Scality announced its data storage predictions for 2021, focusing on the rapid growth rate of cloud-native apps and containerization. According to IDC, by 2023, over 500 million digital apps and services will be developed and deployed using cloud-native approaches. That is the same number of apps developed in total over the last 40 years. 2021 apps and containerization trends “The accelerated growth of next-generation cloud-native digital apps and services will define new competitive requirements in … More
The post Growth of cloud-native apps and containerization to define 2021 appeared first on Help Net Security.
The global network slicing market size is projected to grow from $161 million in 2020 to $1,284 million by 2025, at a Compound Annual Growth Rate (CAGR) of 51.5% during the forecast period, according to MarketsandMarkets.
The network slicing market is gaining traction due to the evolution of cellular network technology, which has offered higher data speeds and lower latency. The rapid rise in the volume of data being carried by cellular networks has been driven largely by consumer demand for video and the shift of business toward the use of cloud services.
Services segment to grow at the highest CAGR during the forecast period
Services play a vital role in the deployment and integration of next-generation networking solutions in an enterprise’s business environment. Services are considered an important component of the network slicing market, as they majorly focus on improving the business processes and optimizing the enterprise’s network.
Services are considered as the backbone of network slicing, as they are instrumental in fulfilling the clients’ requirements, such as network testing, planning and optimization, support and maintenance, and consulting
Automotive segment to grow at the highest CAGR during the forecast period
The automotive industry also makes use of the 5G technology to boost the productivity, enhance the efficiency, increase drive the brand loyalty, and offer autonomous and cooperative vehicles with significantly improved security standards and multimodal transportation solutions.
The introduction of next-generation technologies, such as 5G gave birth to numerous applications, such as AR, virtual realityVR, and tactile internet.
North America region to record the highest market share in 2020
North America is one of the most technologically advanced regions in the world. Consumers based in this region have readily adopted 4G-enabled smartphones that make the region as one of the established and most advanced mobile regions in the world.
According to the Ericsson Mobility Report published in 2017, North America records the largest use of smartphones, and traffic per smartphone is expected to increase from 7.1GB per month by the end of 2017 to 48GB by the end of 2023.
The increasing number of internet subscribers, expanding mobile data traffic, and growing government emphasis on enhancing telecommunications infrastructure to meet the users’ demand for seamless connectivity would drive the market to a great extent in the region.
Further, the region is expected to be the early adopter of 5G services in areas such as AR/VR, autonomous driving, and AI owing to the high customer digital engagement.
IEEE released the results of a survey of CIOs and CTOs in the U.S., U.K., China, India and Brazil regarding the most important technologies for 2021 overall, the impact of the COVID-19 pandemic on the speed of their technology adoption and the industries expected to be most impacted by technology in the year ahead.
2021 most important technologies and challenges
Which will be the most important technologies in 2021? Among total respondents, 32% say AI and machine learning, followed by 5G (20%) and IoT (14%).
Manufacturing (19%), healthcare (18%), financial services (15%) and education (13%) are the industries that most believe will be impacted by technology in 2021, according to CIOs and CTOS surveyed.
At the same time, 52% of CIOs and CTOs see their biggest challenge in 2021 as dealing with aspects of COVID-19 recovery in relation to business operations. These challenges include a permanent hybrid remote and office work structure (22%), office and facilities reopenings and return (17%), and managing permanent remote working (13%).
However, 11% said the agility to stop and start IT initiatives as this unpredictable environment continues will be their biggest challenge. Another 11% cited online security threats, including those related to remote workers, as the biggest challenge they see in 2021.
Technology adoption, acceleration and disaster preparedness due to COVID-19
CIOs and CTOs surveyed have sped up adopting some technologies due to the pandemic:
- 55% of respondents have accelerated adoption of cloud computing
- 52% have accelerated 5G adoption
- 51% have accelerated AI and machine learning
The adoption of IoT (42%), augmented and virtual reality (35%) and video conferencing (35%) technologies have also been accelerated due to the global pandemic.
Compared to a year ago, 92% of CIOs and CTOs believe their company is better prepared to respond to a potentially catastrophic interruption such as a data breach or natural disaster. What’s more, of those who say they are better prepared, 58% strongly agree that COVID-19 accelerated their preparedness.
When asked which technologies will have the greatest impact on global COVID-19 recovery, 25% of those surveyed said AI and machine learning.
The top two concerns for CIOs and CTOs when it comes to the cybersecurity of their organization are security issues related to the mobile workforce including employees bringing their own devices to work (37%) and ensuring the IoT is secure (35%). This is not surprising, since the number of connected devices such as smartphones, tablets, sensors, robots and drones is increasing dramatically.
34% of CIO and CTO respondents said they can track and manage 26-50% of devices connected to their business, while 20% of those surveyed said they could track and manage 51-75% of connected devices.
Due to the rising adoption of IoT and the growing utilization of big data, the valuation of the global SD-WAN market is predicted to increase from $1.4 billion to $43 billion from 2019 to 2030. Further, the market will demonstrate a CAGR of 38.6% between 2020 and 2030, according to ResearchAndMarkets.
Big data and IoT help businesses in monitoring the utilization of their products by consumers and gaining valuable insights from the analysis of this information, offering a customized customer experience, and tracking their various operations. Additionally, the adoption of these technologies allows the real-time monitoring of company assets.
As the big data and IoT technologies bring them a host of numerous challenges such as data handling and management, security concerns, data privacy, demand for advanced technical expertise and knowledge, and high implementation costs, the rising integration of these technologies is massively boosting the progress of the SD-WAN market.
SD-WAN effectively resolves these issues with the help of risk minimization, centralized management and control, and zero-touch provisioning.
In addition to this, SD-WAN solutions simplify device and network security management, provide deep visibility into network performance, which allows the IT professionals to easily detect network problems and security threats, and integrate application filters, firewalls, and UTM functionality.
The pandemic severely affecting the progress of the SD-WAN market
The current COVID-19 crisis is severely affecting the progress of the SD-WAN market. This is because businesses operating in various sectors have had to either scale down or shut down their operations because of the lockdown initiated in several countries for controlling the spread of the virus.
Because of this reason, companies are incurring huge financial losses and are therefore, reducing their IT spending, including their expenditure on SD-WAN solutions. Moreover, as most of the employees are working remotely (from home), the requirement for advanced networking solutions is very low.
Between the solution and service categories, under the offering segment of the SD-WAN market, the former is expected to register higher revenue growth in the market in the coming years.
This is ascribed to the rapidly rising popularity of multi-cloud ecosystems, rising compliance requirements, increasing procurement of connected and IoT devices, and the growing requirement for secured network infrastructure and application optimization. These factors are fueling the adoption of SD-WAN solutions in the BFSI (banking, financial services, and insurance), healthcare, and IT & telecom sectors.
Under the deployment segment, the on-premises category recorded the highest growth in the SD-WAN market in the last few years, mainly because the SD-WAN solutions come with various security concerns.
Additionally, the on-premises deployment method helps in the management of large volumes of unstructured data. Moreover, the usage of physical devices is usually preferred for the effective management of network in the corporate sector.
The bright future of the network operations visibility category
In the future years, the network operations visibility category, based on use case, would exhibit the fastest growth in the SD-WAN market. This is credited to the rising requirement for real-time insights for resolving the issues arising in SD-WAN and making its operation hassle-free.
Historically, under the industry segment of the SD-WAN market, the IT & telecom classification had the highest share, mainly because of its rapid expansion and digitization and the high requirement for a better customer experience in this industry. In addition to this, the rising usage of mobile phones in offices, development and penetration of 5G, increasing adoption of IoT, and mushrooming utilization of big data are boosting the demand for SD-WAN solutions in the industry.
Globally, the North American SD-WAN market is currently the most prosperous one, on account of the presence of several well-established SD-WAN solution providing firms, favorable government policies for 5G adoption, quick integration of various advanced technologies, and the increasing need for simple and hassle-free networking operations in the region.
In the near future, the market will demonstrate the highest CAGR in the Asia-Pacific region. This is because of the rising investments being made in the IT sector, increasing implementation of supportive government policies for 5G, rapid digital transformation in enterprises, expanding operations of market players, and the ballooning popularity of cloud computing and connected devices in the region.
The AI in cybersecurity market is projected to generate a revenue of $101.8 billion in 2030, increasing from $8.6 billion in 2019, progressing at a 25.7% CAGR during 2020-2030, ResearchAndMarkets reveals.
The market is categorized into threat intelligence, fraud detection/anti-fraud, security and vulnerability management, data loss prevention (DLP), identity and access management, intrusion detection/prevention system, antivirus/antimalware, unified threat management, and risk & compliance management, on the basis of application. The DLP category is expected to advance at the fastest pace during the forecast period.
Malicious attacks and cyber frauds growing rapidly
The number of malicious attacks and cyber frauds have risen considerably across the globe, which can be attributed to the surging penetration on internet and increasing utilization of cloud solutions.
Cyber fraud, including payment and identity card theft, account for more than 55% of all cybercrime and lead to major losses for organizations, if they are not mitigated. Owing to this, businesses these days are adopting advanced solutions for dealing with cybercrime in an efficient way.
This is further resulting in the growth of the global AI in cybersecurity market. AI-based solutions are capable of combating cyber frauds by reducing response time, identifying threats, refining techniques for distinguishing attacks that need immediate attention.
The number of cyber-attacks has also been growing because of the surging adoption of the BYOD policy all over the world. It has been observed that the policy aids in increasing productivity and further enhances employee satisfaction.
That being said, it also makes important company information and data vulnerable to cyber-attacks. Devices of employees have wide-ranging capabilities and IT departments are often not able to fully quality, evaluate, and approve each and every devices, which can pose high security threat to confidential data.
DLP systems utilized for enforcing data security policies
AI provides advanced protection via the machine learning technology, and hence offers complete endpoint security. The utilization of AI can efficiently aid in mitigating security threats and preventing attacks.
DLP plays a significant role in monitoring, identifying, and protecting the data in storage and in motion over the network. Certain specific data security policies are formulated in each organization and it is mandatory for the IT personnel to strictly follow them.
DLP systems are majorly utilized for enforcing data security policies in order to prevent unauthorized usage or access to confidential data. The fraud detection/anti-fraud category accounted for the major share of the market in 2019 and is predicted to dominate the market during the forecast period as well.
The AI in cybersecurity market by region
Geographically, the AI in cybersecurity market was led by North America in 2019, as stated by a the publisher report. A large number of companies are deploying cybersecurity solutions in the region, owing to the surging number of cyber-attacks.
Moreover, the presence of established players and high digitization rate are also leading to the growth of regional domain. The Asia-Pacific region is expected to progress at the fastest pace during the forecast period.
In conclusion, the market is growing due to increasing cybercrime across the globe and rising adoption of the BYOD policy.
Automation will play a major role in shaping cybersecurity attack and defence activities in 2021, WatchGuard predicts.
Traditionally a high-investment, high-return targeted attack, in 2021 automation tools will replace manual techniques to help cybercriminals launch spear phishing campaigns at record volumes, by harvesting victim-specific data from social media sites and company web pages.
Automated spear phishing attacks to prey on fears
And as society continues to grapple with the impact of COVID-19, it is likely that these automated spear phishing attacks will prey on fears around the pandemic, politics and the economy.
Conversely, the research team believes that automation will also help cloud-hosting providers such as Amazon, Microsoft and Google to crack down on cybercriminal groups abusing their reputation and services to launch malicious attacks.
Threat actors commonly host website HTML files designed to mimic a legitimate website like Microsoft 365 or Google Drive to steal credentials submitted by unsuspecting victims. But in 2021, these companies will deploy automated tools and file validation technologies that will spot spoofed authentication portals.
In its annual look ahead to the next 12 months, the tumultuous events of 2020 will impact the threat landscape next year and for years to come. Other predictions include:
Attackers swarm VPNs and RDPs as the remote workforce grows
As more companies adopt VPNs and Remote Desktop Protocol (RDP) solutions to provide secure connections to employees working from home, attacks against them will double in 2021. If an attacker can compromise VPN, RDP or remote connection servers, they have an unobstructed path into the corporate network.
Security gaps in legacy endpoints targeted
Endpoints have become a high priority target for attackers during the global pandemic and many personal computers are still running legacy software that is difficult to patch or update.
With Microsoft just ending its extended support program for Windows 7, organizations are warned to expect at least one major new Windows 7 vulnerability to make headlines in 2021.
Services without MFA will suffer a breach
Authentication is the cornerstone of strong security; but with billions of usernames and passwords available on the dark web and the prevalence of automated authentication attacks, no Internet-exposed service is safe from cyber intrusion if it isn’t using multi-factor authentication (MFA). In fact, any service without MFA enabled is highly likely to be compromised in 2021.
“But our Threat Lab team along with other researchers around the world have an increasing level of analytics and insight to make well-informed guesses. Cybercriminals always look for the weak links, so the growing ranks of home workers are an obvious target and when it comes to new technologies such as automation and AI, what can work for good, can also be exploited for malicious activity. It’s just a case of trying to stay one step ahead.”
The global cloud security market is projected to account for $20.9 billion by 2027, according to a report by Million Insights and is expected to grow with 14.6% CAGR from 2020 to 2027. Growing investment in cloud infrastructure and an increasing number of cyber attacks are expected to drive the market growth.
The cloud infrastructure is gaining popularity due to several benefits such as scalability, flexibility, cost-effectiveness, and on-demand services.
Additionally, the emergence of hybrid cloud to a tussle between private and public cloud has given several frameworks and platforms to cloud users to choose from. The adoption of cloud has been gaining traction in recent years, thereby security concerns among cloud users have been increased.
What fuels demand for cloud security?
The demand for cloud security is expected to increase during the forecast period due to the rising number of cyber attacks, and data breaches.
In addition, industry players are also playing an important role in implementing compliance laws and regulations according to industry-wide standards. Increasing policy implementation and demand for security services are expected to drive the cloud security market growth in the next few years.
Moreover, diverse threat vectors and versatility of data lead to security-as-a-service offerings. Sharing responsibility between cloud end users and cloud service providers for data security is expected to witness a significant impact on market growth.
Further, technologies like convergence and virtualization coupled with initiatives like computer emergency readiness teams (CERTs) is expected to support for implementing security at a high level for cloud infrastructure.
Growing sophistication in hacking techniques, as well as technological advancements in cyber espionage, are unleashing new attacks like advanced persistent threats (APTs), ransomware, zero-day threats, malicious insider, DDoS. As a result, industry players are focusing on partnerships and collaborations to tackle such cyber attacks.
Further key findings
- Self-mutating codes, evasion techniques, and polymorphic have changed the convectional endpoint protection mechanisms and security technologies.
- In the past few years, the number of data theft has increased including Anthem, Home Depot, and Ashley Madison.
- In 2019, North America accounted for the largest market share due to growing awareness about cyber attacks and corporate espionages.
- Several regions and countries like the European Union have implemented cyber regulations to protect information and data. For instance, Germany is striving for greater data privacy wherein other countries like France and U.S. are looking for better visibility in internet traffic.
- Numerous industry specific regulations like Payment Card Industry Data Security Standard (PCI DSS) for financial sector, Health Insurance Portability and Accountability Act of 1996 (HIPAA) for the healthcare sector and international laws such as Safe Harbor Act & European Union Data Protection Directive are expected to drive the cloud security market growth.
- Key players such as CA, Intel, IBM, Trend Micro and Symantec are concentrating on partnerships, collaborations, and alliances to strengthen their market position.
Group-IB has presented a report which examines key shifts in the cybercrime world internationally between H2 2019 and H1 2020 and gives forecasts for the coming year. The most severe financial damage has occurred as a result of ransomware activity.
The past year — a harrowing period for the world economy — culminated in the spike of cybercrime. It was also marked by the rise of the underground market for selling access to corporate networks and an over two-fold growth of the carding market. The stand-off between various pro-government hacker groups saw new players come onto the scene, while some previously known groups resumed their operations.
The report examines various aspects of cybercrime industry operations and predicts changes to the threat landscape for various sectors, namely the financial industry, telecommunications, retail, manufacturing, and the energy sector. The authors also analyze campaigns targeting critical infrastructure facilities, which are an increasingly frequent target of intelligence services worldwide.
Forecasts and recommendations set out seek to prevent financial damage and manufacturing downtimes. Its purpose is also to help companies adopt preventive measures for counteracting targeted attacks, cyber espionage, and cyberterrorist operations.
The cost of ransomware
Late 2019 and all of 2020 were marked by an unprecedented surge in ransomware attacks. Neither private sector companies nor government agencies turned out to be immune to the ransomware plague.
Over the reporting period, more than 500 successful ransomware attacks in more than 45 countries were reported. Since attackers are motivated by financial gain alone, any company regardless of size and industry could fall victim to ransomware attacks.
Meanwhile, if the necessary technical toolsets and data restoring capabilities are not in place, ransomware attacks could not only cause downtime in manufacturing but also bring operations to a standstill.
According to conservative estimates, the total financial damage from ransomware operations amounted to over $1 billion ($1,005,186,000), but the actual damage is likely to be much higher. Victims often remain silent about incidents and pay ransoms quietly, while attackers do not always publish data from compromised networks.
A major ransomware outbreak was detected in the United States, with the country accounting for about 60% of all known incidents. The US is followed by European countries (mainly the UK, France, and Germany), which together make up roughly 20% of all ransomware attacks.
Countries of North and South America (excluding the US) are at 10% and Asian states are at 7%. The top five most frequently attacked industries include manufacturing (94 victims), retail (51 victims), state agencies (39 victims), healthcare (38 victims), and construction (30 victims).
Maze and REvil are considered to have the largest appetite: the operators of these two strains are believed to be behind more than half of all successful attacks. Ryuk, NetWalker, and DoppelPaymer come second.
The ransomware pandemic was triggered by an active development of private and public affiliate programs that bring together ransomware operators and cybercriminals involved in compromising corporate networks.
Another reason for an increase in ransomware attacks is that traditional security solutions, still widely used by a lot of companies on the market, very often fail to detect and block ransomware activity at early stages.
Ransomware operators buy access and then encrypt devices on the network. After receiving the ransom from the victim, they pay a fixed rate to their partners under the affiliate program.
The main ways to gain access to corporate networks include brute-force attacks on remote access interfaces (RDP, SSH, VPN), malware (e.g., downloaders), and new types of botnets (brute-force botnets). The latter are used for distributed brute-force attacks from a large number of infected devices, including servers.
In late 2019, ransomware operators adopted a new technique. They began downloading all the information from victim organizations and then blackmailed them to increase the chances of the ransom being paid.
Maze (who allegedly called it quits not long ago) pioneered the tactic of publishing sensitive data as leverage to extort money. If a victim refuses to pay the ransom, they risk not only losing all their data but also having it leaked. In June 2020, REvil started auctioning stolen data.
Seven new APT groups joined the global intelligence service stand-off
Military operations conducted by various intelligence services are becoming increasingly common. A continuing trend was identified, where physical destruction of infrastructure is replacing espionage. Attacker toolkits are being updated with instruments intended for attacks on air-gapped networks.
The nuclear industry is turning into the number one target for state-sponsored threat actors. Unlike the previous reporting period, during which no attacks were observed, the current one was marked by attacks on nuclear energy facilities in Iran and India.
A blatant attack was attempted in Israel, where threat actors gained access to some of Israel’s water treatment systems and tried altering water chlorine levels. Had it been successful, the attack would have led to water shortages or even civilian casualties.
State-sponsored APT groups are not losing interest in the telecommunications sector. Over the review period, it was targeted by at least 11 groups affiliated with intelligence services. Threat actors’ main goals remain spying on telecommunications operators or attempts to disable infrastructure.
Threat actors have also set a new record in DDoS attack power: 2.3 Tb per second and 809 million packets per second. BGP hijacking and route leaks remain a serious problem as well. Over the past year, nine significant cases have been made public.
Most state-sponsored threat actors originate from China (23), followed by Iran (8 APT groups), North Korea and Russia (4 APT groups each), India (3), and Pakistan and Gaza (2 each). South Korea, Turkey, and Vietnam are reported to have only one APT group each.
According to data analyzed, Asia-Pacific became the most actively attacked region by state-sponsored threat actors. A total of 34 campaigns were carried out in this region, and APT groups from China, North Korea, Iran, and Pakistan were the most active.
At least 22 campaigns were recorded on the European continent, with attacks carried out by APT groups from China, Pakistan, Russia, and Iran. Middle East and Africa were the scene of 18 campaigns conducted by pro-government attackers from Iran, Pakistan, Turkey, China, and Gaza.
Cybersecurity researchers have also detected seven previously unknown APT groups, namely Tortoiseshell (Iran),Poison Carp (China), Higaisa (South Korea), AVIVORE (China), Nuo Chong Lions (Saudi Arabia), as well as Chimera and WildPressure, whose geographical affiliation remains unknown. In addition, six known groups that remained unnoticed in recent years resumed their operations.
Sales of access to compromised corporate networks grow four-fold
Sales of access to compromised corporate networks have been increasing from year to year and peaked in 2020. It is difficult to assess the size of the market for selling access, however, as offers published on underground forums often do not include the price, while some deals are cut in private.
Nevertheless, technologies for monitoring underground forums (which make it possible to see deleted and hidden posts) helped the experts assess the total market size for access sold in the review period (H2 2019 to H1 2020): $6.2 million. This is a four-fold increase compared to the previous review period (H2 2018 to H1 2019), when it totaled $1.6 million.
Surprisingly, state-sponsored attackers joined this segment of the cybercriminal market seeking additional revenue. As such, in the summer of 2020, on an underground forum a seller offered access to several networks, including some belonging to US government departments, defense contractors (Airbus, Boeing, etc.), IT giants, and media companies. The cost of the access to the companies listed was close to $5 million.
In H1 2020 alone, 277 offers of access to corporate networks were put up for sale on underground forums. The number of sellers has also grown. During that period, 63 sellers were active, and 52 of them began selling access in 2020.
For comparison, during all of 2018, only 37 access sellers were active, while in 2019 there were 50 sellers who offered access to 130 corporate networks. In total, the sales of corporate network access grew by 162% compared to the previous period (138 offers against 362).
After analyzing offers of access to corporate networks, experts found correlations with ransomware attacks: most threat actors offered access to US companies (27%), while manufacturing was the most frequently attacked industry in 2019 (10.5%). In 2020, access to state agency networks (10.5%), educational institutions (10.5%), and IT companies (9%) was high in demand.
It should be noted that sellers of access to corporate networks increasingly rarely mention company names, their geographical location and industry, which makes it almost impossible to identify the victim without contacting the attackers.
Selling access to a company’s network is usually only one stage of the attack: the privileges gained might be used for both launching ransomware and stealing data, with the aim of later selling it on underground forums or spying.
Market of stolen credit card data reached almost $2 billion
Over the review period, the carding market grew by 116%, from $880 million to $1.9 billion. The quick growth applies to both textual data (bank card numbers, expiration dates, holder names, addresses, CVVs) and dumps (magnetic stripe data). The amount of textual data offered for sale increased by 133%, from 12.5 to 28.3 million cards, while dumps surged by 55%, from 41 to 63.7 million. The maximum price for card textual data is $150 and $500 for a dump.
Dumps are mainly obtained by infecting computers with connected POS terminals with special Trojans and thereby collecting data from random-access memory. Over the review period, 14 Trojans used for collecting dumps were found to be active.
Cybercriminals seek to obtain data relating to credit and debit cards issued by US banks: these account for over 92% of all compromised bank cards. Bank card data of bank customers in India and South Korea are the second and third most desirable targets for cybercriminals. Over the review period, the total price of all the bank card dumps offered for sale amounted to $1.5 billion, while textual data – to $361.7 million.
Textual data is collected through phishing websites and PC/Android banking Trojans, by compromising e-commerce websites, and by using JS sniffers. The latter were one of the main instruments for stealing large amounts of payment data over the past year. JS sniffers also became more popular in light of the trend of reselling access to various websites and organizations on underground forums.
Group-IB is currently monitoring the activities of 96 JS sniffer families. This is a 2.5-fold increase compared to the previous reporting period, during which there were 38 families on the company’s radar. According to the findings, over the past year nearly 460,000 bank cards were compromised using JS sniffers.
The threat of bank card data leaks is most acute for retail companies that have online sales channels, e-commerce companies that offer goods and services online, and banks that unwittingly become involved in incidents.
The main scenarios for illegally harvesting bank card data and most frequently attacked countries (the United States, India, South Korea) will remain the same. Latin America might become an increasingly attractive target for carders since it already has mature hacker community experienced in using Trojans for this purpose.
Phishing grows by 118%
Between H2 2019 and H1 2020, the number of phishing web resources found and blocked rose by 118% compared to the previous reporting period. Analysts mention the global pandemic and lockdowns as the main reasons: web-phishing, which is one of the simplest ways to earn money in the cybercriminal industry, attracted those who lost their incomes.
The increased demand for online purchases created a favorable environment for phishers. They quickly adapted to this trend and began carrying out phishing attacks on services and individual brands that previously did not have much financial appeal to them.
Scammers also changed their tactics. In previous years, attackers ended their campaigns after fraudulent websites were taken down and quickly switched to other brands. Today, they are automating their attacks instead and replacing the blocked pages with new ones.
Since the start of the year, there has been a rise in advanced social engineering, namely when multi-stage scenarios are used in phishing attacks. As part of such increasingly popular phishing schemes, threat actors first stake out the victim. They establish contact with the targeted individual (e.g., through a messenger), create an atmosphere of trust, and only then do they direct the victim to a phishing page.
One-time links turned out to be another phishing trend of the past year. After a user receives a link and clicks on it at least once, it will not be possible to obtain the same content again in order to collect evidence. This significantly complicates the process of taking down phishing resources.
Most web-phishing pages mimicked online services (39.6%). Phishers in particular gathered login credentials from user accounts on Microsoft, Netflix, Amazon, eBay, Valve Steam, etc. Online services were followed by email service providers (15.6%), financial organizations (15%), cloud storage systems (14.5%), payment services (6.6%), and bookmakers (2.2%).
Cohesity announced the results of a survey of 500 IT decision makers in the United States that highlights critical IT and data management challenges midsize and enterprise organizations are facing as companies prepare for 2021.
The survey included 250 respondents from midsize companies ($100M-$1B in revenue) and 250 from enterprise organizations ($1B+ in revenue).
Some of these challenges came to light as companies answered questions about their appetite for Data Management as a Service (DMaaS). With a DMaaS solution, organizations do not have to manage data infrastructure – it is managed for them.
DMaaS provides organizations with easy access to backup and recovery, disaster recovery, archiving, file and object services, dev/test provisioning, data governance, and security – all through one vendor in a Software as a Service (SaaS) model.
IT budgets are being slashed: Seventy percent of respondents state their organization is being forced to cut the IT budget in the next 12 months. Around a third of respondents have to cut the IT budget by 10-25 percent, a tenth have to cut it by a whopping 25-50 percent.
Verticals facing the largest cuts on average: technology (20 percent), education (18 percent), government/public sector (16 percent).
Many midsize companies are struggling to compete against larger enterprises because of inefficient data management: 27 percent of respondents from midsize companies say they have lost 25-50 percent of deals to larger enterprises because larger enterprises have more resources to manage and derive value from their data.
Even worse, 18 percent of respondents from midsize companies claim to have lost 50-75 percent of deals to larger enterprises for the same reason.
Organizations are spending inordinate amounts of time managing data infrastructure: Respondents say IT teams, on average, spend 40 percent of their time each week installing, maintaining, and managing data infrastructure. Twenty-two percent claim their IT team spends 50-75 percent of time each week on these tasks.
Technology is needed that makes it easier to derive value from data while also reducing stress levels and employee turnover: When respondents were asked about the benefits of deploying a DMaaS solution versus spending so much time managing data infrastructure, 61 percent cited an ability to focus more on deriving value from data which could help their organization’s bottom line, 52 percent cited reduced stress levels for IT teams, and 47 percent are hopeful this type of solution could also reduce employee turnover within the IT team.
“Research shows IT leaders are anxious for comprehensive solutions that will enable them to do more with data in ways that will help boost revenues and provide a competitive advantage at a time when they are also facing budget cuts, burnout, and turnover.”
The growing appetite for technology that simplifies IT and data management
As businesses look to simplify IT operations, be more cost efficient, and do more with data, respondents are very optimistic about the benefits of DMaaS, which include:
- Cost predictability: Eighty-nine percent of respondents say their organization is likely to consider deploying a DMaaS solution, at least in part, due to budget cuts.
- Helping midsize companies win more business: Ninety-one percent of respondents from midsize companies believe deploying a DMaaS solution will enable their organizations to compete more effectively against larger enterprises that have more resources to manage data.
- Saving IT teams valuable time: Respondents who noted that their IT teams spend time each week managing IT infrastructure believe those teams will save, on average, 39 percent of their time each week if their company had a full DMaaS solution in place.
- Doing more with data: Ninety-seven percent of respondents believe DMaaS unlocks opportunities to derive more value from data using cloud-based services and applications. Sixty-four percent want to take advantage of cloud-based capabilities that enable them to access and improve their security posture, including improving anti-ransomware capabilities.
- Alleviating stress and reducing turnover: Ninety-three percent of respondents believe that deploying a DMaaS solution would enable them to focus less on infrastructure provisioning and data management tasks. 52 percent of these respondents say deploying a DMaaS solution could reduce their team’s stress levels by not having to spend so much time on infrastructure provisioning and management. Forty-seven percent believe deploying a DMaaS solution could reduce employee turnover within the IT team.
Choice is the name of the game for IT in 2021
“The data also pinpoints another important IT trend in 2021: choice is critical,” said Waxman. “IT leaders want to manage data as they see fit.” With respect to choice, respondents stated:
- It’s not one or the other, it’s both: 69 percent of respondents stated their organization prefers to partner with vendors that offer choice in how their company’s data is managed and will not consider vendors that just offer a DMaaS model — they also want the option to manage some data directly.
- Avoiding one-trick ponies is key: Ninety-four percent of survey respondents stated that it’s important to work with a DMaaS vendor that does more than Backup as a Service (BaaS). If the vendor only offers BaaS, 70 percent are concerned they will have to work with more vendors to manage their data and doing so is likely to increase their workload (77 percent), fail to help reduce costs (65 percent), and lead to mass data fragmentation where data is siloed and hard to manage and gain insights from (74 percent).
Sophos published a report which flags how ransomware and fast-changing attacker behaviors, from advanced to entry level, will shape the threat landscape and IT security in 2021.
Increased gap between ransomware operators
The gap between ransomware operators at different ends of the skills and resource spectrum will increase. At the high end, the big-game hunting ransomware families will continue to refine and change their tactics, techniques and procedures (TTPs) to become more evasive and nation-state-like in sophistication, targeting larger organizations with multimillion-dollar ransom demands.
In 2020, such families included Ryuk and RagnarLocker. At the other end of the spectrum, Sophos anticipates an increase in the number of entry level, apprentice-type attackers looking for menu-driven, ransomware-for-rent, such as Dharma, that allows them to target high volumes of smaller prey.
Another ransomware trend is “secondary extortion,” where alongside the data encryption the attackers steal and threaten to publish sensitive or confidential information, if their demands are not met. In 2020, Sophos reported on Maze, RagnarLocker, Netwalker, REvil, and others using this approach.
“The ransomware business model is dynamic and complex. During 2020, Sophos saw a clear trend towards adversaries differentiating themselves in terms of their skills and targets. However, we’ve also seen ransomware families sharing best-of-breed tools and forming self-styled collaborative ‘cartels,’” said Chester Wisniewski, principal research scientist, Sophos.
“Some, like Maze, appeared to pack their bags and head for a life of leisure, except that some of their tools and techniques have resurfaced under the guise of a newcomer, Egregor. The cyberthreat landscape abhors a vacuum. If one threat disappears another one will quickly take its place.
“In many ways, it is almost impossible to predict where ransomware will go next, but the attack trends discussed in Sophos’ threat report this year are likely to continue into 2021.”
Everyday threats demand serious security attention
Everyday threats such as commodity malware, including loaders and botnets, or human-operated Initial Access Brokers, will demand serious security attention. Such threats can seem like low level malware noise, but they are designed to secure a foothold in a target, gather essential data and share data back to a command-and-control network that will provide further instructions.
If human operators are behind these types of threats, they’ll review every compromised machine for its geolocation and other signs of high value, and then sell access to the most lucrative targets to the highest bidder, such as a major ransomware operation. For instance, in 2020, Ryuk used Buer Loader to deliver its ransomware.
“Commodity malware can seem like a sandstorm of low-level noise clogging up the security alert system. From what Sophos analyzed, it is clear that defenders need to take these attacks seriously, because of where they might lead.
“Any infection can lead to every infection. Many security teams will feel that once malware has been blocked or removed and the compromised machine cleaned, the incident has been prevented,” said Wisniewski.
“They may not realize that the attack was likely against more than one machine and that seemingly common malware like Emotet and Buer Loader can lead to Ryuk, Netwalker and other advanced attacks, which IT may not notice until the ransomware deploys, possibly in the middle of the night or on the weekend. Underestimating ‘minor’ infections could prove very costly.”
Adversaries evading detection and security measures
All ranks of adversaries will increasingly abuse legitimate tools, well known utilities and common network destinations to evade detection and security measures and thwart analysis and attribution.
The abuse of legitimate tools enables adversaries to stay under the radar while they move around the network until they are ready to launch the main part of the attack, such as ransomware.
For nation-state-sponsored attackers, there is the additional benefit that using common tools makes attribution harder. In 2020, Sophos reported on the wide range of standard attack tools now being used by adversaries.
“The abuse of everyday tools and techniques to disguise an active attack featured prominently in Sophos’ review of the threat landscape during 2020. This technique challenges traditional security approaches because the appearance of known tools doesn’t automatically trigger a red flag. This is where the rapidly growing field of human-led threat hunting and managed threat response really comes into its own,” said Wisniewski.
“Human experts know the subtle anomalies and traces to look for, such as a legitimate tool being used at the wrong time or in the wrong place. To trained threat hunters or IT managers using endpoint detection and response (EDR) features, these signs are valuable tripwires that can alert security teams to a potential intruder and an attack underway.”
- Attacks on servers: adversaries have targeted server platforms running both Windows and Linux, and leveraged these platforms to attack organizations from within
- The impact of the COVID-19 pandemic on IT security, such as the security challenges of working from home using personal networks protected by widely varying levels of security
- The security challenges facing cloud environments: cloud computing has successfully borne the brunt of a lot of the enterprise needs for secure computing environments, but faces challenges different to those of a traditional enterprise network
- Common services like RDP and VPN concentrators, which remain a focus for attacks on the network perimeter. Attackers also use RDP to move laterally within breached networks
- Software applications traditionally flagged as “potentially unwanted” because they delivered a plethora of advertisements, but engaged in tactics that are increasingly indistinguishable from overt malware
- The surprising reappearance of an old bug, VelvetSweatshop – a default password feature for earlier versions of Microsoft Excel – used to conceal macros or other malicious content in documents and evade advanced threat detection
- The need to apply approaches from epidemiology to quantify unseen, undetected and unknown cyberthreats in order to better bridge gaps in detection, assess risk and define priorities
Despite a global pandemic, direct digital transformation (DX) investment is still growing at a compound annual growth rate (CAGR) of 15.5% from 2020 to 2023 and is expected to approach $6.8 trillion as companies build on existing strategies and investments, becoming digital-at-scale future enterprises, according to IDC.
Digital transformation investment predictions
Prediction 1: accelerated DX investments create economic gravity. The economy remains on course to its digital destiny with 65% of global GDP digitalized by 2022 and will drive over $6.8 trillion of direct DX investments from 2020 to 2023.
Prediction 2: digital organization structures and roadmaps mature. By 2023, 75% of organizations will have comprehensive digital transformation implementation roadmaps, up from 27% today, resulting in true transformation across all facets of business and society.
Prediction 3: digital management systems mature. By 2023, 60% of leaders in G2000 organizations will have shifted their management orientation from processes to outcomes, establishing more agile, innovative, and empathetic operating models.
Prediction 4: the rise of the digital platform and extended ecosystems. By 2025, driven by volatile global conditions, 75% of business leaders will leverage digital platforms and ecosystem capabilities to adapt their value chains to new markets, industries, and ecosystems.
Prediction 5: a digital first approach. While “digital first” prevails in every experience, 60% of enterprises will invest heavily in digitalizing employee experience in 2021, transforming the relationship between employers and employees.
Prediction 6: business model reinvention. By 2021, at least 30% of organizations will accelerate innovation to support business and operating model reinvention, fast-tracking transformation programs to future-proof their businesses.
Prediction 7: sustainability and DX. By 2022, the majority of companies will realize greater value by combining digital and sustainability, giving rise to digitally driven and sustainably enabled projects as the de-facto standard.
Prediction 8: digitally native cultures. To thrive in digital supremacy economy, 50% of enterprises will implement the organizational culture optimized for DX in 2025, based on customer-centric and data-driven.
Prediction 9: accelerating digital experiences. By 2022, 70% of all organizations will have accelerated use of digital technologies, transforming existing business processes to drive customer engagement, employee productivity, and business resiliency.
Prediction 10: business innovation platforms. By 2023, 60% of G2000 companies will build their own business innovation platform to support innovation and growth in the new normal.
According to Shawn Fitzgerald, research director, Worldwide Digital Transformation Strategies at IDC, “Organizations with new digital business models at their core that are successfully executing their enterprise-wide strategies on digital platforms are well positioned for continued success in the digital platform economy.
“Our 2021 digital transformation predictions represent areas of notable opportunity to differentiate your own digital transformation strategic efforts.”
As the chief owners of the digital infrastructure that underpins all aspects of modern enterprises, CIOs must play pivotal roles in the road to recovery, “seeking the next normal” while still performing their traditional roles. A new IDC study outlines concrete actions that CIOs can and must take to create resilient and adaptive future enterprises with technology.
“In a time of turbulence and uncertainty, CIOs and senior IT leaders must discern how IT will enable the future growth and success of their enterprise while ensuring its resilience,” said Serge Findling, VP of Research for IDC‘s IT Executive Programs (IEP).
“The ten predictions in this study outline key actions that will define the winners in recovering from current adverse events, building resilience, and enabling future growth.”
Predictions to keep CIOs resilient
Prediction 1 – #CIOAIOPS: By 2022, 65% of CIOs will digitally empower and enable front-line workers with data, AI, and security to extend their productivity, adaptability, and decision-making in the face of rapid changes.
Prediction 2 – #Risks: Unable to find adaptive ways to counter escalating cyberattacks, unrest, trade wars, and sudden collapses, 30% of CIOs will fail in protecting trust —the foundation of customer confidence — by 2021.
Prediction 3 – #TechnicalDebt: Through 2023, coping with technical debt accumulated during the pandemic will shadow 70% of CIOs, causing financial stress, inertial drag on IT agility, and “forced march” migrations to the cloud.
Prediction 4 – #CIORole: By 2023, global crises will make 75% of CIOs integral to business decision making as digital infrastructure becomes the business OS while moving from business continuation to re-conceptualization.
Prediction 5 – #Automation: To support safe, distributed work environments, 50% of CIOs will accelerate robotization, automation, and augmentation by 2024, making change management a formidable imperative.
Prediction 6 – #RollingCrisis: By 2023, CIO-led adversity centers will become a permanent fixture in 65% of enterprises, focused on building resilience with digital infrastructure, and flexible funding for diverse scenarios.
Prediction 7 – #CX: By 2025, 80% of CIOs alongside LOBs will implement intelligent capabilities to sense, learn, and predict changing customer behaviors, enabling exclusive customer experiences for engagement and loyalty.
Prediction 8 – #Low/NoCode: By 2025, 60% of CIOs will implement governance for low/no-code tools to increase IT and business productivity, help LOB developers meet unpredictable needs, and foster innovation at the edge.
Prediction 9 – #ControlSystems: By 2025, 65% of CIOs will implement ecosystem, application, and infrastructure control systems founded on interoperability, flexibility, scalability, portability, and timeliness.
Prediction 10 – #Compliance: By 2024, 75% of CIOs will absorb new accountabilities for the management of operational health, welfare, and employee location data for underwriting, health, safety, and tax compliance purposes.
Operator‑billed revenue from 5G connections will reach $357 billion by 2025, rising from $5 billion in 2020, its first full year of commercial service, according to Juniper Research.
By 2025, 5G revenue is anticipated to represent 44% of global operator‑billed revenue owing to rapid migration of 4G mobile subscribers to 5G networks and new business use cases enabled by 5G technology.
However, the study identified 5G networks roll-outs as highly resilient to the COVID-19 pandemic. It found that supply chain disruptions caused by the initial pandemic period have been mitigated through modified physical roll-out procedures, in order to maintain the momentum of hardware deployments.
5G connections to generate 250% more revenue than average cellular connection
The study found that 5G uptake had surpassed initial expectations, predicting total 5G connections will surpass 1.5 billion by 2025. It also forecast that the average 5G connection will generate 250% more revenue than an average cellular connection by 2025.
To secure a return on investment into new services, such as uRLLC (Ultra-Reliable Low-Latency Communication) and network slicing, enabled by 5G, operators will apply this premium pricing for 5G connections.
However, these services alongside the high-bandwidth capabilities of 5G will create data-intensive use cases that lead to a 270% growth in data traffic generated by all cellular connections over the next five years.
Networks must increase virtualisation to handle 5G data traffic
Operators must use future launches of standalone 5G network as an opportunity to further increase virtualisation in core networks. Failure to develop 5G network architectures that handle increasing traffic will lead to reduced network functionality, inevitably leading to a diminished value proposition of its 5G network amongst end users.
Research author Sam Barker remarked: “Operators will compete on 5G capabilities, in terms of bandwidth and latency. A lesser 5G offering will lead to user churn to competing networks and missed opportunities in operators’ fastest-growing revenue stream.”
The COVID-19 pandemic has largely proven to be an accelerator of cloud adoption and extension and will continue to drive a faster conversion to cloud-centric IT.
Global spending on cloud services to rise
According to IDC, total global spending on cloud services, the hardware and software components underpinning cloud services, and the professional and managed services opportunities around cloud services will surpass $1 trillion in 2024 while sustaining a double-digit compound annual growth rate (CAGR) of 15.7%.
“Cloud in all its permutations – hardware/software/services/as a service as well as public/private/hybrid/multi/edge – will play ever greater, and even dominant, roles across the IT industry for the foreseeable future,” said Richard L. Villars, Group VP, Worldwide Research at IDC.
“By the end of 2021, based on lessons learned in the pandemic, most enterprises will put a mechanism in place to accelerate their shift to cloud-centric digital infrastructure and application services twice as fast as before the pandemic.”
Strongest growth in the as a service category
The strongest growth in cloud revenues will come in the as a service category – public (shared) cloud services and dedicated (private) cloud services. This category, which is also the largest category in terms of overall revenues, is forecast to deliver a five-year CAGR of 21.0%.
By 2024, the as a service category will account for more than 60% of all cloud revenues worldwide. The services category, which includes cloud-related professional services and cloud-related management services, will be the second largest category in terms of revenue but will experience the slowest growth with an 8.3% CAGR. This is due to a variety of factors, including greater use of automation in cloud migrations.
The smallest cloud category, infrastructure build, which includes hardware, software, and support for enterprise private clouds and service provider public clouds, will enjoy solid growth (11.1% CAGR) over the forecast period.
Factors driving the cloud market forward
While the impact of COVID-19 could have some negative effects on cloud adoption over the next several years, there are a number of factors that are driving the cloud market forward.
- The ecosystem of tech companies helping customers migrate to cloud environments, create new innovations in the cloud, and manage their expanding cloud environments will enable enterprises to meet their accelerated schedules for moving to cloud.
- The emergence of consumption-based IT offerings are aimed at leveraging public cloud-like capabilities in an on-premises environment that reduces the complexity and restructures the cost for enterprises that want additional security, dedicated resources, and more granular management capabilities.
- The adoption of cloud services should enable organizations to shift IT from maintenance of legacy IT to new digital transformation initiatives, which can lead to new business revenue and competitiveness as well as create new opportunities for suppliers of professional services.
- Hybrid cloud has become central to successful digital transformation efforts by defining an IT architectural approach, an IT investment strategy, and an IT staffing model that ensures the enterprise can achieve the optimal balance across dimensions without sacrificing performance, reliability, or control.
In the aftermath of the COVID-19 pandemic, global biometric device revenues are expected to drop 22%, ($1.8 billion) to $6.6 billion, according to a report from ABI Research. The entire biometrics market, however, will regain momentum in 2021 and is expected to reach approximately $40 billion in total revenues by 2025.
Global biometric device revenues in 2020
“The current decline in the biometrics market landscape stems from multifaceted challenges from a governmental, commercial, and technological nature,” explains Dimitris Pavlakis, Digital Security Industry Analyst.
“First, they have been instigated primarily due to economic reforms during the crisis which forced governments to constrain budgets and focus on damage control, personnel well-being, and operational efficiency.
“Governments had to delay or temporarily cancel many fingerprint-based applications related to user/citizen and patient registration, physical access control, on-premise workforce management, and certain applications in border control or civil, welfare, immigration, law enforcement, and correctional facilities.
“Second, commercial on-premise applications and access control suffered as the rise of the remote workers became the new norm for the first half of 2020. Lastly, hygiene concerns due to contact-based fingerprint technologies pummelled biometrics revenues forcing a sudden drop in fingerprint shipments worldwide.”
Not all is bleak, though
New use-case scenarios have emerged, and certain technological trends have risen to the top of the implementation lists. For example, enterprise mobility and logical access control using biometrics as part of multi-factor authentication (MFA) for remote workers.
“Current MFA applications for remote workers might well translate into permanent information technology security authentication measures in the long term,” says Pavlakis. “This will improve biometrics-as-a-service (BaaS) monetization and authentication models down the line.”
Biometrics applications can now look toward new implementation horizons, with market leaders and pioneering companies like Gemalto (Thales), IDEMIA, NEC, FPC, HID Global, and Cognitec at the forefront of innovation.
“Future smart city infrastructure investments will now factor in additional surveillance, real-time behavioral analytics, and face recognition for epidemiological research, monitoring, and emergency response endeavors,” Pavlakis concludes.
An analysis by PwC shows blockchain technology has the potential to boost global gross domestic product (GDP) by $1.76 trillion over the next decade. That is the key finding of a report assessing how the technology is being currently used and exploring the impact blockchain could have on the global economy.
Through analysis of the top five uses of blockchain, ranked by their potential to generate economic value, the report gauges the technology’s potential to create value across industry, from healthcare, government and public services, to manufacturing, finance, logistics and retail.
“Blockchain technology has long been associated with cryptocurrencies such as Bitcoin, but there is so much more that it has to offer, particularly in how public and private organizations secure, share and use data,” comments Steve Davies, Global Leader, Blockchain and Partner, PwC UK.
“As organizations grapple with the impacts of the COVID-19 pandemic, many disruptive trends have been accelerated. The analysis shows the potential for blockchain to support organizations in how they rebuild and reconfigure their operations underpinned by improvements in trust, transparency and efficiency across organizations and society.”
- The report identifies five key application areas of blockchain and assesses their potential to generate economic value using economic analysis and industry research. The analysis suggests a tipping point in 2025 as blockchain technologies are expected to be adopted at scale across the global economy.
- Tracking and tracing of products and services – or provenance – which emerged as a new priority for many companies’ supply chains during the COVID-19 pandemic, has the largest economic potential ($962bn). Blockchain’s application can be wide ranging and support companies ranging from heavy industries, including mining through to fashion labels, responding to the rise in public and investor scrutiny around sustainable and ethical sourcing.
- Payments and financial services, including use of digital currencies, or supporting financial inclusion through cross border and remittance payments ($433bn).
- Identity management ($224bn) including personal IDs, professional credentials and certificates to help curb fraud and identity theft.
- Application of blockchain in contracts and dispute resolution ($73bn), and customer engagement ($54bn) including blockchain’s use in loyalty programmes further extends blockchain’s potential into a much wider range of public and private industry sectors.
Blockchain’s success will depend on a supportive policy environment, a business ecosystem that is ready to exploit the new opportunities that technology opens, and a suitable industry mix.
Economic benefits across continents
Across all continents, Asia will likely see the most economic benefits from blockchain technology. In terms of individual countries, blockchain could have the highest potential net benefit in China ($440bn) and the USA ($407bn). Five other countries – Germany, Japan, the UK, India, and France – are also estimated to have net benefits over $50bn.
The benefits for each country differ however, with manufacturing focused economies such as China and Germany benefiting more from provenance and traceability, while the US would benefit most from its application in securitisation and payments as well as identity and credentials.
At a sector level, the biggest beneficiaries look set to be the public administration, education and healthcare sectors. These sectors are expected to benefit approximately $574bn by 2030, by capitalising on the efficiencies blockchain will bring to the world of identity and credentials.
Meanwhile, there will be broader benefits for business services, communications and media, while wholesalers, retailers, manufacturers and construction services, will benefit from using blockchain to engage consumers and meet demand for provenance and traceability.
Digital transformation as top priority
The potential for blockchain to be considered as part of organizations’ future strategy is linked to a research with business leaders that showed 61% of CEOs said they were placing digital transformation of core business operations and processes among their top three priorities, as they rebuild from COVID-19.
“One of the biggest mistakes organizations can make with implementing emerging technologies is to leave it in the realm of the enthusiast in the team. It needs C-Suite support to work, identify the strategic opportunity and value, and to facilitate the right level of collaboration within an industry,” comments Davies.
“Given the scale of economic disruption organizations are dealing with currently, establishing proof of concept uses which can be extended and scaled if successful, will enable businesses to identify the value, while building trust and transparency in the solution to deliver on blockchain’s potential.”
The report warns that if blockchain’s economic impact potential is to be realized, its energy overhead must be managed. Growing business and government action on climate change, including commitments to Net Zero transformation, will mean that organizations need to consider new models for consolidating and sharing infrastructure resources to reduce reliance on traditional data centres and their overall technology related energy consumption.
Forter released its Fraud Attack Index, delivering in-depth insight into the impact of COVID-19 on online buyer behavior and ecommerce fraud trends.
This edition revealed that:
- New customer accounts now represent 30% of transactions, five times more than they did pre-COVID-19. This is good news for retailers, but merchants using legacy fraud prevention systems could miss out on some of this revenue potential due to high false decline rates. Legacy systems lack data on new customers and cannot accurately distinguish between legitimate consumers and fraudsters.
- The growth in transactions driven by the consumer shift from brick-and-mortar stores to online purchasing is masking the fact that the number of fraud attacks has risen in real terms, leading retailers into a false sense of security.
- Omnichannel fraud is growing: Buy Online, Pick-up In Store (BOPIS) fraud rose 55% as new customer service options are subjected to significant fraud.
- With transactions falling by 97% compared with H1 2019, fraud attack rates in the travel industry more than doubled, with hotel fraud attacks rising 139% and airline fraud attacks increasing 144%.
- Account takeover (ATO) and Policy Abuse such as returns abuse, promotion abuse, and reseller abuse are set to surge during the holiday season.
Michael Reitblat, CEO of Forter, comments: “A rapid rise in new customer accounts, coupled with having to pivot quickly from brick-and-mortar to online sales channels, put unprecedented stress on merchants as they tried to perfect the ecommerce experience.
“It is clear from what we’ve seen that some retailers were more agile and prepared for this than others, quickly introducing new services such as curbside pickup and Buy Online, Pick-up In-Store, in a bid to retain new customers.
“To fully realize this new revenue potential, merchants need more accurate fraud prevention that can distinguish between these valuable new customers and fraudsters. Merchants can have a false decline rate between 5-7x higher for new customers – typical of legacy systems that do not have sufficient data on new account holders.”
Growth in transaction volumes masks increasing fraud attack numbers
There have been dramatic increases in transaction volumes across the majority of vertical sectors, but particularly those traditionally served by brick-and-mortar stores. Volumes rose 172% in home, furnishings and garden, 93% in food delivery & beverage and 119% in groceries.
Ecommerce fraud attacks decreased as a percentage of all transactions but in real terms, the number of fraud attacks has risen. This represents significant losses for retailers at a critical time.
Holiday season fraud surge expected
As retailers prepare for a critical holiday season and aim to recoup some of the year’s earlier losses, the research indicates that ATO attacks, and returns and delivery fraud will surge as fraudsters seek to exploit the increase in online shopping.
At the same time, customers will be more likely to take unfair advantage of promotions and abuse delivery and returns policies. Fraud and abuse trends that retailers need to prepare for include:
- Account takeover fraud to dramatically increase: The analysis indicates that fraudsters will seek to operationalize the data they’ve stolen and collected through data breaches and social engineering scams conducted during COVID-19 disruption. Also, new customer accounts opened by less experienced users are likely to use weaker passwords, fewer security steps, and be more vulnerable to ATO. As a result, retailers need to prepare for increasing ATO attacks during the holiday season.
- Returns and delivery fraud will continue to rise: Retailers increasingly offered omnichannel customer service options such as Buy Online, Return in Store (BORIS) and BOPIS, to satisfy new customers during COVID-19. Fraud attacks exploiting BOPIS policies increased 55% compared to H1 2019, as merchants offering frictionless experiences are less likely to ask for customer identification. It is anticipated that fraudsters will increasingly target and exploit returns and delivery services as online shopping surges over the holiday season.
- Policy abuse set to spike: Merchants courting new customers with aggressive promotions and user-friendly omnichannel options, will expose themselves to greater abuse risk, including returns, promotion and reseller abuse.
Vikrant Gandhi, Senior Industry Director at Frost & Sullivan commented: “Fraud and policy abuse issues have magnified in the recent months in the global ecommerce industry. Our research indicates a rise in sophisticated fraud attempts, including promotions abuse by using synthetic identities and friendly fraud in 2020.
“The challenge for merchants is to deliver frictionless customer experiences without letting fraud prevention come in their way of doing so. Our recommendation to merchants is if they do not prioritize working with identity-based, integrated fraud prevention platforms that leverage behavioral analytics, machine learning and the power of big data that is informed and refined by highly trained analysts, they will never be able to stay ahead of fraudsters and policy abusers.”
IoT gateways are becoming an increasingly important link in the IoT security and device authentication value chain and emerging as a crucial conduit for intelligent operations across the entire IoT.
The new wave of next-generation smart IoT gateways has arrived at an opportune time, enabling a breadth of novel security, intelligence, and authentication operations at the edge, causing IoT vendors to revisit their deployment and management strategies.
According to ABI Research, there will be 21.4 million next-gen smart IoT gateways shipped in 2025.
“Smart IoT gateways are currently caught amid a greater transformative evolution, further enhancing capabilities for gateways, shifting focus toward the edge, and reversing the cloud-centric investment priorities of the past decade,” states Dimitrios Pavlakis, Digital Security analyst at ABI Research.
The characteristics of next-gen smart IoT gateways
The primary characteristics of next-gen IoT gateways include enhanced cybersecurity options, extended connectivity support, edge processing and filtering, authentication and management, cloud services, analytics, and intelligence operations.
These highly demanding technological characteristics have been steadily reaching the core of the implementation lists of IoT implementers, shifting the dynamics of IoT security and pulling focus ever closer to the edge.
“This is not to say that edge-focused IoT gateways will completely replace data servers and cloud computing – far from it. Rather they are set to create a more symbiotic relationship between them while increasing the amount of responsibility towards edge computing and intelligence-gathering operations,” Pavlakis explains.
Turning challenges into well-honed value propositions
The current market demands brought forth by the intense increase of IoT technologies allow gateway vendors to turn challenges into well-honed value propositions. This can include tackling the secure transition of legacy equipment into larger IoT fleets, enable increased visibility, monitoring, and management of IoT devices, aid in the clash between IT and OT in industrial and healthcare systems, and streamline digital security and device management.
The surge of IoT gateways shipments is expected to create a variable penetration rate across different IoT end markets led by innovative gateway vendors like Advantech, Cisco, Kerlink, MultiTech, and Sierra Wireless.
“The data suggest that video surveillance, heavy transport vehicles and equipment, intelligent transportation, and fleet management depict the highest penetration rate for the next-level security and intelligence components for smart IoT gateways, with a clear focus revolving around automotive verticals and data-heavy applications,” Pavlakis concludes.
Emerging markets have always been behind developed countries in adopting the latest generation mobile networks, with a few exceptions. While it would be safe to assume that emerging markets would also lag in 5G adoption, global tech market advisory firm, ABI Research, finds that emerging countries will have faster than expected 5G subscriber adoption.
The Compound Annual Growth Rate (CAGR) of 5G subscriptions in emerging markets is estimated to be 26% between 2020 to 2030, an impressive rate considering the global CAGR of 5G subscriptions is only a slightly higher 28% in the same period.
“The pace of the 5G rollout in emerging markets will be expedited by a combination of regulatory enablement, enabling technologies, such as edge computing and OpenRAN (ORAN), and the broader use cases that 5G brings forward,” explains Miguel Castaneda, Industry Analyst at ABI Research.
Contributing factors spurring emerging countries’ 5G adoption
The underlying impediments on nationwide 5G deployment in emerging countries are based on the capital-intensive 5G infrastructure and the declining financial health of the emerging markets’ telecommunications sector. These factors are compounded when considering the additional logistical and financial factors for countries such as Vietnam or Thailand that have larger rural populations. Operators in these countries need to exhaust all options that can help alleviate the financial burden of 5G rollout.
Emerging countries should also pay heed to factors that contribute to the growing impetus of 5G rollouts. Changing consumer demographics, the proliferation of smartphone usage, and affordable 5G devices have spurred an exponential increase in emerging countries’ data consumption.
Despite having a rural population of around 65%, ABI Research forecasts India’s mobile data traffic, based on 1.2 billion subscribers, to balloon to 160.4 Exabytes by 2025. This figure exceeds the combined mobile data traffic of developed countries like South Korea, United Kingdom, and Germany in the same year, which is 159.7 Exabytes. “Emerging countries that strongly rely on agriculture or manufacturing production would also stand to benefit from the digital transformation capabilities of 5G enterprise,” Castaneda points out.
This surge in data consumption, device affordability, and potential of broader use cases should therefore prompt regulators and operators in adopting proactive strategies in establishing their respective 5G networks. Countries such as India and Vietnam are building their own 5G ecosystem through local telecommunication and software vendors.
Developments and innovations in fixed wireless access (FWA) create more financial incentives for 5G rollout into rural regions and helps governments in emerging markets to fulfill their national coverage plans. 5G-enabling technologies such as distributed edge computing, the ORAN initiative, and network slicing have given emerging countries more tools in accelerating the pace of a more digitalized economy.
Regulators also play a critical role as they can initiate enabling policies and initiatives to improve the business case of 5G rollout for financially strapped operators in these emerging countries.
“As the COVID-19 pandemic impacts the social fabric and economic activities of our countries, emerging markets are constantly reminded of the importance of a connected world. 5G will address the issue of supply chain resiliency and provide new business models in enterprises. These deployments can serve as a great complementary technology for key national initiatives, such as the Thailand 4.0 Smart City Initiative, India’s Smart City Mission, and the Vision of Indonesia 2045,” Castaneda concludes.
64% of IT pros are instilled with a new sense of confidence, despite contending with challenges such as reduced budgets, greater decision-making responsibilities, and longer hours caused by their organizations’ response to the pandemic, a SolarWinds survey reveals.
Likewise, 46% feel empowered to bring more ideas to the table while 58% say they now feel more prepared to succeed in similar unexpected situations.
“The success of organizations during this unique time is due in large part to IT pros’ preparedness and inherent ability to adapt and manage through substantial change,” said Rani Johnson, CIO, SolarWinds.
“2020—and the unexpected COVID-19 pandemic—is proof positive IT pros are built for moments like these. What’s particularly encouraging is IT pros’ perception and expectation IT will be included in more business-level decision-making moving forward.
“The dedication of IT pros around the world to ensuring business resiliency and continuity over the past several months serves to elevate and empower the IT community to work alongside business leaders to meet bigger organizational goals.”
IT pros’ upskilling likely to continue into the future
This newfound self-confidence, combined with IT pros’ achievements during this time, will completely transform how IT is viewed by the business in the future. IT may earn a more prominent voice in the C-suite, as 40% of surveyed IT pros believe they will now be involved in more business-level meetings.
Likewise, IT’s role will be up-leveled due to the vast upskilling 26% of IT pros underwent during this experience. With 31% admitting there’s a need to rethink internal processes to better accommodate the rapid change of pace required post-COVID, it’s highly likely a focus on IT pros’ upskilling will continue into the future.
“As always, with new responsibilities comes the need for new skills. While almost half of survey respondents felt they received the training required to adapt to changing IT requirements, nearly one-third experienced the opposite, and are at risk of being left behind as IT teams continue to grapple with how best to support the new normal,” said Johnson.
IT pros gaining an increased sense of confidence
IT pros said they’ve gained an increased sense of confidence in their expanded roles, responsibilities, and ability to adapt to unexpected change in the future, despite contending with more challenging working conditions over the course of the pandemic.
Respondents said longer work hours due to stretched teams (29%), more responsibility (28%) and decision-making requirements (28%), and a general increase in job-related stress (22%) were the leading ways in which day-to-day roles evolved in response to the impact of COVID-19.
Still, 64% agreed this experience—including changes to their day-to-day tasks—has given them a new sense of confidence in managing unprecedented change.
- 46% say the work they accomplished has empowered them to bring new ideas to the table.
- 58% say they now feel more prepared to succeed in any similar unprecedented situations in the future, while another 29% report feeling prepared to manage change but require additional resources, training, and support.
Given the achievements of IT pros during this period, 40% of respondents say they believe IT will be included in more business-level meetings and decision-making moving forward.
Remote workforce support requiring new skills
The implications of COVID-19 accelerated IT pros’ ongoing efforts to upskill in critical competencies, such as systems management, network management, and security policy and compliance.
26% of IT pros said it was necessary to learn new skills to support their organizations’ transitions to a remote workforce.
The top skills IT pros reported as the most important for development:
- Systems management (55%)
- Network management (50%)
- Security policy and compliance (43%)
- Hybrid IT monitoring/management tools and metrics (28%)
47% said they received the training they needed to learn these new skills; however, 25% are still waiting for those training resources to be made available.
The breadth of skills IT pros needed during this time shows how silos are disappearing, as roles start to blur together. In fact, today there is more crossover between traditional roles than there has ever been before and we will continue to see these lines blur until most silos are completely gone.
Technology, process, and team transformations are needed
In the coming months, IT organizations must undergo technology, process, and team transformations to accommodate the new IT requirements associated with extended remote-work scenarios post-pandemic.
71% of respondents felt supporting a remote workforce struck a balance in which certain aspects of day-to-day management were better, while others were more challenging.
- 31% agree there’s a need to rethink internal processes to better accommodate the more rapid pace of change required post-COVID.
- While 18% of respondents reported their toolsets and technologies fell short in addressing the unique challenges of remote workforces, 28% of IT pros flagged a need to consolidate existing solution suites (and their vendors) to simplify management, maintenance, and cost of upkeep.
Although the majority of IT organizations successfully managed the transition to remote work and played a critical role in ensuring business continuity, IT pros expect several trends to shape the future of their respective IT organizations:
- Greater cross-team collaboration (53%)
- More responsibility (46%)
- IT inclusion in more business-level meetings and decision-making (41%)
- Tighter budgets (even post-economic recovery) (26%)
- More opportunity to upskill/attend trainings (25%)
The global wide area network optimization market size is estimated to reach $4.88 billion by 2027, registering a CAGR of 9.5% from 2020 to 2027, according to Grand View Research.
The growing need for efficient network optimization across business organizations is the major factor in driving the market growth. Moreover, in a bid to achieve improved Quality of Service (QoS) and productivity on their existing network, companies across the globe are increasingly deploying network optimization solutions, thereby supporting the market demand.
The ongoing COVID-19 pandemic has compelled several business organizations and educational institutions to shut their operations temporarily. The closure of educational institutes has necessitated students to use virtual offerings (example – Google Classroom) for learning.
In a bid to offer a unified digital learning experience to students, universities and institutions have been forced to deploy robust network infrastructure, necessitating the need for network monitoring and thereby driving demand for wide area network (WAN) optimization solutions.
Similarly, several enterprises have allowed their employees to work from home till the pandemic is contained, thereby necessitating a reliable and effective network monitoring solution to help minimize latency in the network and deliver an agile response to employees and clients. Therefore, the COVID-19 outbreak is expected to have a positive impact on market demand.
Global WAN optimization market: Key suggestions
- In 2019, North America accounted for a market size of $914.60, attributed to the presence of a number of large enterprises and data centers.
- The SD-WAN optimization solution segment is estimated to witness significant growth from 2020 to 2027, owing to the rapid deployment of SD-WAN across enterprises globally. The SD-WAN helps businesses to enhance their application performance and offers an enhanced user experience.
- Cloud-based WAN optimization solutions segment is expected to witness remarkable growth over the forecast period on the back of benefits associated in terms of accessibility offered and infrastructure cost.
- Increasing awareness regarding cost-benefit associated with a cloud-based business model has led to the increasing adoption of cloud-based WAN optimization solutions across large, medium, and small enterprises in the Asia Pacific. Increasing adoption of cloud-based solutions, especially across verticals including IT and telecom, healthcare, and retail is expected to help the region expand at a CAGR of 10.5% over the forecast period.
- Prominent players such as Cisco Systems; Citrix Systems; and Vmware are strategically focusing on establishing partnerships to strengthen their client base and increase overall revenue share in the market.
With the introduction of the next-generation 5G network, many businesses and service providers are investing heavily in high-speed cloud-RAN (C-RAN) and core network deployments.
While C-RAN helps service providers to reduce huge costs associated with the infrastructure, the high-speed network needs continuous monitoring to ensure operational performance through minimal downtime. Thus, imminent need to minimize the downtime and thereby improve operational performance is expected to drive demand for WAN optimization solutions among business organizations.
With the advent of edge computing and its increased adoption across industry verticals, small-scale data center establishments are on the rise. To attain optimal computation and ensure unified communication during the data exchange process between data centers, businesses are increasingly deploying WAN optimization solutions.
Moreover, the key market players are significantly focusing on partnerships and collaborations with large service providers to capture market share.
Key players in the WAN optimization market
- Cisco Systems
- HPE (Silver Peak)
- Riverbed Technology
- Citrix Systems
- Broadcom (Symantec Enterprise)
- FatPipe Networks
- Versa Networks
- Blue Coat System
- Infovista Corporation
- NTT Communications
- Aryaka Networks
- Circadence Corporation
- Array Networks
- Sangfor Technologies