research Archives - Page 4 of 13 - Cyber Secure Forum | Forum Events Ltd
Posts Tagged :

research

Top 5 crypto cyberthreat statistics of the last year

 960 640 Stuart O'Brien
By:
0
0
Firstly, cryptocurrency companies are fairly new to the market but deal with a lot of sensitive information, including the client’s funds. Secondly, crypto payments are irreversible and uncontrolled by central authorities, so it is easier for criminals to run away with stolen funds.
Lastly, many newcomers are not very knowledgeable about how cryptocurrencies work, making it easier for criminals to scam them. These are just some reasons why crypto-related cyber crimes are still going strong. In this article, the Atlas VPN team has compiled a list of the top five most notable cryptocurrency threat statistics and findings of the last year…
#1 Crypto hackers stole almost $2 billion in H1 2022 (Source)
 
Even with the crypto market on the decline, cryptocurrency project hacks are not going anywhere. In the first half of 2022, cybercriminals cashed in $1.97 billion from 175 crypto project hacks.
Over $1 billion were looted from the Ethereum ecosystem projects alone. The Solana ecosystem also suffered greatly, with hackers stealing $383.9 million from Solana-related projects.
 
#2 Crypto miners were the most-common malware family in 2021 (Source)
There are many types of malware, and each is used for different attacking objectives. All malware is classified as malicious software and can crack passwords, spread through networks, or disrupt the daily operations of organizations. In 2021, the most widespread malware family was cryptominers, with about 150K such threat detections.
Cryptominers have become extremely popular among cybercriminals over the past year. By using CPU and GPU resources of victims’ devices, threat actors mine various crypto for profit. Sometimes such malware can stay on the device unnoticed for months.
#3 Over $12 billion in crypto stolen in the past decade (Source)
The crypto industry’s technology has improved dramatically since the launch of Bitcoin in 2009. Despite this, many cryptocurrency providers have failed to develop effective security mechanisms that would prevent hackers from exploiting vulnerabilities for personal benefit at the expense of their victims.
Research revealed that more than $12 billion of crypto assets were stolen in the past 11 years. In addition, 40% of the funds were stolen from fraudulent exchanges, while Decentralized Finance (DeFi)-related hacks continue to surge.

#4 Blockchain.com, Luno, and Cardano are the top-most phished crypto projects (Source)

One of the phishers’ favorite tactics is impersonating well-known brands, and cryptocurrency brands are no exception.

Out of all cryptocurrency service brands, the website of Blockchain.com was the most commonly spoofed. The brand had 662 phishing websites in the last 90 days (till June 22, 2022). Blockchain.com is followed by the crypto investing app Luno, with 277 phishing pages, and proof-of-stake blockchain platform Cardano with 191.

#5 DeFi-related hacks accounted for 76% of all major hacks in 2021 (Source)

Decentralized finance (DeFi) is a system that enables the availability of financial products on a public decentralized blockchain network. Buyers, sellers, lenders, and borrowers can interact peer-to-peer through DeFi instead of going through intermediaries such as banks or brokerages when arranging transactions.

The Atlas VPN team found that DeFi-related hacks made up 76% of all major hacks in 2021. Furthermore, hackers stole $361 million from DeFi projects in the first half of 2021, which surpasses losses from 2020 by 180%.

Access Control

Security Information & Event Management (SIEM) spend to exceed $6.4bn by 2027

 960 640 Stuart O'Brien
By:
0
0

A new study from Juniper Research has found that the total business spend on SIEM (Security Identity & Event Management) will exceed $6.4 billion globally by 2027, from just over $4.4 billion in 2022.

It predicts that this growth of 45% will be driven by the transition from term licence (where businesses can use SIEM for specific licence lengths) to more flexible SaaS (Software-as-a-Service) models (where SIEM solutions are purchased via monthly subscription). This will enable small businesses to access previously unaffordable services.

A SIEM system is a combination of SIM (Security Information Management) & SEM (Security Event Management), which results in real-time automated analysis of security alerts generated by applications and network hardware; leading to improved corporate cybersecurity.

IBM Tops Juniper Research Competitor Leaderboard

The research identified the world’s leading SIEM providers by evaluating their offerings, and the key factors that have led to their respective success, such as the breadth and depth of their platforms.

The top 3 vendors are:
1.    IBM
2.    Rapid7
3.    Splunk

Research co-author Nick Maynard said: “Juniper Research has ranked IBM as leading in the global SIEM market, based on its highly successful analytics platform and its ease of integration. SIEM vendors aiming to compete must design scalable solutions that are accessible to smaller businesses, which can provide easy-to-understand, actionable insights for less experienced cybersecurity teams.”

Transition to SaaS Accelerating Rapidly

Additionally, the research found that SaaS business models within SIEM are gaining traction; accounting for almost 73% of global business spend on SIEM in 2027, from only 37% in 2022. This significant increase represents an opportunity for newer vendors to break into the market with appealing SaaS-based models, but SIEM vendors must be careful not to leave larger enterprises, which still prefer term licences, behind.

To find out more, see the new report: Security Information & Event Management: Key Trends, Competitor Leaderboard & Market Forecasts 2022-2027.

Only 8% of global tech workers have significant cloud-related skills

 960 640 Stuart O'Brien
By:
0
0

75% of tech leaders say they’re building all new products and features in the cloud moving forward, but only 8% of technologists have significant cloud-related skills and experience. Additionally, 64% say that they are new to cloud learning and are looking to build basic cloud fluency.

That’s according to Pluralsight’s 2022 State of Cloud Report, which compiles survey results from more than 1,000 technologists and leaders in the United States, Europe, Australia, and India on the most current trends and challenges in cloud strategy and learning.

According to McKinsey, cloud adoption is crucial to an organisation’s success, with more than 1 trillion dollars in potential earnings in the cloud up for grabs across Fortune 500 companies by 2030. Yet, cloud skills gaps exist for many technologists today. Pluralsight’s 2022 State of Upskilling Report, released earlier this year, found that 39% of respondents ranked cloud computing as a top personal skills gap.

“As organisations begin making heavier investments into the cloud, they must dedicate resources and time to ensure their technologists are up to the task of cloud transformation,” said Drew Firment, VP of Enterprise Strategies at Pluralsight. “Findings from our State of Cloud Report show that most technologists only have a basic familiarity with cloud technologies. Tech leaders need a cloud strategy that provides confidence and predictability in their ability to build cloud maturity at scale and that starts with ensuring they can upskill their teams on cloud technologies.”

The State of Organisational Cloud Maturity

Pluralsight’s State of Cloud Report gathered data on organisational cloud maturity and cloud strategy. Nearly half (48%) of organisations rate themselves as having high levels of cloud maturity, while only 7% of organisations have made no investments into the cloud. The study also revealed that technology companies are more likely than any other sector to rate themselves as having a high level of cloud maturity.

There are many different ways that organisations can drive towards cloud maturity. In the survey, 45% of organisations say they design cloud strategies for speed and business value. Additionally, 39% of organizations are working to optimise for cloud-native with containers and serverless, and 38% of organizations enable hybrid architectures with distributed cloud.

Security is a top challenge to levelling up cloud maturity, regardless of the organization’s current level of maturity with 45% of organisations saying that security and compliance concerns are the number one cloud maturity challenge.

Key Trends in Cloud Learning

As the data from this report suggests, most technologists are new to their cloud learning journeys. Twenty percent of technologists report having skills gaps in fundamental cloud fluency.

For technologists, the top personal cloud skills gaps are:

  • Cloud security (40%)
  • Networking (37%)
  • Data (31%)

Additionally, there are a variety of barriers that technologists encounter when trying to upskill in the cloud. These barriers include:

  • Budget constraints (43%)
  • Being too busy/lacking time for upskilling (38%)
  • Employers emphasise hiring rather than upskilling (32%)

This data shows that employers’ willingness to dedicate resources for cloud upskilling greatly affects the cloud-readiness of their organization.

Despite these sometimes limited upskilling resources, technologists are still finding ways to engage with cloud learning. Sixty-eight percent of technologists dedicate time at least once per week to technology upskilling. For those upskilling in the cloud, 62% find hands-on or practical exercises, such as cloud labs and sandboxes, to be the most effective way to learn cloud skills. Forty-eight percent of technologists use online tech skills development platforms to learn cloud skills.

Disconnect Between Cloud Technologists and Business Leaders

Findings of this report reveal a disconnect between organisational and individual cloud maturity. Business leaders reported high confidence in their organisations’ cloud strategies while individual contributors report feeling new to cloud technologies.

Despite employee skills gaps, growing cloud skills internally was not one of the top strategies business leaders used for reaching organizational cloud maturity. Only 37% of organisations use internal cloud upskilling as a key strategy for cloud maturity. However, cloud skills gaps rank as the second largest cloud maturity challenge, with 43% of organizations agreeing that cloud skills gaps in their organizations affect cloud maturity. Challenges arise when trying to balance organizational and individual needs for learning, as individuals desire personal enrichment and career advancement from training (46%), while leaders value outcomes that identify vulnerabilities (30%) and cost optimisation (28%).

In order to achieve cloud goals like higher levels of cloud maturity, increased cloud security, and cost optimization, organisations need to be creators of cloud talent. Cloud technology is fairly ubiquitous, with 46% of leaders overseeing one or more technical teams that work directly with cloud technology. Upskilling cloud proficiency should be a top priority, as most technologists are still new to cloud technology and are looking to improve their fluency.

Pluralsight’s State of Cloud report can be found here.

75% of UK businesses see C-suite as key security advocates

 960 640 Stuart O'Brien
By:
0
0

Rackspace Technology research has highlighted the impact the past five years of global cyber threats have had on the relationship between an organisation’s security team and its C-suite.

The second annual cybersecurity research report found that more than half of UK business leaders (56%) now include cybersecurity attacks as one of their three main business concerns, making it the chief priority ahead of even price inflation (48%) and IT talent shortages (45%).

This is reflected in the evolving relationship between security teams and senior leadership. Almost three quarters of respondents (74%) feel that security teams have better board visibility than five years ago and the same proportion (73%) now consider the C-suite to be advocates of cybersecurity.

In general, communication between the two teams is also strong, with two thirds (66%) considering there to be few communication silos and almost seven in 10 (68%) considering the C-suite and security teams to collaborate regularly.

Rob Treacey, Head of EMEA Security at Rackspace Technology, said: “Huge encouragement can be taken from the findings that cybersecurity is now being prioritised at board or C-suite level – though this is also a reflection of the scale and severity of the challenges many organisations currently face from cyber threats.

“Too often in the past we have seen security teams undermined or siloed within organisations when their voices needed to be heard. It is therefore unsurprising to see cybersecurity emerge as a pivotal business issue as senior leaders finally recognise the need to keep hackers out, and the potentially devastating consequences of not doing so.”

This improved advocacy at a senior level is in turn helping to facilitate an increase in funding, with almost seven in 10 organisations (69%) currently upping their investment in cybersecurity. The average annual investment in cybersecurity has now reached $7.58 million in the UK – far outstripping the global average of $6.12 million – with more than a fifth (22%) committing at least $10 million a year.

Assigning this increased funding appropriately is emerging as the latest challenge, especially in a tightening labour market and with a premium on specialist cyber skills. In the UK, a lack of resources (39%) is considered the most common reason why an organisation needs to engage with external security providers, with a lack of expertise (36%) ranking second.

And with business operations now dominated by the cloud, almost two thirds (65%) of organisations are now investing in cloud native security – another more specialised area of a whole cybersecurity programme.

Treacey added: “Making the case for increased investment is no longer a challenge for security teams with the C-suite so bought into the need. The issue is that these senior leaders expect problems to disappear by throwing money at them when this will only be done through smart decisions.

“Many organisations do not have the skills or resources to counter the level of threats they are likely to encounter and are struggling to source them in a tough labour market. While it is encouraging to see leadership taking the issue of security seriously, there remain real challenges when it comes to ensuring organisations keep cyber threats at bay.”

To download the full report, click here.

49% of UK organisations experience high-business-impact outages at least weekly

 960 640 Stuart O'Brien
By:
0
0

With cloud adoption, cloud-native application architectures, and cybersecurity threats on the rise, the biggest driver for observability in the UK was an increased focus on security, governance, risk and compliance.

That’s according to New Relic’s second annual study on the state of observability, which surveyed 1,600+ practitioners and IT decision-makers across 14 regions.

Nearly three-quarters of respondents said C-suite executives in their organisation are advocates of observability, and more than three-quarters of respondents (78%) saw observability as a key enabler for achieving core business goals, which implies that observability has become a board-level imperative.

he report also reveals the technologies they believe will drive further need for observability and the benefits of adopting an observability practice. For example, of those who had mature observability practices, 100% indicated that observability improves revenue retention by deepening their understanding of customer behaviors compared to the 34% whose practices were less mature.

According to the research, organizations today monitor their technology stacks with a patchwork of tools. At the same time, respondents indicated they longed for simplicity, integration, seamlessness, and more efficient ways to complete high-value projects. Moreover, as organizations race to embrace technologies like blockchain, edge computing, and 5G to deliver optimal customer experiences, observability supports more manageable deployment to help drive innovation, uptime, and reliability. The 2022 Observability Forecast found:

  • Only 27% had achieved full-stack observability by the report’s definition – the ability to see everything in the tech stack that could affect the customer experience. Just 5% had a mature observability practice by the report’s definition.
  • A third (33%) of respondents said they still primarily detect outages manually or from complaints, and most (82%) used four or more tools to monitor the health of their systems.
  • More than half (52%) of respondents said they experience high-business-impact outages once per week or more, and 29% said they take more than an hour to resolve those outages.
  • Just 7% said their telemetry data is entirely unified (in one place), and only 13% said the visualization or dashboarding of that data is entirely unified.
  • Almost half (47%) said they prefer a single, consolidated observability platform.
  • Respondents predicted their organizations will most need observability for artificial intelligence (AI), the Internet of Things (IoT), and business applications in the next three years.

“Today, many organizations make do with a patchwork of tools that require extensive manual effort to provide fragmented views of their technology stacks,” said Peter Pezaris, SVP, Strategy and User Experience at New Relic. “Now that full-stack observability has become mission critical to modern businesses, the Observability Forecast shows that teams are striving to achieve such a view so that they can build, deploy, and run great software that powers optimal digital experiences.”

Geopolitical risk ‘will provide CIOs with new leadership opportunities’

 960 640 Stuart O'Brien
By:
0
0

Technology governance issues emanating from cross-country politics have led to digital geopolitics rapidly becoming an issue that multinational CIOs must step up to lead, according to Gartner.

Forty-one percent of Boards of Directors view geopolitical power shifts and turbulence as one of the biggest risks to performance, according to a Gartner survey. Gartner predicts that by 2026, 70% of multinational enterprises will adjust the countries in which they operate by hedging to reduce their geopolitical exposure.

“Digital geopolitics is now one of the most disruptive trends that CIOs must address, with many now dealing with trade disputes, legislation coming from one country that impacts global operations, and government imposed restrictions on the acquisition and use of digital technology,” said Brian Prentice, VP analyst and Gartner Fellow. “They need to get acquainted with this new reality and prepare for its impact.”

Geopolitics describes the geographic influences on power relationships in international relations. The resulting competition between nations plays out in many areas, including economic, military and society. Due to the increasing importance that digital technology plays in each of these areas, digital geopolitics is emerging as its own unique category of impact.

Gartner says CIOs must play a pivotal role in assessing corporate risk and, if required, rearchitecting digital systems. They will need to manage or exploit four distinct facets of digital geopolitics (see graphic below).

1. Protect digital sovereignty

Digital sovereignty will be a primary source of complex, dynamic and expanding compliance obligations for multinational enterprises. Governments are primarily addressing it through their legislative and regulatory powers, such as privacy laws like the GDPR, and are increasingly turning to extraterritorial legislation. Companies that deal with the citizens of a jurisdiction are required to comply with its laws, regardless of where the company operates or where the citizens reside.

CIOs must be proactively engaged in ensuring that the IT organization’s operating model and practices reflect current laws and regulations in place. Their role is to be aware of the legal environment and articulate to other executives how the IT organization supports compliance across the enterprise.

2. Build a local technology industry

The technology industry is of great interest to public policymakers around the world due to its size, fast growth, strategic importance, tax revenue, employment possibilities and lack of requirement for a specific national resource advantage.

Many national governments are investing in developing a home-grown tech sector. For example, the U.S. seeks to address regional imbalance in global chip production through the Creating Helpful Incentives to Produce Semiconductors (CHIPS) for America Act, and the Australian Government’s Digital Economy Strategy 2030 includes building a dynamic and emerging tech sector as a key pillar.

Efforts to establish a domestic technology industry provide CIOs with an opportunity for proactive engagement with governments. They must localize specific initiatives into countries that have the best integration between local expertise and access to government co-innovation support.

3. Achieve necessary military capability

The growing digitalization of national military and security operations will limit the availability of some technologies within various countries. Enterprises and CIOs are impacted by the emerging sphere of cyberwarfare, as well as the digitalization of existing warfighting and security technologies.

CIOs can no longer count on the availability of technology used by the enterprise for its operations in any country in which it operates and will likely be faced with restricted and mandated suppliers. To minimize disruptions, they must establish a vendor and technology risk center of excellence, chartered with a regular assessment of the exposure of key suppliers to evolving government restrictions.

4. Exert direct control over the governance of cyberspace

National competition for control over the governance of cyberspace will impact the operations of multinational enterprises. As digital technology weaves itself through all aspects of society, nations are seeking to ensure that their own technologies reflect and support their core values and their citizens. Governments are increasingly concluding that they need a protected national digital infrastructure.

The machinations by governments for control over cyberspace governance are beyond the influence of CIOs, but they will have profound impacts on a business’ ability to operate internationally. CIOs can advance the executive team’s understanding of cross-national competition for control over cyberspace and the impacts to their enterprise’s operations by leading an annual cyberspace environmental update briefing.

COVID IT: 27,887 cyber attacks took place throughout the pandemic 

 960 640 Stuart O'Brien
By:
0
0

COVID-19 had a big impact on the number of susceptibilities being exposed by cyber actors, to the tune of nearly 28,000 attacks across the duration of the pandemic.

Cyphere has analysed the statistics, comparing the figures to pre-pandemic years to highlight the effect COVID has had on cybersecurity.

A rise in digital transformation as a result of the pandemic led to companies purchasing new tech assets to support their staff working remotely.

These new technologies led to cybersecurity oversights that could have resulted in an increase in security exposures such as a lack of security validations before introducing the product to employees.

They analysed the number of vulnerabilities by year, to visualise the rise in exposures before and throughout the pandemic.

  • 2018 – 16,509 vulnerabilities

  • 2019 – 17,307 vulnerabilities

  • 2020 – 18,351 vulnerabilities

  • 2021 – 20,157 vulnerabilities

As seen above, the number of security exposures has steadily increased over the past four years. Until 2017, the figure had never reached 10,000 but less than five years later had doubled to over 20,000 security bypasses.

It signifies a huge shift in cyber protection, with the rise in cyber risks putting users and businesses at risk of data hacks.

They also examined the severity of the susceptibilities, they did this by using the CVSS (Common Vulnerability Scoring System) to determine whether the exposures were low, medium or high risks.

2021 saw the highest total number of exposures, with 20,157 across those twelve months. The severity of these exposures can be seen below:

  • High risk: 4071 vulnerabilities

  • Medium risk: 12,903 vulnerabilities

  • Low risk: 3183 vulnerabilities

In comparison to 2021’s susceptibilities, 2020 registered a larger number of high-risk exposures with 4,379, 308 more despite having fewer total susceptibilities.

Cyphere says analysing the most common types of susceptibilities can be extremely useful in forming a response to the wave of cyber attacks, it can allow cybersecurity professionals to build a defence to counteract the breach.

Each security exposure is defined using the CWE (Common Weakness Enumeration), which is used to categorise the weakness, it serves as a baseline for exposure identification.

Frustratingly, throughout the pandemic, the highest number of vulnerability types were ‘NVD-CWE-noinfo’ meaning the security bypass was undefined.

The problem with undefined exposures is that the lack of information makes it difficult to put actions in place to avoid this reoccurring. There were over 3,000 undefined susceptibilities in 2020 alone.

The number of exposures that were undefined grew between 2019 and 2020, it accounted for 13.49% of susceptibilities in 2019 and 19.35% in 2020.

When analysing the statistics from the pandemic, examining month-specific data can allow for more context in understanding the effect of Covid on cybersecurity.

The month-specific data revealed April 2020 was the worst month in terms of the number of cyber attacks. Across April, there were a total of 2209 attacks with 939 high-risk attacks and 302 critical risks. The lowest amount was the following month, May 2020 recorded 1058 attacks.

In 2021, April and June saw the highest number of vulnerabilities, April saw 1927 exposures whilst June recorded 1965 attacks. Between March 2020 and July 2021 there were a total of 27,887 vulnerabilities

Lastly, they analysed the products being targeted by cyber actors, worryingly they found that a number of Microsoft products were the primary target. Products such as Microsoft Exchange Servers and Microsoft MSHTML were being bypassed to gain access to personal details.

Harman Singh from Cyphere said: “This analysis of the NIST NVD entries during the pandemic presents a number of useful indicators for security and infrastructure teams. Digital and advanced transformations before and during the pandemic forces businesses to adopt digital solutions, at times bypassing standard approvals and change procedures. This is one of the added factors to the rise in cyber attacks.

“Although there has been increase in total vulnerabilities year on year basis, there are two ways to look at it – good news and bad news. There has been a decrease in critical risk vulnerabilities in 2021 compared to peak Covid months in 2020. Bad news is it’s not just the numbers we need to look at, but looking at the impacted services is a worrying factor. It includes email, internal and external services of a corporate network including remote connectivity solutions such as VPN, security gateways.

“This is why organisations should look into vulnerabilities more than just a CVE. These factors include exploitation in the wild, data sensitvity levels related to the affected service and potential impact. Keeping the practical context into mind helps security teams analyse large amount of vulnerabilities in an efficient manner. This reduces the noise that sometimes consists of just CVE scores but are practically complex attacks or have complex dependencies before an exploit takes place.

“It underscores the importance of regular assessments such as penetration testing, vulnerability scanning and management and incident response preparation. Organisations should adhere to strong basics with proactive approach towards security, utilising the industry expertise to stay on top of ever changing threat landscape.”

Global IT spending to grow 3% in 2022, says Gartner

 480 320 Stuart O'Brien
By:
0
0

Worldwide IT spending is projected to total $4.5 trillion in 2022, an increase of 3% from 2021, according to the latest forecast by Gartner.

While IT spending is expected to grow in 2022, it will be at a much slower pace than 2021 due to spending cutbacks on PCs, tablets and printers by consumers, causing spending on devices to shrink 5%.

Inflation is top of mind for everyone. Central banks around the world are focusing on fighting inflation, with overall inflation rates expected to be reduced through the end of 2023. However, the current levels of volatility being seen in both inflation and currency exchange rates is not expected to deter CIOs’ investment plans for 2022,” said John-David Lovelock, distinguished research vice president at Gartner. “Organizations that do not invest in the short term will likely fall behind in the medium term and risk not being around in the long term.”

Price increases and delivery uncertainty, exacerbated by the Russian invasion of Ukraine, have accelerated the transition in purchasing preference among CIOs, and enterprises in general, from ownership to service — pushing cloud spending to 18.4% growth in 2021 and expected growth of 22.1% in 2022. Not only is cloud service demand reshaping the IT services industry, but it is also driving spending on servers to 16.6% growth in 2022, as hyperscalers build out their data centers.

Spending on data center systems is forecast to experience the strongest growth of all segments in 2022 at 11.1%. Cloud consulting and implementation and cloud managed services are expected to grow 17.2% in 2022, from $217 billion in 2021 to $255 billion in 2022, helping to drive the overall IT services segment to 6.2% growth in 2022 (see Table 1).

Table 1. Worldwide IT Spending Forecast (Millions of U.S. Dollars)

  2021 Spending 2021  Growth (%) 2022 Spending 2022  Growth (%) 2023 Spending 2023  Growth (%)
Data Center Systems  

191,001

  

6.4

  

212,218

  

11.1

  

221,590

  

4.4
Software 735,869 14.7 806,800 9.6 902,182 11.8
Devices 808,580 16.0 767,872 -5.0 790,888 3.0
IT Services 1,207,966 12.8 1,283,192 6.2 1,389,169 8.3
Communications Services  

1,458,527

  

3.8

  

1,464,551

  

0.4

  

1,505,733

  

2.8
Overall IT 4,401,944 10.2 4,534,632 3.0 4,809,561 6.1

Source: Gartner (July 2022)

IT Talent Crunch is Affecting IT Spending

The critical IT skills shortage being felt across the globe is expected to abate by the end of 2023 when the corporate drive to complete digital transformations slows down and there has been time for upskilling and reskilling of existing staff. However, in the near term, CIOs will be forced to take action to balance increased IT demand and dwindling IT staffing levels.

The IT labor market continues to tighten, making it difficult to attract and retain talent. The Gartner Global Labor Market Survey of nearly 18,000 employees in the first quarter of 2022 showed compensation is the No. 1 driver for IT talent attraction and retention. Technology service providers are increasing prices on IT to allow for competitive salaries. This is driving an increase in spending in software and services through 2022 and 2023. Worldwide software spending is expected to grow 9.6% to $806.8 billion in 2022 and global spending on IT services is forecast to reach $1.3 trillion.

“Additionally, CIOs are using more IT services to assist in the lack of skilled IT staff. Tasks that require lower skill sets tend to be outsourced to managed service firms to alleviate staff time, while critical strategy work, which requires high-end skills unobtainable by many enterprises, will increasingly be fulfilled by external consultants,” said Lovelock.

Gartner’s IT spending forecast methodology relies heavily on rigorous analysis of the sales by over a thousand vendors across the entire range of IT products and services. Gartner uses primary research techniques, complemented by secondary research sources, to build a comprehensive database of market size data on which to base its forecast.

The Gartner quarterly IT spending forecast delivers a unique perspective on IT spending across the hardware, software, IT services and telecommunications segments. These reports help Gartner clients understand market opportunities and challenges. The most recent IT spending forecast research is available to Gartner clients in “Gartner Market Databook, 2Q22 Update.”

Data security to drive IT security market to new highs

 960 640 Stuart O'Brien
By:
0
0

The global cyber security market is estimated to record a CAGR of 10.5% between 2022 and 2032, driven by surging awareness among internet users about the sensitivity of their private data and impending legal actions prompting businesses to secure their online data by following the best practices.

That’s according to a report from Future Market Insights, which says increasing complexities associated with manual identification of vulnerabilities, frauds and threats encourage organisations to fool-proof their data. Owing to these phishing and data threats, the adoption of cyber safety solutions is estimated to grow at a ‘remarkable’ rate.

Key Takeaways

  • The demand for cyber-security solutions has increased over the past decade due to a surge in online threats such as computer intrusion (hacking), virus deployment and denial of services. Due to the expansion in computer connectivity, it has become of utmost importance to keep your data safe from intruders and impersonators.
  • Increased government regulations on data privacy are one of the key drivers of the cyber security market. In addition to that, accelerating cyber threats and an increasing number of data centers are the biggest revenue generators for the cyber security market.
  • There are various benefits offered by the cyber security market such as improved security of cyberspaces, increased cyber safety and faster response time to the national crisis. Backed by these benefits, the cyber security market is projected to showcase skyrocketing growth over the forecast years (2022-2032).
  • All in all, the cyber security market across the globe is a multi-billion market and is expected to show substantial growth in CAGR, from 2022 to 2032. There is a significant increase in the cyber security market because cyber security solutions increase cyber speed and offer a number of options to save data.
  • Large investments in the global cyber security market by various countries such as the US, Canada, China and Germany are witnessed owing to the expansion in computer interconnectivity and dramatic computing power of government networks.

IBM International, Booz Allen Hamilton, Cisco, Lockheed Martin, McAfee, CA Technologies, Northrop Grumman, Trend Micro, Symantec, and SOPHOS are some of the key companies profiled in the full version of the report.

Key players in the cyber security market are consciously taking steps concerning their information security, which is inspiring other businesses to follow in their footsteps and stay updated with the latest IT security strategy.

The adoption of cyber safety solutions is anticipated to grow impeccably as businesses look at curbing their steep financial losses arising from cyberattacks.

UK university students at risk from email scams, says report

 960 640 Stuart O'Brien
By:
0
0

Research has found that none of the UK’s top 10 universities actively block fraudulent emails from reaching recipients.

Proofpoint has released data identifying that 97% of the top universities in the United Kingdom, the United States and Australia are lagging on basic cybersecurity measures, subjecting students, staff and stakeholders to higher risk of email-based impersonation attacks.

The research found that 97% of the top ten universities[1] across each country are not taking appropriate measures to proactively block attackers from spoofing their email domains, increasing the risk of email fraud. This figure rose to 100% amongst the top 10 UK universities, with none actively blocking fraudulent emails from reaching recipients.

These findings are based on Domain-based Message Authentication, Reporting and Conformance (DMARC) analysis of the top ten universities in each country. DMARC[2] is an email validation protocol designed to protect domain names from being misused by cybercriminals. It authenticates the sender’s identity before allowing a message to reach its intended destination. DMARC has three levels of protection – monitor, quarantine and reject,[3] with reject being the most secure for preventing suspicious emails from reaching the inbox.

With a record 320,000 UK sixth-formers applying for higher education places this summer, students will be eagerly awaiting email correspondence regarding their applications when A Level results are announced on the 18th of August. The uncertainty and unfamiliarity with the process, as well as the increase in email communication provides a perfect storm for cybercriminals to trick students with fraudulent phishing emails.

“Higher education institutions are highly attractive targets for cybercriminals as they hold masses of sensitive personal and financial data. The COVID-19 pandemic caused a rapid shift to remote learning which led to heightened cybersecurity challenges for educationinstitutions opening them up to significant risks from malicious email-based cyber-attacks, such as phishing,” says Adenike Cosgrove, Cybersecurity Strategist at Proofpoint. “Email remains the most common vector for security compromises across all industries. In recent years, the frequency, sophistication, and cost of cyber attacks against universities have increased. It is the combination of these factors that make it especially concerning that none of UK top ten universities is fully DMARC compliant.”

Key findings from the research include:

  • None of the UK’s top 10 universities have implemented the recommended and strictest level of protection (reject), which actively blocks fraudulent emails from reaching their intended targets, meaning all are leaving students open to email fraud.
  • Whilst 80% have taken the initial steps by publishing a DMARC record, the majority (75%) only have a monitoring policy in place for spoofed emails. This policy freely allows potentially malicious spoofed emails into the recipient’s inbox.
  • 2 out of the 10 top UK universities (20%) do not publish any level of DMARC record.

The World Economic Forum reports that 95% of cybersecurity issues are traced to human error, yet according to Proofpoint’s recent Voice of the CISO report, Chief Information Security Officers (CISOs) in the education sector underestimate these threats, with only 47% believing users to be their organisation’s most significant risk. Concerningly, education sector CISOs also felt the least backed by their organisation, compared to all other industries.

With the shift to remote (and more recently, hybrid) learning, Proofpoint experts anticipate that the threat to universities will continue to increase. The lack of protection against email fraud is commonplace across the education sector, exposing countless parties to impostor emails, also referred to as business email compromise (BEC).

BECs are a form of social engineering designed to trick victims into thinking they have received a legitimate email from an organisation or institution. Cybercriminals use this technique to extract personal information from students and staff by using luring techniques and disguising emails as messages from the university IT department, administration, or a campus group, often directing users to fake landing pages to harvest credentials.

“Email authentication protocols like DMARC are the best way to shore up email fraud defences and protect students, staff, and alumni from malicious attacks. As holders of vast amounts of sensitive and critical data, we advise universities across the UK to ensure that they have the strictest level of DMARC protocol in place to protect those within their networks.

“People are a critical line of defence against email fraud but their actions remain one of the biggest vulnerabilities for organisations. DMARC remains the only technology capable of not only defending against but eliminating domain spoofing or the risk of being impersonated. When fully compliant with DMARC, a malicious email can’t reach your inbox, removing the risk of human interference,” concluded Cosgrove.

Best practice for students, staff and other stakeholders:

  • Check the validity of all email communication and be aware of potentially fraudulent emails impersonating education bodies.
  • Be cautious of any communication attempts that request log-in credentials or threaten to suspend service or an account if a link isn’t clicked.
  • Follow best practices when it comes to password hygiene, including using strong passwords, changing them frequently and never re-using them across multiple accounts.

This analysis was conducted in May 2022 using data from QS Top Universities.