth in the new normal.

According to Shawn Fitzgerald, research director, Worldwide Digital Transformation Strategies at IDC, “Organizations with new digital business models at their core that are successfully executing their enterprise-wide strategies on digital platforms are well positioned for continued success in the digital platform economy.

“Our 2021 digital transformation predictions represent areas of notable opportunity to differentiate your own digital transformation strategic efforts.”

BEC attacks increase in most industries, invoice and payment fraud rise by 155%

BEC attacks increased 15% quarter-over-quarter, driven by an explosion in invoice and payment fraud, Abnormal Security research reveals.

BEC attacks increase

“As the industry’s only measure of BEC attack volume by industry, our quarterly BEC research is important for CISOs to prepare and stay ahead of attackers,” said Evan Reiser, CEO of Abnormal Security.

“Not only are BEC campaigns continuing to increase overall, they are rising in 75% of industries that we track. Since these attacks are targeted and sophisticated, these increases could indicate an ability for threat actors to scale that may overwhelm some businesses.”

For this research, BEC campaigns across eight major industries were tracked, including retail/consumer goods and manufacturing, technology, energy/infrastructure, services, medical, media/tv, finance and hospitality.

Growth by industry

During Q3, BEC campaign volume increased in six out of eight industries, with energy/infrastructure seeing the highest jump of 93% from Q2 to Q3. Retail/consumer goods and manufacturing, technology and media received the highest volume of attacks during the quarter.

During Q3, attackers continued to focus primarily on invoice and payment fraud, which increased 155% from Q2 to Q3. This trend was particularly notable in retail/consumer goods and manufacturing.

Threat actors continue to target invoice and payment fraud BEC attacks at finance departments, which increased by 54% on average per week from Q2 to Q3. In addition, attackers shifted tactics by increasing email attacks to group mailboxes by 212%.

Additional findings

  • While credential-phishing COVID-19 related attacks decreased by 82%, invoice and payment fraud that continues to leverage the fear, uncertainty and doubt of the pandemic increased by 81%.
  • The most impersonated brands returned to the pre-pandemic “normal,” as Zoom dropped away from the top spot, replaced by DHL and followed by Dropbox and Amazon. Rounding out the top five were iCloud and LinkedIn.

Operator‑billed 5G connections revenue to reach $357 billion by 2025

Operator‑billed revenue from 5G connections will reach $357 billion by 2025, rising from $5 billion in 2020, its first full year of commercial service, according to Juniper Research.

5G connections revenue

By 2025, 5G revenue is anticipated to represent 44% of global operator‑billed revenue owing to rapid migration of 4G mobile subscribers to 5G networks and new business use cases enabled by 5G technology.

However, the study identified 5G networks roll-outs as highly resilient to the COVID-19 pandemic. It found that supply chain disruptions caused by the initial pandemic period have been mitigated through modified physical roll-out procedures, in order to maintain the momentum of hardware deployments.

5G connections to generate 250% more revenue than average cellular connection

The study found that 5G uptake had surpassed initial expectations, predicting total 5G connections will surpass 1.5 billion by 2025. It also forecast that the average 5G connection will generate 250% more revenue than an average cellular connection by 2025.

To secure a return on investment into new services, such as uRLLC (Ultra-Reliable Low-Latency Communication) and network slicing, enabled by 5G, operators will apply this premium pricing for 5G connections.

However, these services alongside the high-bandwidth capabilities of 5G will create data-intensive use cases that lead to a 270% growth in data traffic generated by all cellular connections over the next five years.

Networks must increase virtualisation to handle 5G data traffic

Operators must use future launches of standalone 5G network as an opportunity to further increase virtualisation in core networks. Failure to develop 5G network architectures that handle increasing traffic will lead to reduced network functionality, inevitably leading to a diminished value proposition of its 5G network amongst end users.

Research author Sam Barker remarked: “Operators will compete on 5G capabilities, in terms of bandwidth and latency. A lesser 5G offering will lead to user churn to competing networks and missed opportunities in operators’ fastest-growing revenue stream.”

Global spending on cloud services to surpass $1 trillion in 2024

The COVID-19 pandemic has largely proven to be an accelerator of cloud adoption and extension and will continue to drive a faster conversion to cloud-centric IT.

global spending on cloud services

Global spending on cloud services to rise

According to IDC, total global spending on cloud services, the hardware and software components underpinning cloud services, and the professional and managed services opportunities around cloud services will surpass $1 trillion in 2024 while sustaining a double-digit compound annual growth rate (CAGR) of 15.7%.

“Cloud in all its permutations – hardware/software/services/as a service as well as public/private/hybrid/multi/edge – will play ever greater, and even dominant, roles across the IT industry for the foreseeable future,” said Richard L. Villars, Group VP, Worldwide Research at IDC.

“By the end of 2021, based on lessons learned in the pandemic, most enterprises will put a mechanism in place to accelerate their shift to cloud-centric digital infrastructure and application services twice as fast as before the pandemic.”

Strongest growth in the as a service category

The strongest growth in cloud revenues will come in the as a service category – public (shared) cloud services and dedicated (private) cloud services. This category, which is also the largest category in terms of overall revenues, is forecast to deliver a five-year CAGR of 21.0%.

By 2024, the as a service category will account for more than 60% of all cloud revenues worldwide. The services category, which includes cloud-related professional services and cloud-related management services, will be the second largest category in terms of revenue but will experience the slowest growth with an 8.3% CAGR. This is due to a variety of factors, including greater use of automation in cloud migrations.

The smallest cloud category, infrastructure build, which includes hardware, software, and support for enterprise private clouds and service provider public clouds, will enjoy solid growth (11.1% CAGR) over the forecast period.

Factors driving the cloud market forward

While the impact of COVID-19 could have some negative effects on cloud adoption over the next several years, there are a number of factors that are driving the cloud market forward.

  • The ecosystem of tech companies helping customers migrate to cloud environments, create new innovations in the cloud, and manage their expanding cloud environments will enable enterprises to meet their accelerated schedules for moving to cloud.
  • The emergence of consumption-based IT offerings are aimed at leveraging public cloud-like capabilities in an on-premises environment that reduces the complexity and restructures the cost for enterprises that want additional security, dedicated resources, and more granular management capabilities.
  • The adoption of cloud services should enable organizations to shift IT from maintenance of legacy IT to new digital transformation initiatives, which can lead to new business revenue and competitiveness as well as create new opportunities for suppliers of professional services.
  • Hybrid cloud has become central to successful digital transformation efforts by defining an IT architectural approach, an IT investment strategy, and an IT staffing model that ensures the enterprise can achieve the optimal balance across dimensions without sacrificing performance, reliability, or control.

Banks risk losing customers with anti-fraud practices

Many banks across the U.S. and Canada are failing to meet their customers’ online identity fraud and digital banking needs, according to a survey from FICO.

banking fraud

Despite COVID-19 quickly turning online banking into an essential service, the survey found that financial institutions across North America are struggling to establish practices that combat online identity fraud and money laundering, without negatively impacting customer experience.

For example, 51 percent of North American banks are still asking customers to prove their identities by visiting branches or posting documents when opening digital accounts. This also applies to 25 percent of mortgages or home loans and 15 percent of credit cards opened digitally.

“The pandemic has forced industries to fully embrace digital. We now are seeing North American banks that relied on face-to-face interactions to prove customers’ identities rethinking how to adapt to the digital first economy,” said Liz Lasher, vice president of portfolio marketing for Fraud at FICO.

“Today’s consumers expect a seamless and secure online experience, and banks need to be equipped to meet those expectations. Engaging valuable new customers, then having them abandon applications when identity proofing becomes expensive and difficult.”

Identity verification process issues

The study found that only up to 16 percent of U.S. and Canadian banks employ the type of fully integrated, real-time digital capture and validation tools required for consumers to securely open a financial account online.

Even when digital methods are used to verify identity, the experience still raises barriers with customers expected to use email or visit an “identity portal” to verify their identities.

Creating a frictionless process is key to meeting consumers current expectation. For example, according to a recent Consumer Digital Banking study, while 75 percent of consumers said they would open a financial account online, 23 percent of prospective customers would abandon the process due to an inconsistent identity verification process.

Lack of automation is a problem for banks too

The lack of automation when verifying customers’ identity isn’t just a pain point for customers – 53 percent of banks reported it problematic for them too.

Regulation intended to prevent criminal activity such as money laundering typically requires banks to review customer identities in a consistent, robust manner and this is harder to achieve for institutions relying on inconsistent manual resources.

Fortunately, 75 percent of banks in the U.S. and Canada reported plans to invest in an identity management platform within the next three years.

By moving to a more integrated and strategic approach to identity proofing and identity authentication, banks will be able to meet customer expectations and deliver consistently positive digital banking experiences across online channels.

How will blockchain impact the global economy?

An analysis by PwC shows blockchain technology has the potential to boost global gross domestic product (GDP) by $1.76 trillion over the next decade. That is the key finding of a report assessing how the technology is being currently used and exploring the impact blockchain could have on the global economy.

blockchain impact

Through analysis of the top five uses of blockchain, ranked by their potential to generate economic value, the report gauges the technology’s potential to create value across industry, from healthcare, government and public services, to manufacturing, finance, logistics and retail.

“Blockchain technology has long been associated with cryptocurrencies such as Bitcoin, but there is so much more that it has to offer, particularly in how public and private organizations secure, share and use data,” comments Steve Davies, Global Leader, Blockchain and Partner, PwC UK.

“As organizations grapple with the impacts of the COVID-19 pandemic, many disruptive trends have been accelerated. The analysis shows the potential for blockchain to support organizations in how they rebuild and reconfigure their operations underpinned by improvements in trust, transparency and efficiency across organizations and society.”

Key takeaways

  • The report identifies five key application areas of blockchain and assesses their potential to generate economic value using economic analysis and industry research. The analysis suggests a tipping point in 2025 as blockchain technologies are expected to be adopted at scale across the global economy.
  • Tracking and tracing of products and services – or provenance – which emerged as a new priority for many companies’ supply chains during the COVID-19 pandemic, has the largest economic potential ($962bn). Blockchain’s application can be wide ranging and support companies ranging from heavy industries, including mining through to fashion labels, responding to the rise in public and investor scrutiny around sustainable and ethical sourcing.
  • Payments and financial services, including use of digital currencies, or supporting financial inclusion through cross border and remittance payments ($433bn).
  • Identity management ($224bn) including personal IDs, professional credentials and certificates to help curb fraud and identity theft.
  • Application of blockchain in contracts and dispute resolution ($73bn), and customer engagement ($54bn) including blockchain’s use in loyalty programmes further extends blockchain’s potential into a much wider range of public and private industry sectors.

Blockchain’s success will depend on a supportive policy environment, a business ecosystem that is ready to exploit the new opportunities that technology opens, and a suitable industry mix.

Economic benefits across continents

Across all continents, Asia will likely see the most economic benefits from blockchain technology. In terms of individual countries, blockchain could have the highest potential net benefit in China ($440bn) and the USA ($407bn). Five other countries – Germany, Japan, the UK, India, and France – are also estimated to have net benefits over $50bn.

The benefits for each country differ however, with manufacturing focused economies such as China and Germany benefiting more from provenance and traceability, while the US would benefit most from its application in securitisation and payments as well as identity and credentials.

At a sector level, the biggest beneficiaries look set to be the public administration, education and healthcare sectors. These sectors are expected to benefit approximately $574bn by 2030, by capitalising on the efficiencies blockchain will bring to the world of identity and credentials.

Meanwhile, there will be broader benefits for business services, communications and media, while wholesalers, retailers, manufacturers and construction services, will benefit from using blockchain to engage consumers and meet demand for provenance and traceability.

Digital transformation as top priority

The potential for blockchain to be considered as part of organizations’ future strategy is linked to a research with business leaders that showed 61% of CEOs said they were placing digital transformation of core business operations and processes among their top three priorities, as they rebuild from COVID-19.

“One of the biggest mistakes organizations can make with implementing emerging technologies is to leave it in the realm of the enthusiast in the team. It needs C-Suite support to work, identify the strategic opportunity and value, and to facilitate the right level of collaboration within an industry,” comments Davies.

“Given the scale of economic disruption organizations are dealing with currently, establishing proof of concept uses which can be extended and scaled if successful, will enable businesses to identify the value, while building trust and transparency in the solution to deliver on blockchain’s potential.”

The report warns that if blockchain’s economic impact potential is to be realized, its energy overhead must be managed. Growing business and government action on climate change, including commitments to Net Zero transformation, will mean that organizations need to consider new models for consolidating and sharing infrastructure resources to reduce reliance on traditional data centres and their overall technology related energy consumption.

ATM cash-out: A rising threat requiring urgent attention

The PCI Security Standards Council (PCI SSC) and the ATM Industry Association (ATMIA) issued a joint bulletin to highlight an increasing threat that requires urgent awareness and attention.

ATM cash-out

What is the threat?

An ATM cash-out attack is an elaborate and choreographed attack in which criminals breach a bank or payment card processor and manipulate fraud detection controls as well as alter customer accounts so there are no limits to withdraw money from numerous ATMs in a short period of time.

Criminals often manipulate balances and withdrawal limits to allow ATM withdrawals until ATM machines are empty of cash.

How do ATM cash-out attacks work?

An ATM cash-out attack requires careful planning and execution. Often, the criminal enterprise gains remote access to a card management system to alter the fraud prevention controls such as withdrawal limits or PIN number of compromised cardholder accounts. This is commonly done by inserting malware via phishing or social engineering methods into a financial institution or payment processor’s systems.

The criminal enterprise then can create new accounts or use compromised existing accounts and/or distribute compromised debit/credit cards to a group of people who make withdrawals at ATMs in a coordinated manner.

With control of the card management system, criminals can manipulate balances and withdrawal limits to allow ATM withdrawals until ATM machines are empty of cash.

These attacks usually do not exploit vulnerabilities in the ATM itself. The ATM is used to withdraw cash after vulnerabilities in the card issuers authorization system have been exploited.

Who is most at risk?

Financial institutions, and payment processors are most at financial risk and likely to be the target of these large-scale, coordinated attacks. These institutions stand to potentially lose millions of dollars in a very short time period and can have exposure in multiple regions around the world as the result of this highly organized, well-orchestrated criminal attack.

What are some detection best practices?

  • Velocity monitoring of underlying accounts and volume
  • 24/7 monitoring capabilities including File Integrity Monitoring Systems (FIMs)
  • Reporting system that sounds the alarm immediately when suspicious activity is identified
  • Development and practice of an incident response management system
  • Check for unexpected traffic sources (e.g. IP addresses)
  • Look for unauthorized execution of network tools.

What are some prevention best practices?

  • Strong access controls to your systems and identification of third-party risks
  • Employee monitoring systems to guard against an “inside job”
  • Continuous phishing training for employees
  • Multi-factor authentication
  • Strong password management
  • Require layers of authentication/approval for remote changes to account balances and transaction limits
  • Implementation of required security patches in a timely manner (ASAP)
  • Regular penetration testing
  • Frequent reviews of access control mechanisms and access privileges
  • Strict separation of roles that have privileged access to ensure no one user ID can perform sensitive functions
  • Installation of file integrity monitoring software that can also serve as a detection mechanism
  • Strict adherence to the entire PCI DSS.

Cyber teams are getting more involved in M&A

Despite ongoing economic uncertainty amidst a global pandemic, many dealmakers remain optimistic about the outlook for the year ahead as they increasingly pursue alternative merger and acquisition (M&A) methods to navigate the crisis and pursue new disruptive business growth strategies.

virtual dealmaking

According to a Deloitte survey of 1,000 U.S. corporate M&A executives and private equity firm professionals, 61% of survey respondents expect U.S. M&A activity to return to pre-COVID-19 levels within the next 12 months.

Soon after the WHO declared COVID-19 a pandemic on March 11, deal activity in the U.S. plunged — most notably during April and May.

Responding M&A executives say they tentatively paused (92%) or abandoned (78%) at least one transaction as a result of the pandemic outbreak. However, since March 2020, possibly aiming to take advantage of pandemic-driven business disruptions, 60% say their organizations have been more focused on pursuing new deals.

“M&A executives have moved quickly to adapt and uncover value in new and innovative ways as systemic change driven by the pandemic has resulted in alternative approaches to transactions,” said Russell Thomson, partner, Deloitte & Touche LLP, and Deloitte’s U.S. merger and acquisition services practice leader.

“We expect both traditional and alternative M&A to be an important lever for dealmakers as businesses recover and thrive in a post-COVID economy.”

Alternative dealmaking on the rise

For many, alternative deals are quickly outpacing traditional M&A activity as the search for value intensifies in a low-growth environment.

When asked which type of deals their organizations are most interested in pursuing, responding corporate M&A executives’ top choice was alternatives to traditional M&A, including alliances, joint ventures, and Special Purpose Acquisition Companies (45%) — ranking higher than acquisitions (35%).

Private equity investors plan to remain more focused on traditional acquisitions (53%), while simultaneously pushing pursuit of M&A alternatives — including private investment in public equity deals, minority stakes, club deals and alliances (32%).

“As businesses prepare for a post-COVID world, including fundamentally reshaped economies and societies, the dealmaking environment will also materially change,” said Mark Purowitz, principal, Deloitte Consulting LLP, with Deloitte’s mergers and acquisitions consulting practice, and leader of the firm’s Future of M&A initiative.

“Companies were starting to expand their definition of M&A to include partnerships, alliances, joint ventures and other alternative investments that create intrinsic and long-lasting value, but COVID-19 has accelerated dealmakers’ needs to create more optionality for their organizations’ internal and external ecosystems.”

Virtual dealmaking to continue playing large role post-pandemic

87% of M&A professionals surveyed report that their organizations were able to effectively manage a deal in a purely virtual environment, so much so that 55% anticipate that virtual dealmaking will be the preferred platform even after the pandemic is over.

However, virtual dealmaking does not remain without its own challenges. Fifty-one percent noted that cybersecurity threats are their organizations’ biggest concern around executing deals virtually.

“When it comes to cyber in an M&A world — it’s important to develop cyber threat profiles of prospective targets and portfolio companies to determine the risks each present,” said Deborah Golden, Deloitte Risk & Financial Advisory, cyber and strategic risk leader, Deloitte & Touche LLP.

“CISOs understand how a data breach can negatively impact the valuation and the underlying deal structure itself. Leaving cyber out of that risk picture may lead to not only brand and reputational risk, but also significant and unaccounted remediation costs.”

Other virtual dealmaking concerns included the ability to forge relationships with management teams (40%) and extended regulatory approvals (39%). When it comes to effectively managing the integration phase in a virtual environment, technology integration (16%) and legal entity alignment or simplification (16%) are surveyed M&A executives’ largest and most prevalent hurdles.

“It may be too early to assess the long-term implications of virtual dealmaking as many of the deals currently in progress now are resulting from management relationships that were formed pre-COVID. We also expect integration in a virtual setting will become much more complex a few months from now,” said Thomson.

virtual dealmaking

“Culture and compatibility issues should be given greater attention on the diligence side, as they pose major downstream integration implications.”

International dealmaking declines, focus on domestic-only deals

Interest in foreign M&A targets declined in 2020 as corporate executives reported a significant shift in their approach to international dealmaking, with 17% reporting no plans to execute cross-border deals in the current economic environment, an 8 percentage point increase from 2019.

In addition, 57% of M&A executives say less than half of their current transactions involve acquiring targets operating primarily in foreign markets.

Notably, the number of survey respondents interested in pursuing deals with U.K. targets dropped by 8 percentage points, while Chinese targets declined by 7 percentage points. Interest in Canadian (32%) and Central American (19%) targets remained highest.

Public cloud IT infrastructure spending exceeds that for non-cloud IT infrastructure

Vendor revenue from sales of IT infrastructure products (server, enterprise storage, and Ethernet switch) for cloud environments, including public and private cloud, increased 34.4% year over year in the second quarter of 2020 (2Q20), according to IDC. Investments in traditional, non-cloud, IT infrastructure declined 8.7% year over year in 2Q20.

Public cloud IT infrastructure spending

These growth rates show the market response to major adjustments in business, educational, and societal activities caused by the COVID-19 pandemic and the role IT infrastructure plays in these adjustments.

Across the world, there were massive shifts to online tools in all aspects of human life, including collaboration, virtual business events, entertainment, shopping, telemedicine, and education. Cloud environments, and particularly public cloud, were a key enabler of this shift.

Spending on public cloud IT infrastructure increased 47.8% year over year in 2Q20, reaching $14.1 billion and exceeding the level of spend on non-cloud IT infrastructure for the first time. Spending on private cloud infrastructure increased 7% year over year in 2Q20 to $5 billion with on-premises private clouds accounting for 64.1% of this amount.

Hardware infrastructure market reaching the tipping point

The hardware infrastructure market has reached the tipping point and cloud environments will continue to account for an increasingly higher share of overall spending.

While IDC increased its forecast for both cloud and non-cloud IT spending for the full year 2020, investments in cloud IT infrastructure are still expected to exceed spending on non-cloud infrastructure, 54.8% to 45.2%.

Most of the increase in spending will be driven by public cloud IT infrastructure, which is expected to slow in 2H20 but increase by 16% year over year to $52.4 billion for the full year.

Spending on private cloud infrastructure will also experience softness in the second half of the year and will reach $21.5 billion for the full year, an increase of just 0.3% year over year.

As of 2019, the dominance of cloud IT environments over non-cloud already existed for compute platforms and Ethernet switches while the majority of newly shipped storage platforms were still residing in non-cloud environments.

Starting in 2020, with increased investments from public cloud providers on storage platforms, this shift will remain persistent across all three technology domains.

Compute platforms to remain the largest segment of spending

Within cloud deployment environments in 2020, compute platforms will remain the largest segment (50.9%) of spending at $37.7 billion while storage platforms will be the fastest growing segment with spending increasing 21.2% to $27.8 billion, and the Ethernet switch segment will grow 3.9% year over year to $8.5 billion.

Spending on cloud IT infrastructure increased across all regions in 2Q20 with the two largest regions, China and the U.S., delivering the highest annual growth rates at 60.5% and 36.9% respectively. In all regions except Central & Eastern Europe and the Middle East & Africa, growth in public cloud infrastructure exceeded growth in private cloud IT.

At the vendor level, the results were mixed. Inspur more than doubled its revenue from sales to cloud environments, climbing into a tie for the second position in the vendor rankings while the group of original design manufacturers (ODM Direct) grew 63.6% year over year. Lenovo’s revenue exceeded $1 billion, growing at 49.3% year over year.

Long term, spending on cloud IT infrastructure is expected to grow at a five-year compound annual growth rate (CAGR) of 10.4%, reaching $109.3 billion in 2024 and accounting for 63.6% of total IT infrastructure spend. Public cloud datacenters will account for 69.4% of this amount, growing at a 10.9% CAGR.

Spending on private cloud infrastructure will grow at a CAGR of 9.3%. Spending on non-cloud IT infrastructure will rebound after 2020 but will continue to decline overall with a CAGR of -1.6%.