The COVID-19 pandemic and economic fallouts of lockdown are likely to change the market for information security products and services, with customers seeking to get ‘even more blood from the stone’.
This is according to Dominic White, head of SensePost, an ethical hacking team of Orange Cyberdefense and country manager for South Africa, which is a silver sponsor of the upcoming ITWeb Virtual Security Summit 2020.
White says the pandemic and resulting large scale move to work from home has impacted information security risks, although not necessarily by creating a wave of new threats.
“Innovation even among criminals takes time; and cyber criminals probably have to deal with the same problems everyone else is dealing with – working in isolation and being home with the kids,” he says. “But what has been highlighted amid the work-from-home trend is the role of Secure Remote Access in security. Patching and updating scores of home users’ systems via Secure Remote Access has proven more challenging than people expected. In addition, Secure Remote Access security software might not have been well thought through – now it is potentially collecting information on people’s personal devices at home. We have also detected a possible opportunity for malicious behaviour in the few seconds between when a user starts connecting to the network and when the connection is established.”
White believes one of the most significant changes being wrought by the pandemic and lockdown is a shift in information security investment.
“The slowdown in the economy will likely have a longer-term impact, changing buying behaviour,” he says. “Many organisations have been on a security spending spree for the last decade, and now they may be a move towards managed services, wanting to acquire outcomes and capabilities, rather than a tool.”
“There’s a big move towards value adds. Big customers are saying ‘we can buy the tools ourselves and internal teams will run this. What we need now is value adds like consulting, training and augmenting those teams. Having consultants who can engage with strategic thought and planning is one set of value adds; and we will see more of that integration of services – you won’t just sell someone a firewall, you will include training, connectors to the SOC, and even ethical hacking and in-depth reporting. Companies have relied for years on the default reporting their tools provide, but they are seeing it’s not hugely useful – now they want to see some real reporting, what’s actually happening, and where the value is being provided,” White says.
“There will probably be a push for even more blood from the stone in future – with the economic slowdown, people will have smaller budgets and the value adds will matter more. We are seeing this already, and part of our own transition in South Africa is to expand into a managed services company to look after a wider range of services,” he says.
The impacts of COVUD-19 on cyber security, changing threats and emerging security strategies will come under discussion at the ITWeb Security Summit, to be staged as a virtual event from 25 – 28 August.
Charl van der Walt, head of Security Research at Orange Cyberdefense, will be a keynote speaker on day one of the upcoming ITWeb Security Summit, where he will assess the impact of COVID-19 on cyber security. Van der Walt will outline how the threat landscape has changed, what attacks are on the increase, and how organisations have responded. He will also deliver a talk on security and vulnerabilities of VPNs at the end of day one.
The ITWeb Security Summit will feature the latest updates from over 50 international and local information and cyber security experts in keynotes, tracks, panel discussions, worshops and interactive group sessions. For more information, and to register, go here.