• Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd

Posts Tagged :

research

UK’s manufacturing sector facing COVID-19 cyber threats

960 640 Stuart O'Brien

Manufacturing is now the most attacked sector representing almost a third of all cyber attacks in the UK & Ireland, while Technology was the most attacked sector globally.

That’s according to the 2020 Global Threat Intelligence Report (GTIR) from NTT, which says that despite efforts to layer up defences, many organisations are unable to stay ahead of attackers, while others are struggling to do the basics like patching old vulnerabilities. 

NTT asserts that manufacturing increasingly faces financially motivated data breaches, global supply chain risks and risks from unpatched vulnerabilities. The UK was the only country (apart from Hong Kong) this year where Manufacturing topped the list of most attacked sectors, representing 29% of all attacks, with Technology (19%) second and Business and Professional Services (17%) third. Government and Finance made up the other two sectors in the top five. 

Reconnaissance attacks accounted for half of all hostile activity in the UK and Ireland, with web application the next most common form of attack (22%). Reconnaissance activity (60%) was also the most common attack type against manufacturers followed by web application attacks (36%).

Rory Duncan, Security Go-to-Market Leader, NTT, said: “UK manufacturing has become a major target for attackers in recent years as a result of the increased risks brought about from the convergence of IT and Operational Technology (OT). The biggest worry is that security has lagged behind in this sector, potentially exposing systems and processes to attack. Poor OT security is a legacy issue; many systems were designed with efficiency, throughput and regulatory compliance in mind rather than security. In the past, OT also relied on a form of ‘security through obscurity’. The protocols, formats and interfaces in these systems were often complex and proprietary and different from those in IT systems, so it was difficult for attackers to mount a successful attack. As more and more systems come online, hackers are innovating and see these systems as ripe for attack.

“Now more than ever, it’s critical for all organisations, regardless of sector or region, to pay attention to the security that enables their business; making sure they are cyber-resilient and secure-by-design, which means embedding privacy and security into the fabric of their enterprise architecture and organisational culture. The current global pandemic and the flow of trusted and untrusted information used to mask the activities of cyber criminals has shown us that they will take advantage of any situation. Organisations must be ready to respond to these and other threats in a constantly evolving landscape.”

The 2020 Global Threat Intelligence Report calls last year the ‘year of enforcement’ with the number of Governance, Risk and Compliance (GRC) initiatives growing, creating a challenging global regulatory landscape. Several acts and laws now influence how organisations handle data and privacy, including the General Data Protection Regulation (GDPR), which has set a high standard for the rest of the world. The report provides organisations with recommendations to help navigate compliance complexity, including identifying acceptable risk levels, building cyber-resilience capabilities and implementing solutions that are secure-by-design.

The 2020 GTIR – the eigth annual report – analyses and summarises trends based on log, event, attack, incident and vulnerability data from trillions of logs and billions of attacks. To learn more about how this year’s GTIR offers organisations a robust framework to address today’s cyber threat landscape, and to learn more about the emerging trends across different industries and regions, including the Americas, APAC and EMEA, follow the link to download the NTT Ltd. 2020 GTIR

Global Highlights: 2020 Global Threat Intelligence Report:

  • Most common attack types accounted for 88% of attacks: Application-specific (33%), web application (22%), reconnaissance (14%), DoS/DDoS (14%) and network manipulation (5%) attacks.
  • Weaponisation of IoT: Botnets like Mirai, IoTroop and Echobot have advanced in automation, improving propagation capabilities. Mirai and IoTroop are also known for spreading through IoT attacks, then propagating through scanning and subsequent infection from identified hosts.
  • Old vulnerabilities remain an active target: Attackers leveraged those that are several years old, but have not been patched by organisations, such as HeartBleed, which helped make OpenSSL the second most targeted software with 19% of attacks globally. A total of 258 new vulnerabilities were identified in Apache frameworks and software over the past two years, making Apache the third most targeted in 2019, accounting for over 15% of all attacks observed.
  • Attacks on Content Management Systems (CMS) accounted for about 20% of all attacks: Targeting popular CMS platforms like WordPress, Joomla!, Drupal, and noneCMS, cyber criminals used them as a route into businesses to steal valuable data and launch additional attacks. Additionally, more than 28% targeted technologies (like ColdFusion and Apache Struts) support websites.

Financial services organisations ‘increasingly prone to authentication and DDoS attacks’

960 640 Stuart O'Brien

Financial services organisations have experienced a significant increase in the number of authentication and distributed denial of service (DDoS) attacks over the past three years.

That’s according to research from F5 Labs, which says the opposite was true of web attacks, which were notably down during the same period.

The analysis, which examined customer security incident response (SIRT) data from 2017-2019, covered banks, credit unions, brokers, insurance, and the wide range of organisations that serve them, such as payment processors and financial Software as a Service (SaaS).

On average, brute force and credential stuffing constituted 41% of all attacks on financial services organisations over the full three-year period. The percentage of attacks grew from 37% in 2017 to a high point of 42% in 2019.

Brute force attacks involve a bad actor attempting large volumes of usernames and passwords against an authentication endpoint. Other forms of brute force attacks simply use common lists of default credential pairs (for example, admin/admin), commonly used passwords, or even randomly generated password strings.

Occasionally, brute force attacks leverage credentials that have been obtained from other breaches. These are then used to target the service in an attack known as “credential stuffing.” 

Delving deeper, F5’s SIRT team found that there were clear regional variations in attack trends. In EMEA, brute force and credential stuffing attacks only amounted to 20% of the total, which is higher than the 15% observed in Asia Pacific but significantly lower than North America’s 64%. The latter is likely driven by a large volume of existing breached credentials.

“The first indications of an authentication attack are often customer complaints about account lockouts, rather than any sort of automated detection,” said Raymond Pompon, Director at F5 Labs.

“Early detection is key. If defenders can identify an increase in failed login attempts over a short period of time, it gives them a window of opportunity to act before customers are affected.”

DDoS attacks were the second biggest threat to financial services organisations, accounting for 32% of all reported incidents between 2017 and 2019. It is also the fastest growing threat. In 2017, 26% of attacks on financial services organisations focused on DDoS.  The figure soared to 42% in 2019.

Yet again there were distinct regional variations. 50% of all attacks reported in EMEA over the three-year period were DDoS-related. Asia Pacific was similarly affected with 55%, but the volume dropped to 22% in North America.

According to F5 Labs, denial-of-service attacks against financial service providers usually target either the core services used by customers (such as DNS) or the applications that allow users to access online services (i.e. viewing bills or applying for loans). Attacks are often sourced from all over the world, likely via the use of large botnets that are either rented out by attackers, or purpose-built from compromised machines.

“The ability to quickly identify the characteristics of traffic when under attack conditions is critically important. It is also vital to quickly enable in-depth logging for application services in order to identify unusual queries,” Pompon explained.

While authentication and DDoS attacks continue to spread, there was also a concurrent dip drop in web attacks against financial services organisations. In 2017 and 2018, they accounted for 11% of all incidents. In 2019, it was just 4%. 

“While it is difficult to determine causality, one likely factor driving this trend is the growing sophistication of properly implemented technical controls such as web application firewalls (WAFs),” said Pompon.

F5 Labs’ 2018 Application Protection Report found that a greater proportion of financial organisations tend to deploy WAFs (31%) than the average across all industries (26%).

Most of the web attacks recorded by the F5 SIRT centred on APIs, including those related to mobile authentication portals and Open Financial Exchange (OFX). Web scraping –copying content for the purpose of creating realistic phishing pages – was also in evidence. 

F5 Labs suggests that web attacks against financial services targets tend to be more persistent compared to other sectors – partly due to the cybercriminals’ precise targeting and the potential high value of success.

F5 Labs’ analysis concludes that, although the financial services industry tends to require less convincing about the merits of substantive security programs, there is no room for complacency.

“Despite the valuable assets at stake, it can still be a challenge to convince some organisations of the need for multifactor authentication, which probably represents the most impactful way to prevent nearly all access-style attacks like brute force, credential stuffing, and phishing,” said Pompon.

“Having said that, there is still a lot that can be done. On the preventative side this includes hardening APIs and implementing a vulnerability management program that features external scanning and regular patching. On the detective side, it is critical to continually monitor traffic for traces of brute force and credential stuffing. As ever, it is essential to develop, and regularly practice, procedures for incident response that address all risks.”

84% of security and IT teams ‘don’t have a positive relationship’

960 640 Stuart O'Brien

Almost two thirds (59%) of European IT heads believe it is challenging to gain end-to-end visibility of their network, with almost half saying this lack of visibility is a major concern.

That’s according to a new poll by IDC/Forrester/VMware, which says more than a third (37%) feel the challenges associated with this lack of visibility has resulted in misalignment between security and IT teams – and a quarter (29%) have no plans to implement a consolidated IT and security strategy.

Only a third (38%) of networking teams are currently involved in the development of security strategies. Yet, 60% of these are involved in the execution of security, perhaps signalling that networking teams are not seen as having an equal role with the other IT or security teams when it comes to cybersecurity.

This is in stark contrast to the fact that network transformation is seen as being essential to delivering the levels of resilience and security required by modern businesses, with 43% of European organisations saying this is a key priority for them between 2019 to 2021. 

Critically, organisations need shared thinking and responsibilities to establish a cohesive security model if they are to deliver their company’s strategic goals, seen by Forrester as increased security (55%), technological advancement (56%) and the ability to respond faster (56%). 

Alongside the inconsistency in how the role of the network in security is perceived, there is a lack of cohesion within the IT and security teams as to who is responsible for network security.

“Businesses who are looking to adapt to fast-changing market conditions rely on the ability to efficiently connect, run and secure modern applications consistently, from the data center, across any cloud and all the way to the device. And it is the virtual cloud network that is delivering this. The network needs to be recognised as the DNA of any modern security, cloud and app strategy, and it should be seen as a strategic weapon and not merely the plumbing,” said Jeremy Van Doorn, Sr Director of Systems Engineering, Software Defined Data Center EMEA, VMware

The research also sheds light on the difference in priorities for both the IT and security teams. Globally, the top priority for IT is efficiency (51%), whilst security teams are focused on incident resolution (49%). And while new security threats require visibility across the entire IT infrastructure, less than three quarters of securityteams are involved in executing the organisation’s security strategy. 

Forty five percent of respondents recognise that a consolidated strategy could help reduce data breaches and more quickly identify threats. Yet this relationship isn’t proving an easy one to maintain as 84% of security and IT teams admit they don’t have a positive relationship with one another (at VP level and below). More than half of organisations want to move to a model of shared responsibility in the next 3-5 years, where IT securityarchitecture (58%), cloud security (43%) and threat hunting response (51%) is shared between IT and securityteams; but that calls for much closer collaboration than exists today. 

Denis Onuoha, Chief Information Security Officer at Arqiva, said: “It is critical that IT and security teams work in harmony to ensure every touch point of the IT infrastructure remains secure. The network forms a critical part of the business in delivering the best and most efficient services to customers. We recognise the importance of the network and therefore ensure security is embedded into the fabric of its infrastructure from the beginning and not bolted on as an afterthought. As we navigate a growing number of cloud and Edge environments and the network remains the connector between them all, it has become business critical for us to keep network security a top priority.” 

McAfee flags autonomous vehicle hacking risks

960 640 Stuart O'Brien

IT security giant McAfee’s has successfully tricked an autonomous vehicle to accelerate up to 85 MPH in a 35 MPH zone using just two inches of electrical tape.

The McAfee Advanced Threat Research (ATR) team and McAfee Advanced Analytic Team (AAT) partnered to explore how artificial intelligence can be manipulated through research known by the analytics community as adversarial machine learning or, as McAfee calls it, ‘model hacking‘.

McAfee ATR successfully created a black-box targeted attack on the MobilEye EyeQ3 camera system, utilised today in many vehicles including certain Tesla models. Through this attack, McAfee researchers were able to cause a Tesla model S implementing Hardware pack 1 to autonomously speed up to 85 mph, after manipulating the AI technology to misclassify a speed limit sign that read 35 mph.

McAfee says the implications of this research are significant, because:

  • By 2023, worldwide net additions of vehicles equipped with autonomous driving capabilities will reach 745,705 units, up from 137,129 units in 2018, according to Gartner
  • However, there is more discussion and awareness needed about the potential pitfalls and safety concerns associated with such rapid acceleration in this technology.
  • Given this projected growth, it’s a rare and critical opportunity for the cybersecurity industry and automobile manufacturers to be ahead of adversaries in understanding how AI/machine learning models can be exploited in order to develop safer next-gen technologies.

Mo Cashman, Principle Engineer at McAfee, said: “The automotive and cybersecurity industries will need to work together closely to design, develop, and deploy the right security solutions to mitigate threats both before they occur and after they happen. Unlike automotive safety, cybersecurity is not probabilistic. Threats come from a variety of sources, including intentionally malicious and unintentionally malignant. As a result, processes must be put in place to mitigate these cyber threats over the entire lifecycle of the product, from early design decisions through manufacturing to operation and decommissioning.

“With new systems come new attack surfaces and vectors – all of which should lead to new risk management considerations. Manufacturers must recognise this and take the appropriate measures for cyber resilience. Key actions range from conducting rigorous checks to using security tools to distinguish real threats from ‘noise’. Manufacturers must also ensure connections are secured from the cloud through to the vehicle endpoint, minimising vulnerabilities which hackers could use for their own gain.

“No matter the state of the threat landscape today, best practices for automotive security are an evolution and amalgamation of both product safety and computer security. By collaborating with the cybersecurity industry, the automotive and manufacturing sectors can research, develop, and enhance products, services, and best practices for a more secure driving experience.”

McAfee’s Top Tips for manufacturers:

  • Conduct rigorous checks. There are times when a product functions in a way developers/engineers didn’t expect it to perform, as evidenced by McAfee’s research. Perform rigorous checks and validations, considering new scenarios and edge cases that could be introduced in real-world use that perhaps the technology wasn’t specifically designed to handle. Additionally, McAfee encourages auto manufacturers to assess model hacking in systems.
  • Human-Machine teaming. Adversaries are human, continuously introducing new techniques. Machine learning can be used to automate the discovery of new attack methods; creative problem solving and the unique intellect of the security team strengthen the response.
  • Apply multiple analytic techniques and closely monitor changes. Protection methods include multiple techniques, for example noise addition, distillation, feature squeezing, etc. In addition, implement statistically-based thresholds and closely monitor false positives and false negatives, paying attention to the reason for the change. 
  • Take a ‘one enterprise’ and systems approach to security and risk management. Many organisations still operate in silo and this needs to change. Threats enter from multiple routes. As a result, increased collaboration and achieving one unified view across the manufacturer’s digital workplace, cloud services, industrial controls and supply chain are necessary considerations if a manufacturer is to maintain a strong cybersecurity posture as it develops autonomous vehicles.
  • Build a strong culture of security. For manufacturers, safety is often a strategic pillar of the business. Signs are posted highlighting accident-free days and senior leaders are champions of the programme. Bring that same focus to cybersecurity.

69% of SAP users: projects do not prioritise IT security

960 640 Stuart O'Brien

More than two thirds (68.8%) of SAP users believe their organisations put insufficient focus on IT security during previous SAP implementations, while 53.4% indicated that it is ‘very common’ for SAP security flaws to be uncovered during the audit process.

That’s according to the SAP Security Research Report by risk management consultancy, Turnkey Consulting, which also uncovered that most respondents were not fully equipped to manage risk. A fifth (20.8%) felt most businesses did not have the skills and tools to effectively secure their SAP applications and environment, with 64.3% saying they only had some skills and tools.

Looking at specific concerns, nine out of ten (93.2%) people thought it was likely that an SAP audit would flag Access Management issues. Privileged or emergency Access was also a major concern with 86.4% believing it was common or very common to have audit findings specifically related to it.

However, the research also showed a growing awareness of the security challenges faced by today’s enterprise, with the adoption of ‘security by design’ regarded as a solution. 74.0% expect IT security to take greater priority in future SAP deployments, with 89.6% agreeing that security specialists should be brought on board to support their SAP S/4 HANA transformation programmes.

Richard Hunt, managing director at Turnkey Consulting, said: “The findings of this survey mirror our day-to-day experiences; SAP security is often an afterthought on SAP deployments, with the result that not enough time and resource is allocated to the essential security activities that need to take place throughout the project.”

“However it is encouraging to see that boardroom awareness is growing as the general business environment becomes increasingly focused on compliance, data protection and cyber security. This understanding will drive organisations to take the critical step of designing security into implementations from day one.”

Turnkey says it undertook its inaugural SAP research to determine organisations’ preparedness as the SAP landscape undergoes a time of transition and the deadline to adopt SAP S/4 HANA approaches. The SAP ERP offers extensive user benefits in terms of increased interconnectivity and mobility, but risks leaving SAP applications and infrastructure open to exploitation.

Hunt concluded: “Rolling out SAP S/4 HANA requires significant investment and organisational commitment. This reinforces why building in security from the start is vital if remediation, which is costly from both a financial perspective as well as in terms of business disruption, is to be avoided further down the line.”

You can download Turnkey’s SAP Security Research Report by clicking here.

Closing the gender gap in cybersecurity ‘could generate billions’

960 640 Stuart O'Brien

If the number of women working in cybersecurity rose to equal that of men, there would be a $30.4 billion boost to the industry’s economic contribution in the US and a £12.6 billion boost in the UK.

That’s according to a new report from Tessian, which also reveals that closing the gender pay gap, and equalising women’s salaries to men’s, could add a further $12.7bn and £4.4bn to the US and UK economies respectively. 

The report highlights the importance of encouraging more women into cybersecurity and identifies the barriers stopping this from happening. After surveying female cybersecurity professionals in the UK and the US, Tessian reveals that a lack of gender balance was far less of a barrier to entry in the UK, compared to the US:

·         82% of female cybersecurity professionals in the US believe that cybersecurity has a gender bias problem versus 49% of those in the UK. 

·         Just 12% of UK respondents say a lack of gender balance was a challenge at the start of their career versus 38% of those in the US.

·         US respondents were also three times as likely to believe that a more gender-balanced workforce would encourage more women to pursue roles in cybersecurity. 

The report sought to identify which other factors were discouraging women from joining the cybersecurity industry, and found that:

·         42% of respondents think a cybersecurity skills gap exists because the industry isn’t considered ‘cool’ or ‘exciting’. This opinion was most commonly shared by millennials – 46% vs. 22% of 45-54 year olds.

·         A lack of awareness or knowledge of the industry was the top challenge female professionals faced at the start of their career, with 43% citing this as a barrier.

·         43% of women said that a lack of clear career development paths was another challenge at the start of their cybersecurity career, while nearly a quarter (23%) cited a lack of role models.

·         Just 53% say their organization is doing enough to recruit women into security roles. 

Sabrina Castiglione, Senior Executive at Tessian said: “For organisations to successfully recruit more women into security roles, they need to understand what’s discouraging them from signing up beyond just gender bias. We need to make women in cybersecurity more visible. We need to tell their stories and raise awareness of their roles and experiences. And once through the door, managers need to clearly show women the opportunities available to them to progress and develop their careers.”

When asked what would encourage more women to consider a career in cybersecurity, over half (51%) said there needs to be more accurate representations of the industry in the media. Respondents ranked this as the number one way to encourage more women into cybersecurity, followed by a gender-balanced workforce (45%), cybersecurity-specific curriculum in universities (43%) and equal pay (28%).

In the report, Tessian interviewed Shamla Naidoo, former CISO at IBM who said: “To many people, cybersecurity equates to – and is limited to – someone in a hoodie bent over a keyboard in a dark room. That’s not the case at all. If we don’t expand beyond that, we’ll lose out on even more people in the industry.” 

In addition to huge economic benefits, there are other rewards for women working in cybersecurity. 93% of the women surveyed in the report feel secure or very secure in their jobs, with over half (56%) believing that cybersecurity is one of the most important industries today as cyber threats become more advanced. 

Read the full report and discover the stories of cybersecurity professionals at some of the world’s biggest organisations here: Opportunities in Cybersecurity 2020.

Global cybersecurity software revenue to hit $27bn in 2023

960 640 Stuart O'Brien

The overall cybersecurity software revenue is expected to reach $25.1bn in revenue this year, growing 4.8% year-on-year, with the entire market reaching $27bn in the next three years.

That’s according to data gathered by PreciseSecurity.com, which says the rising number of data breaches and cyberattacks globally, as well as the increasing awareness of the state-sponsored cyberattacks, have led to an increased demand for cybersecurity software solutions.

The report asserts that cybersecurity has become one of the biggest concerns for both citizens and businesses all around the world. The growing demand for eCommerce platforms, technology developments including AI and IoT, and the rising number of connected devices have led to the massive adoption of cybersecurity solutions.

For the purposes of the report, the cybersecurity software market refers to all software solutions aiming to protect individual computing devices, networks, or any other computing-enabled device. It includes antivirus software, management of access, data protection and security against intrusions, and any other system-level security risks, both in local installation and cloud service.

In 2012, the global cybersecurity software market reached $17.5bn in revenue. In the following seven years, the market revenue grew by nearly 40% to reach $23.9bn in 2019. The statistics indicate that the entire market is expected to grow at a CAGR of 2.5% in the next three years.

In global comparison, the United States is the leading cybersecurity software market in the world, with the report indicating the entire US market is set to reach $10.1bn value this year.

With $1.5bn value, or 6.5 times less than the US market, the United Kingdom ranked as the second-biggest market globally. The 2020 data show Germany is expected to reach $1.1bn market value this year, followed by France and Canada as other leading markets.

42% rise in companies reporting cyber attacks by foreign governments

960 640 Stuart O'Brien

In 2018, 19% of organisations believed they were attacked by a nation-state – That figure increased to 27% in 2019, with companies in North America the most likely to report nation-state attribution, at 36%.

That’s according to Radware’s 2019-2020 Global Application & Network Security Report, which found that more than one in four respondents attribute attacks against their organisation to cyber warfare or nation-state activity. 

“Nation-state intrusions are among the most difficult attacks to thwart because the agencies responsible often have significant resources, knowledge of potential zero-day exploits, and the patience to plan and execute operations,” said Anna Convery-Pelletier, Chief Marketing Officer at Radware. “These attacks can result in the loss of sensitive trade, technological, or other data, and security teams may be at a distinct disadvantage.”

Radware says the findings come at a time of heightened anxiety for security managers. Organisations are increasingly turning to microservices, serverless architectures, and a mix of multiple cloud environments. Two in five managers reported using a hybrid environment that included cloud and on-premises data centers, and two in five said they relied on more than one public cloud environment. However, only 10% of respondents felt that their data was more secure in public cloud environments.

As organisations adapt their network infrastructure to enjoy the benefits of these new paradigms (such as microservices and multi-cloud environments), they increase their attack surface and decrease the overall visibility into their traffic. For example, 22% of respondents don’t even know if they were attacked, 27% of those who were attacked don’t know the hacker’s motivations, 38% are not sure whether an Internet of Things (IoT) botnet hit their networks, and 46% are not sure if they suffered an encrypted DDoS attack. 

Convery-Pelletier added: “This report finds that security professionals feel as though the battlefield is shifting under their feet.  Companies are increasingly adding and relying upon new paradigms, like microservices, public and hybrid clouds, and IoT, which means the infrastructure is harder to monitor for attacks. These new technologies force a shift in security implementation into the development teams.  Security is often an afterthought as businesses march forward, and there is a misconception that ‘good enough’ is enough.”

In addition, the report also found:

The emergence of 5G networks. As the push for 5G grows, there exists an important opportunity to build security into networks at its foundations. Despite the increasing buzz around 5G networks, only 26% of carriers responded that they felt well prepared for 5G deployment, while another 32% stated that they were somewhat prepared.  

Be careful what you wish for in terms of IoT. 5G promises to advance organisations’ implementation of and the value they derive from IoT technologies, but that promise comes with a corresponding increase in the attack surface. When it comes to IoT connected devices, 44% of respondents said malware propagation was their top concern, while lack of visibility followed at 20% and Denial of Service at 20%.

Data loss is top concern. About 30% of businesses stated that data theft as a result of a breach was their top concern following an attack, down from 35% the previous year, followed by service outages at 23%.  Meanwhile, 33% said that financial gain is a leading motivation for attacks.

To read Radware’s ERT report, visit https://www.radware.com/ert-report-2020/

Is the search for data centre talent a threat, asks BCS

960 640 Stuart O'Brien

Continuing unprecedented growth in the datacentre sector is centre may be at risk due to increasing concerns around scarce resource and rising labour costs.

That’s according to the latest industry survey from Business Critical Solutions (BCS), a specialist professional services provider to the international digital infrastructure industry.

The Winter Report 2020, now in its 11th year, is undertaken by independent research house IX Consulting, who capture the views of over 300 senior datacentre professionals across Europe, including owners, operators, developers, consultants and end users. It is commissioned by BCS, the specialist services provider to the digital infrastructure industry.

Just over two-thirds of respondents believe that the next year will see an increase in demand, up on the 55% from our previous summer survey. This is supported by over 90% of developers and investor respondents stating they expect to see a further expansion in their data centre portfolio over the coming year.

However, concerns are being raised by many Design Engineering and Construction (DEC) respondents around general shortages amongst design, construction and operational professionals with four-fifths expressing resourcing concerns. DEC respondents identified build professionals as being subject to the most serious shortages – 82% stated this view compared with 78% for design professionals and 77% for operational functionality of data centres.

When asked to rank the impact of this our respondents highlighted the increased workload placed on their existing staff (96%),  rising operating/labour costs (92%) and over 80% indicating that this has led to an increase in the use of outsourcing options over the past 12 months. The increased workload for existing staff had in turn led to problems in resourcing existing work, with just over 70% stating that they had experienced difficulties in meeting deadlines or client objectives.

James Hart, CEO at BCS (Business Critical Solutions), said: “At BCS we are currently doing the round of careers fairs looking for candidates for next year’s graduate and apprenticeship scheme. When we are talking to these young people we often find that they either haven’t even considered our sector and/or they have misconceived ideas about what this career path involves. We can address this by going into universities, colleges and schools telling STEM graduates about the data centre industry and how great it is. Without action, this these issues will  become more acute, so the rallying cry for 2020 is that the sector is an exciting place to be and we have to get out there and spread the word!”

Hosted Security Landscape Report: Key insights for 2020

960 640 Stuart O'Brien

A new whitepaper has detailed market analysis of attitudes towards cloud adoption and purchasing behaviours behind hosted physical security from 1000 IT decision makers from across Europe.

The in-depth survey, undertaken by Morphean, a provider of hosted security solutions, illustrates a market that has overcome initial concerns about cyber-security, has understood the clear benefits and will be seeking to adopt such solutions at pace in 2020.

The independent survey of key decision makers within companies from UK, France and Germany with more than 50 employees clearly shows better security, cost benefit and better functionality to be the most influential factors and the most commonly realised benefits of hosted security solutions including video surveillance as-a-service (VSaaS) and access control as-a-service (ACaaS). These solutions are part of a cloud security market that is expected to grow from USD 4.1 billion in 2017 to USD 12.7 billion by 2022, at a CAGR of 25.5%.

The ‘2019 Landscape Report: Hosted Security adoption in Europe is the second study of its kind by Morphean, and facilitates a better understanding of market trends with comparative data from 2018. It revealed that 84% of IT managers are currently using (48%) or considering using (36%) a hosted security solution, which is broadly consistent with the 89% who said they would consider such a solution last year. It also shows that better security ranked #3 among the main benefits realised by the cloud (44%) compared to 27% in 2018; representing a 63% increase in the year and shift in perception around cyber security concerns.

2019 key survey findings include:

  • Better security, cost benefit and better functionality are viewed as the most influential factors AND the most commonly realized benefits of hosted security solutions 
  • Half of respondents cited better security as the #1 benefit of using VSaaS / ACaaS; better functionality (42%) and cost benefits (38%) placed #2 and #3 respectively
  • Half of IT managers have identified data / information security as a priority for improvement in the next 12 months
  • 84% of IT managers are currently using (48%) or considering using (36%) a cloud-based video surveillance or access control solution
  • Of those still considering VSaaS and ACaaS, 79% anticipate introducing these solutions to their business within 12 months
  • 77% of IT managers report that physical security is not optimized; 20% have identified physical security as a priority for improvement in the next 12 months

Rodrigue Zbinden, CEO, Morphean, said: “Our research clearly points to a market that is overcoming initial concerns about cybersecurity, understands the clear benefits of hosted services and reflects growing confidence and purchase intent for 2020. The increased appetite for hosted security presents an opportunity for us to work with businesses to help them improve their physical security, while also educating them on the potential business intelligence benefits offered by surveillance and access control solutions when integrated in the cloud.”

The growing confidence in cloud seems to translate into more positive purchasing intentions around hosted security solutions with 77% of IT managers reporting that physical security is not currently optimized and one in five identifying it as a priority for 2020. Of those considering hosted security solutions, 4 in 5 (79%) anticipate introducing them to their business within a year. While this clearly represents an opportunity for the IT reseller community to enhance its service offering, the report does highlight two trends that may inhibit growth; the first being the physical securityindustry’s ability to adopt the as-a-service business model; the second is system integration with emergent technology such as AI.

Alex Hilton, CEO of The Cloud Industry Forum, added: “With cloud technology we have a toolset that changes the way businesses think and act, ensuring a competitive landscape for years to come. Morphean’s latest research reveals that decision makers are seeing better security, cost benefits and improved functionality as a result of a switch to cloud-enabled security solutions. Cloud presents very real opportunities, but vendors need to hone their offerings and capabilities in order for its full potential to be realised across all markets and sectors.”

The Morphean survey also found that there has been a 5% drop in cloud investment over the past year. In 2018, 33% of the IT budget was spent on cloud services over the previous 24 months and this figure has dropped to 31.38% for 2019. This is in spite of the fact that the majority of respondents (78%) had said that they expected cloud related spending to increase due to the favourable benefits it presents. It’s not the only contradiction found in the report.

Cloud is key to driving operational performance, and yet 78% of IT managers felt that this area of the business was underperforming while only 36% identified it as a priority for improvement.