Cybercriminals have become smarter and more sophisticated. Newer, faster technologies are creating greater opportunities for cybercriminals, posing increased threats to individual consumers, businesses and governments alike.
“The proliferation of cloud, mobility and Internet of Things-enabled devices makes information security a prerequisite for businesses, creating urgent need for comprehensive threat response plans,” says Shrikant Shitole, managing director for India at Symantec, in an exclusive interview with TechObserver.in.
Edited Excerpts:
What trends are you witnessing in enterprise security?
Symantec’s Internet Security Threat Report Volume 20 (ISTR.20) revealed that cyber attackers are adopting new tactics by infiltrating networks and evading detection through hijacking corporate infrastructure. Attackers continue exploiting zero-day vulnerabilities, with 2014 seeing an all-time high of 24 discovered zero-day vulnerabilities.
The year also saw 317 million new malware variants created – nearly 1 million unique malware samples daily. Globally, five out of six large companies were targeted in 2014, representing a 40% increase year-over-year.
India’s landscape mirrors these trends. Sixty percent of targeted attacks focused on large enterprises, while 34% targeted small businesses. Email remains a primary attack vector, though criminals are increasingly experimenting with mobile and social network attacks.
Ransomware attacks grew 113% globally according to ISTR Vol 20, with India reporting Asia’s third-highest ransomware incidence at over seven attacks hourly. Particularly concerning is the rise of crypto-ransomware, which overtly holds victims’ files hostage – this variant accounted for 86% of India’s ransomware attacks.
What’s the 2016 outlook for enterprise security?
The threat landscape continues evolving rapidly. Emerging technologies will create new attack surfaces affecting consumers, businesses and governments. Cloud, mobility and IoT adoption will make robust security frameworks essential for all organisations.
Cloud Security: As businesses migrate data to cloud environments, demand grows for security solutions that protect information regardless of location. Data Loss Prevention (DLP) technology will become foundational for enabling secure, device-agnostic data access.
Advanced Threat Protection: Comprehensive incident response capabilities will prove critical for identifying, prioritising and neutralising advanced threats in increasingly complex environments.
Internet of Things: IoT adoption in smart cities, homes and enterprises will necessitate robust security frameworks as the market remains fragmented and vulnerable.
Mobile Security: India’s smartphone user base (projected to surpass 200 million in 2016) presents attractive targets for attackers seeking personal and corporate data. BYOD adoption will make mobile device management solutions essential.
Encryption Needs: Mass device adoption and insecure networks will drive demand for comprehensive encryption solutions across all platforms and communication channels.
Workforce Development: Building cybersecurity skills through upskilling programmes and innovative methods like security gamification (training users through game mechanics) will become imperative for creating human firewalls against social engineering attacks.
Which sectors are driving enterprise security demand?
While all sectors show increased security investment, critical infrastructure remains prime targets. Symantec’s ISTR shows significant attack increases against financial services (17.1% of attacks in 2014 versus 11.1% in 2013) and transportation/communications (4.4% versus 0.8%). The transportation, communications and utilities sector saw fivefold growth in targeted attacks. Mining/oil/gas sectors experienced the highest phishing email volumes and second-highest malware-bearing emails in 2014.
While Symantec traditionally serves BFSI, telecom, government and IT/ITeS sectors (including 95% of Fortune 500 companies), we now see manufacturing and pharmaceuticals increasing security investments due to their valuable data assets and endpoint vulnerabilities.
How have cloud, mobility, virtualisation and BYOD impacted enterprise security?
Today’s dynamic threat landscape features increasingly sophisticated attacks. Security has transitioned from IT concern to boardroom priority as data disperses across physical, virtual and cloud environments.
Modern infrastructure complexity creates multiple attack surfaces – from gateways to endpoints. Organisations must shift from prevention-only strategies to rapid threat detection and response. Advanced threats like ransomware, APTs and zero-day attacks render traditional point solutions inadequate.
BYOD adoption, while beneficial for productivity, introduces personal security risks into corporate environments. Manual threat detection processes across endpoints, networks and email gateways remain time-consuming, giving attackers significant advantages.
What are today’s major enterprise security challenges?
Contemporary attackers demonstrate exceptional persistence, often conducting espionage campaigns spanning months or years. Symantec observes advanced attackers using compromised corporate accounts to spear-phish new targets.
Most organisations lack comprehensive security practices to address modern threats. Human factors remain critical – accidental data exposure and device loss still cause most security breaches. Many leadership teams still lack complete understanding of security integration best practices.
Security teams face overwhelming workloads while managing disparate point solutions never designed for integration. These fragmented approaches increase both vulnerability and operational complexity, creating urgent need for unified security platforms.
