CyberSecurity - Are we wearing Emperor's New Clothes? New Age Challenges

“If everyone minded their own business, the world will go around a great deal faster than it does“ - Lewis Carroll

Hans Christian Anderson's epic story is something most of us would've read during our school days. A tautological simile to that would be how we wear new clothes as an emperor or an empress in the current digital-centric world. With the advances in technology, are we moving back to the age of Adam and Eve in terms of how we stand, by wearing the "Emperor's new clothes"?

I had a chance to attend the Gartner SRM Conference 2019 at Mumbai in August. Following are some of the key eye-popping takeaways from the session.

Key Highlights

1. Average Lifespan of a Chief Information Security Officer (CISO) – 18 to 24 Months
2. Equifax Data Breach impacted 148 Million Users , $2B in costs and Fines, including CEO/CIO/CSO firing – all due to an Open Source Configuration Security Vulnerability
3. GitHub was down for 10 mins due to a 1.3 TBPS DDoS Attach in Feb 2019
4. Cloud Based Security Subscriptions increase with a 5 Year 37%+ CAGR
5. 3 out of 4 Organizations have a Cloud First Strategy
6. Global economic losses from “WannaCry” attack was estimated to be between $1.5 billion and $4 billion
7. Tightening of Contracts suggested to reduce organizational risk
8. Like an Orchestrator – One’s Security operating model represents how your enterprise orchestrates its capabilities to achieve the enterprise’s strategic objectives
9. Every operating model is unique and cannot be “copied” from another organization.
10. ZTNA – Zero Trust Network Access is gaining momentum like Cloud based security subscriptions
11. Data ownership/protection/privacy is a business driven joint responsibility
12. Microsoft’s privacy portal saw 4.6M users request to see what data Microsoft held in the first 4 months of the GDPR. 18M in Year 1
13. CARTA (Continuous Adaptive Risk and Trust Assessment) , CASB , UEBA are some of the key terms 

“Ransomware is unique among cybercrime because in order for the attack to be successful, it requires the victim to become a willing accomplice after the fact.” – James Scott

Key Gartner Predictions

• By 2022, more than 20% of businesses will use financial risk-assessments of their data assets to prioritize investment choices for IT, analytics, security and privacy
• By 2020, more than 60% of organizations will fail to decrypt HTTPS, missing most targeted web malware
• By 2025, regulatory concern will represent a greater inhibitor for public cloud use than security concern
• By 2022, Organizations will Avert at Least 50% of Successful Attacks Against Client-Side JavaScript and Mobile Apps Using in-App Protection
• Through 2021, organizations with MSSP operations that are properly aligned with internal security operations will have a 50% better incident resolution than organizations that are not.
• By 2022, digital businesses with great customer experience during identity corroboration will earn 20% more revenue than comparable businesses with poor customer experience
• By 2022, API abuses will be the most frequent attack vector, resulting in data breaches for enterprise web applications
• By 2022, 70% of digital businesses will combine budget and leadership of their fraud and security teams.
• Through 2023, business email compromise attacks will be persistent and evasive, leading to large financial fraud losses for enterprises and data breaches for healthcare and government organizations.
• All CSP’s have the Security as a key offering (Azure, AWS, GCP...)

More Eye-Popping Statements

Puzzling statement – Will Amazon/Google/Microsoft become your primary Security Vendor by 2022?

“Cybersecurity is a central challenge and Microsoft is the clear leader in cloud security – Satya Nadella – CEO - Microsoft”

“Our mission here is to build the most trusted cloud. -Michael Aiello - Google Cloud Platform”

“Security needs to become everyone’s job … there’s a whole collection of AWS security tools around automation that you all should be using. – Werner Vogels – CTO - AWS”

I hope you enjoyed reading this as much as I did writing this. What is your take on this topic? Would love to hear your comments.

Credits: Image built using CANVA. All Links correspond to public URLs available and credit goes to respective authors. Respective trademarks owned by corresponding firms. Opinions about tools highlighted are from a personal experience standpoint and in no way reflect the views of my current or past employers or clients

#Gartner #SRM #SecurityAndRiskManagement #DigitalPrivacy #InternetPrivacy #GoldenEye #BigBrother #PersonalPrivacy #CyberSecurity #EmperorsNewClothes #Ransomware #UEBA #ThreatManagement