From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging.
Security, or a distinct lack of, continues to break the world’s most iconic organisations - think Target, Sony or Home Depot.
Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers.
So when sizing up the security spectrum, where’s the channel sweet spot in Australia?
“As little as four years ago, only the big end of town was interested in solving the security problem,” FireEye regional alliance manager, Chris Barton, observed.
“Banks and Federal Government were primed and ready because they understood the issues they faced, and a couple of years rolled by and nothing significantly changed. It was still a case of big business investing hard and focusing on cyber security.”
Fast forward to the past 12 months and Barton believes the Australian market has witnessed a “dramatic increase” in cyber security adoption, a trend that has trickled down from enterprise into the mid-market and small business sectors.
“Security has actually hit the user,” added I.T. Basecamp senior consultant, James Hooke, a SMB focused reseller working across New South Wales. “Before, a virus would slow down your computer and you’d just go and get it fixed.
“But now, ransomware is rising and attackers are encrypting photos, recording users and actually impacting the consumer of the device on a very personal level.”
In echoing Hooke’s observations, Barton said that if users have something valuable, then logic boasts that they’ll want to protect that at any cost.
“Maturity levels are on the increase across the board and we’re seeing a flip in customers beginning to engage more with vendors and resellers to identify a problem and fix it fast,” he added.
Irrespective of size, stature or sector, ransomware is rapidly emerging as a new variant of malware that can wreak havoc on personal productivity by locking users out of their own files until a “ransom” is paid to the attacker.
But even then, not all attackers will release the files, resulting in the need for a more targeted approach from security specialists.
“We’ll continue to drive the conversation around ransomware in the year ahead,” Sophos A/NZ channel director, Jon Fox, said. “But as a vendor we must also help partners make security that little bit simpler.
“We have a wide range of offerings but it’s a complex area of IT so if the vendor can remove the levels of complexity for the channel, this in turn will make it easier for partners to sell onto the customer.”
In line with industry observations, over the next two years, the security market - both locally and globally - will expand more rapidly than in recent years, with revenue set to increase nearly 12 per cent by 2018.
After rising 11.5 per cent year-to-year in 2016, market growth will be highest in 2017 and 2018 due to significant economic and political changes, such as the adoption of the General Data Protection Regulation in the European Union as well as the evolving security requirements associated with the digital transformations underway in many organisations.
For RSA Security APJ head of channel alliances, Michael Yell, the increased adoption is the product of self-preservation within the market, as business leaders navigate stormy security waters nervously, for fear of being first on the chopping board should a breach occur.
“The conservation has changed both through the channel and selling direct,” Yell said. “Today, organisations have CSOs [Chief Security Officers] in place to help combat attacks, but CEOs are now entering the equation.
“They are asking, is the company protected? But also, am I protected?”
With the fallout of the Sony and eBay hacks still raw - coupled with a host a DDoS attacks in Australia during 2016 - the industry as a whole is fragile, with CEOs desperate to avoid a public execution.
“CEOs are getting shot in the neck all of a sudden and they’re worried because they’re not across the entire business,” Yell said. “So there’s a self-interest element for the channel to consider.”
Specific to the channel, worldwide revenue for security products and managed or premium security services sold to businesses, enterprises, the public sector and other non-consumer customers will also increase, at a healthy 11.7 per cent from 2016 to 2021.
In this growing market, traditional market shares will change, as emerging vendors challenge the status quo, a move which will subsequently reshape the security industry.
But although many organisations have implemented strong security controls that have led to improved security operations, streamlined compliance and faster time to detection, cyber criminals are launching increasingly sophisticated and damaging attacks.
As a result, many organisations plan to increase security spending over the next five years, driving the market’s growth from $US49.4 billion to $US85.7 billion within five years.
“Maturity is increasing but it’s never as fast as it needs to be,” Cylance director of sales engineering APAC, Greg Singh, said.
“The truth is that a lot of businesses in Australia still have their heads in the sand and have done for a long time. It’s the common trail of thought that the problem won’t come to me because I’m too small and too insignificant.”
Further alluding to the rise of ransomware across the industry, Singh said many organisations are currently under attack but “don’t know anything about it”.
“There’s no controls in place,” he explained. “It’s only at the point when someone has a ransomware screen in front of them that they realise they have a problem.
“But when you start to dig under the covers, it’s clear that the problem has been around for a while.