• Enterprises like the idea of SASE, but zero trust is often more relevant to their business needs.
• Many enterprises feel they are not ready to implement either framework.
Secure access service edge (SASE) and zero trust network architecture (zero trust or ZTNA) are two of the go-to technology trends in the networking and security space at the moment. They grab attention because the idea of bringing network and security policies closer together is appealing to enterprises and often forms part of their IT strategy. The catch is that network and security convergence is often part of enterprises’ longer-term strategy (i.e., not before 2025), and it is often a vague aspiration rather than a definite plan.
• Security resilience, defined as the ability to protect the integrity of every aspect of the business against threats and unexpected conditions, is a top priority for 96% of the 4,751 enterprise organizations surveyed in recent Cisco-sponsored research.
• Of the enterprises queried, 41% report that there had been a major security incident or loss within the last two years.
In a time where enterprise risk is omnipresent, IT professionals operate in a heightened state of alert. Organizations are cognizant of the fact that they are not only being targeted by cybercriminals, but that an intrusion is more likely than not to occur. With this in mind, Cisco conducted its third annual Security Outcomes research to get a sense of what is working for organizations as they strategize to defend their enterprises against a relentless threat environment. The high-level takeaway is that IT departments are making powering through security incidents (not just recovering from them) a top priority, with 96% of the 4,700 surveyed organizations calling cyber resilience a crucial concern for their business.
• Of the 4,984 IT professionals queried in a recent Sophos cloud security survey, 56% report a surge in attack volume and 53% say the negative effect of security incidents has been more severe in 2022 than 2021.
• Nearly two-thirds admit limited vantage point into their cloud assets and configurations was cited as a major contributor to their security woes.
The migration to the cloud has been especially challenging for small and mid-sized businesses that often lack the internal expertise necessary to make the transition successfully. Cloud security is one of the most vexing issues, with SMBs too often lacking the resources to consistently monitor what are often complex cloud environments. In a recent Sophos survey of 4,984 IT staffers in 31 countries, the security vendor has found a sharp increase in the volume, complexity, and negative impact of attacks in the last year. An alarming 67% report that their organizations have been subject to a ransomware demand.
• Cybersecurity providers must differentiate and be relevant by assisting enterprise customers during the recession, with a business outcome led security approach that includes portfolio business cases.
• Commercial deals should include innovative pricing, offering better commercial initiatives and discounts between 10-20%.
The Global Telecom Sector in the Current Economy
A number of telecom operators have reported a decline in B2B revenue of up to 10% compared to the previous year. To add complexity, the majority of providers are simplifying their portfolios, digitalizing their operations and customer interfaces to reduce OpEx and improve customer experiences in a digital enterprise setting. Within this backdrop, recent announcements on the economy going further in the red will create turmoil in the telecom sector in the next two years, and result in companies failing to meet their projected forecasts.
• BT has partnered with Just Eat and Checkatrade to offer discounted packages for broadband and mobile as part of its Enterprise Customer Charter.
• Service providers everywhere are looking to exploit third-party channels to maximize their addressable market – especially in mass markets like SOHO/micro businesses.
BT announced partnerships with Just Eat and Checkatrade to offer discounts on business broadband packages and mobile deals as part of the UK incumbent’s Enterprise Customer Charter – its ‘blueprint to boost UK plc by exploiting cybersecurity, digital services, and purpose-driven goals.’
• (ISC)² reports that while big gains have been made in hiring cybersecurity professionals around the world in 2022, the number of unfilled positions have expanded dramatically.
• Nearly 70% of the 11,779 professionals surveyed for the study say understaffing made their organizations vulnerable.
With the volume of threats on a seemingly endless upward trajectory, awareness of how critical it is to have effective security technology and personnel in place has been a long-time board-level concern. Unfortunately, lack of resources, particularly of the human variety, has plagued the security industry for years. Despite some major efforts across industries to bring in more security talent, there are still major gaps in coverage. In its 2022 Cybersecurity Workforce study, the non-profit security professional’s organization (ISC)² report an 11.1% increase in the number of security professionals in the workforce globally. This represents an addition of 464,000 security staff in the last year. Unfortunately, demand is outstripping supply. The number of unfilled IT security positions has more than doubled to a 26.2% increase in the last year, which translates to more than 3.4 million vacant spots.
• Telecom operators need to focus upstream on the network by strengthening their ‘know your customer’ (KYC) processes, focusing on incident reduction, and reducing illegal network entry.
• Network heads need to devise innovative measures utilizing fraud analytics on call data and fraud scenarios and implementing third-party tools with automation and machine learning.
The Impact of Telecom Fraud on Operator Revenues In terms of figures, organizations like the Communications Fraud Control Association (CFCA) have estimated total global telecom revenues to be in the $1.8 trillion region in 2021, with telecom revenue loss due to fraud to be estimated at 2.22%, resulting in $39.89 billion losses. With this in mind, telecom fraud is a major issue for telecom operators.
• Security heads continue to be challenged in implementing effective cybersecurity strategies and continue to want positive and measurable business outcomes with their cybersecurity investments.
• To stay relevant and drive growth, providers will have to reposition sales and marketing efforts in front of customers, emphasizing value-based selling addressing business challenges.
The Challenged Chief Information Security Officer (CISO), and Vendors Riding on the Current Cybersecurity Growth Wave It is clear that cybersecurity is high on the agenda for businesses of all sizes ranging from small-to-medium enterprises to multinational corporates and government establishments. In recent years, the public has seen exponential growth in cyberattacks across a range of verticals covering finance, government, and utilities to name a few. On the one hand, this has resulted in healthy revenue growth in the cybersecurity segment, with stock valuations and revenues on the rise alongside advances in technology.
• Akamai has identified almost 13 million malicious domains per month in 2022, roughly 20% of all newly observed domains (NODs) that access the provider’s content delivery network (CDN).
• While it remains to be seen how threat actors will operationalize these, it is indicative of looming state-backed cyberwarfare attacks.
Security, cloud, and CDN provider Akamai offers some insights into a looming cyber threat. In a report published at the end of September 2022, Akamai says it has seen a significant uptick in the number of malicious NODs on its CDN. The company says NOD-based threat detection gives the company a means to assess the “long tail” of DNS queries to identify new threats in a very early phase. Akamai defines a NOD as a domain name queried for the first time within a 60-day window.
• IBM added 14 Historically Black Colleges and Universities (HBCUs) cybersecurity partners as the company looks to help train and certify new industry professionals.
• The initiative is part of IBM’s broader, pro bono effort to foster science, technology, engineering, and math (STEM) programs in high schools and colleges.
At the National HBCU Week Conference in Washington DC (US), IBM said it is adding 14 new colleges and university partners to its program announced in May 2022 to train students to become cybersecurity professionals. This brings the total number of IBM’s partners to 20 schools in 11 states.