Tag: cybersecurity

Exploring the Importance of Post-quantum Cryptography: An Unbreakable Vault to Protect Enterprises Against Advanced Cyberattacks, Part 2 | Blog

April 3, 2024

Post-quantum cryptography (PQC) has become essential for enterprises to protect against future quantum-enabled attacks and secure digital assets and sensitive data. Read on to discover providers’ crucial role in preparing enterprises for PQC. Reach out to explore this topic further.

As discussed in our previous blog, the emergence of quantum computing poses a significant threat to current public key cryptographic methods. When run on quantum computers – or more specifically, Cryptographically Relevant Quantum Computers (CRQCs) – some algorithms such as Shor’s can potentially break widely used methods like RSA, DSA, ECDSA, EdDSA, and DHKE, among others.

The advancement of quantum computers can seriously threaten data security and privacy for various enterprises, affecting fundamental principles such as confidentiality, integrity, and authentication. This makes it essential to reassess the security of these cryptographic methods.

The early and widespread use of quantum computers could wreak havoc, enabling new advanced cyberattacks that are impossible using classical computers. Post-quantum cryptography (PQC) is the solution to this problem. Let’s explore this further.

What is post-quantum cryptography?

In the quantum computing era, PQC is vital in ensuring the long-term security of digital communication and data protection. PQC focuses on researching and adopting cryptographic algorithms that are ready for this era.

These algorithms are designed to be secure against both quantum and classical computers. Furthermore, they are expected to be deployable and integrable without significant modifications to current protocols and networks.

With extensive ongoing research in this field, researchers have proposed several mathematical schemes that meet the requirements for being potential candidates for quantum-safe cryptographic algorithms. These include lattice-based, multivariate polynomial, code-based, hash-based, and isogeny-based cryptography.

The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) launched a program in 2016 to create standardized quantum-safe cryptographic algorithms.

After a rigorous six-year evaluation involving global experts, it announced four finalists for quantum-safe cryptographic standards. The following algorithms selected by NIST address general encryption and digital signatures that are crucial for securing data exchanges and identity authentication:

PQC algorithm Cryptographic scheme Purpose
CRYSTALS-Kyber Lattice-based cryptography Key encapsulation method (KEM)
CRYSTALS-Dilithium Lattice-based cryptography Digital signature
FALCON Lattice-based cryptography Small digital signature
SPHINCS+ Hash-based cryptography Digital signature

Several other developments related to PQC have occurred recently. The notable ones are highlighted below:

Timeline final

Common cryptographic pitfalls

The complexity of cryptographic fields makes it difficult for enterprises to navigate data security. With numerous algorithms, protocols, and standards, enterprises often struggle to understand and implement robust cryptographic solutions.

Enterprises may encounter several common cryptographic pitfalls, including:

  • Lack of awareness about cryptographic algorithms used for data protection
  • Dependency on long-life data secured by cryptographic schemes not suitable for the quantum computing era
  • High costs and efforts required to update cryptography across systems and applications manually
  • Use of outdated cryptographic algorithms
  • Challenges in ensuring interoperability between different cryptographic systems and protocols, especially in hybrid IT environments
  • Limited resources, including security budget and expertise, hindering effective cryptography implementation and management
  • Risk of vulnerabilities and security breaches due to incorrect implementation of cryptographic protocols or algorithms

Enterprise considerations for embracing PQC

Considering the current challenges with cryptography, enterprises would face far more significant difficulties if they do not strategically plan for PQC. To prevent this, cybersecurity leaders globally must proactively prepare and initiate early plans to migrate to post-quantum cryptographic standards.

Taking a proactive stance is crucial since transitioning to new quantum-safe algorithms will be discontinuous, considering the inherent disparities in key size, error-handling properties, and other complexities.

Hence, enterprises should give themselves enough time to start small, experiment, learn from positive impacts and challenges, and explore ways to reduce technology transition costs.

Steps to establishing a quantum readiness roadmap

Staying abreast of advancements in quantum computing and quantum-safe solutions is paramount. Enterprises must establish a comprehensive quantum readiness roadmap following these five steps:

  • Inventory quantum-vulnerable systems: To kickstart readiness efforts, enterprises should conduct a thorough inventory of quantum-vulnerable systems across both information technology (IT) and operational technology (OT) environments, covering all cryptographic assets, including keys, certificates, protocols, libraries, and algorithms. Understanding cryptographic assets and algorithms, locations, and purposes is a fundamental best practice, especially when preparing for post-quantum cryptography. It is also crucial to identify where long-life data resides, comprehend data flows, and understand the types of cryptography used to protect it.
  • Conduct an internal risk assessment: This can help identify and prioritize assets most impacted by a quantum computer cryptographically, thus exposing the organization to greater risk. Chief Information Security Officers (CISOs) and Chief Revenue Officers (CROs) must ensure that quantum risk mitigation is integrated into existing risk management strategies.
  • Engage with technology vendors: Partner with supply chain providers to understand their quantum readiness roadmaps and migration strategies to facilitate a smooth transition that aligns with enterprise goals and timelines.

Streamline the current cryptographic infrastructure: Enterprises can initiate modernization efforts by streamlining their current cryptographic infrastructure, including consolidating or replacing vendors to enable a managed migration process. The CFO should collaborate with other executives to prioritize PQC investments based on the risk appetite and strategic objectives and adopt a fully crypto-agile approach. Establishing a governance structure with clearly defined roles and responsibilities to adopt PQC effectively is also recommended.

  • Adopt PQC algorithms: Enterprises eventually should integrate PQC algorithms into browsers, applications, public key infrastructure (PKI), files, and data systems, wherever quantum-vulnerable cryptography is employed. CIOs must collaborate closely with CISOs and other stakeholders to assess the compatibility of current systems with PQC solutions.

There is an ongoing debate over some adversaries already gathering encrypted foreign communications, anticipating the future ability of quantum computers to decrypt such systems, and aiming to extract valuable secrets from the data collected. This threat, known as “harvest now, decrypt later,” highlights the urgency of making cryptographic changes rather than waiting.

How can service providers help enterprises navigate the PQC era effectively and efficiently?

As quantum computing advances, the demand for comprehensive quantum-resistant cryptographic solutions will only increase, favoring a ripe market for cybersecurity service providers to capitalize on.

PQC offers a significant opportunity for providers to position themselves as vital partners in ensuring the security and resilience of enterprises’ digital assets against the evolving quantum computing threats.

Leaders may need help understanding the advanced mathematical concepts and algorithms involved in PQC. The complexity of these cryptographic methods may need to be clarified for enterprises trying to grasp the intricacies of quantum-resistant solutions.

With all the latest discussions about quantum computers, service providers should take this time to develop a perspective on how PQC would impact enterprises from various industry verticals.

Providers should play an educational role, creating awareness about the risks posed by quantum computing and guiding enterprises on the importance of proactively transitioning to quantum-resistant solutions.

Service providers should develop strategies to hire, train, and upskill talent in PQC and quantum computing concepts. Additionally, they can invest in R&D initiatives to explore new approaches and solutions in the PQC field. By collaborating with relevant technology vendors, research institutions, and other organizations paving the way for PQC, service providers can foster innovation and help their clients stay at the forefront of technological advancements.

Cybersecurity service providers can offer specialized consultation and assessment services to help enterprises evaluate and inventory their current cryptographic infrastructure, prioritize components based on risk, identify vulnerabilities to quantum attacks, and recommend appropriate post-quantum cryptographic solutions.

Moreover, they can engage with enterprises on initial levels to develop comprehensive strategies for implementing and managing these solutions effectively, ensuring seamless integration with existing security frameworks and compatibility with legacy systems.

Unlocking potential: Exploring use cases with PQC

Service providers should prioritize PQC to address the threat quantum computing poses to traditional cryptographic systems. By embracing PQC, service providers can safeguard their clients’ data and infrastructure against potential quantum attacks.

Additionally, they can explore new use cases for PQC to unlock innovative solutions and stay ahead of the curve in the rapidly evolving quantum landscape. These new use cases may include:

  • Quantum-safe communication (use cases for cloud computing, data centers, 5G networks, secure private communication links, )
  • Security in the banking sector, securing ATM and online credit card transactions, as well as customer data stored in bank data centers
  • Quantum-safe VPN and SD-WAN
  • Quantum-safe cybersecurity for automotive systems
  • PQC in Internet of Things (IoT) and Mobile Edge Computing (MEC) domains for protection of data transmitted between connected devices and central data processor/edge servers
  • Quantum-safe blockchain
  • Safeguarding the storage, transmission, and processing of sensitive patient data in healthcare (including that collected by biosensors in wearable devices)
  • Quantum-safe PKI for OT environments
  • PQC in Zero Trust Architecture (ZTA)

Envisioning the future

PQC is no longer a theoretical concept but a reality. Multiple applications of PQC have emerged. In their latest release, OpenSSL has fully enabled PQC for digital signatures and fundamental establishment mechanisms. The Signal Protocol, an essential constituent of Signal, Google RCS, and WhatsApp messengers, has also announced support for the PQXDH protocol, becoming the first to introduce PQC for the initial key establishment. Apple has introduced a fresh encryption protocol named PQ3 for iMessage, offering advanced post-quantum security measures for instant messaging.

PQC is rapidly gaining traction for quantum-safe digital signatures, encryption, and fundamental exchange mechanisms. Its widespread adoption seems inevitable as the risks of quantum supremacy proliferate.

The standardized algorithms aren’t battle-tested yet, and exploitable weaknesses could be uncovered, leading to adjustments in their functioning or the development of entirely new algorithms.

We anticipate PQC becoming the cornerstone of cybersecurity strategies in the coming years. Moreover, the security standards are expected to recommend or mandate PQC.

PQC has become a crucial element of enterprise security, safeguarding against quantum-enabled attacks and ensuring the integrity and confidentiality of sensitive data.

Enterprises must start planning to migrate from a secure lock to an unbreakable vault: post-quantum cryptography! Service providers play a crucial role in guiding and supporting enterprises every step of the way.

To discuss post-quantum cryptography further, please contact Prabhjyot Kaur, Kumar Avijit, and Ronak Doshi.

Navigating the New Landscape: How DORA Regulations Will Reshape the Future of Financial Services | Blog

February 22, 2024

With the deadline for the European Union’s Digital Operational Resilience Act (DORA) less than a year away, financial entities and service providers need to begin acting to reach compliance. Learn the steps organizations should take to prepare now and discover how the new DORA regulations will strengthen digital operational resilience.

Financial institutions’ reliance on information and communication technologies (ICT) for core operations brings immense opportunities in today’s digital world but also exposes banks, investment firms, insurers, and other financial entities to significant cyber threats and operational risks. To address these growing vulnerabilities, the EU has enacted DORA.

The DORA regulations are expected to significantly enhance the digital resiliency of the EU’s financial sector and foster greater stability, consumer protection, and trust. Financial institutions and authorities are working toward meeting the implementation deadline of January 17, 2025. Let’s explore this further.

DORA addresses two critical concerns:

  • Rising cyber threats: DORA mandates robust cybersecurity measures to protect financial systems from increasingly sophisticated and frequent cyberattacks that steal sensitive data, disrupt operations, and erode trust
  • Potential financial instability: DORA aims to prevent ICT incidents from cascading through the financial system, jeopardizing its stability and impacting consumers and businesses. The regulations ensure financial institutions can withstand, respond to, and recover from ICT-related incidents

Who will be impacted by DORA regulations?

DORA will impact all financial institutions and ICT third-party service providers. This includes banks and credit institutions, investment firms, trading platforms, and providers delivering critical services like cloud computing, data centers, credit ratings, and data analytics. It applies to over 22,000 financial entities in the EU and ICT infrastructure support outside the EU.

DORA framework

DORA establishes a comprehensive framework for managing digital operational resilience across the financial sector. Some key provisions include:

  • Enhanced ICT risk management: Financial institutions must implement robust ICT risk management practices, including threat identification, vulnerability assessments, and incident response plans
  • Mandatory incident reporting: Major ICT-related incidents and significant cyber threats must be reported to authorities, enabling faster response and improved threat intelligence sharing
  • Regular digital operational resilience testing: Financial institutions must conduct regular ICT systems testing to identify and address vulnerabilities
  • Strict oversight of ICT third-party providers: Financial institutions are accountable for the resilience of their third-party ICT service providers, with DORA outlining clear oversight and risk management requirements

DORA requires third-party providers to maintain robust cybersecurity measures and operational resilience capabilities to mitigate risks from potential vulnerabilities and disruptions. Moreover, financial institutions must ensure their current and future contracts with providers are compliant.

DORA focuses on five strategic pillars centered around data: risk management, third-party risk management, incident reporting, information sharing, and digital operational resilience testing. However, financial institutions still have many technology legacy systems that could create obstacles to data management.

Capture 3

How can financial institutions comply with DORA regulations?

Immediate next steps financial institutions should take to prepare for the January 2025 deadline include:

  • Conduct a gap analysis and develop an operational resilience framework, business continuity plans, and governance policies
  • Assess risks with third-party providers in the sourcing portfolio and review existing contracts that may be at risk of termination by authorities
  • Ensure risk and compliance leaders are represented on management boards, as the board will have full accountability for ICT risk management
  • Establish systems for managing, logging, and reporting ICT incidents to regulators

How can providers help financial institutions achieve compliance?

By leveraging their deep understanding of enterprise technology footprints, providers should proactively assist enterprises in meeting the regulatory deadline. We recommend providers take the following actions:

  • Develop a perspective on how DORA will impact financial institutions to ease clients’ worries and gain mindshare with new customers
  • Identify accounts needing support to determine current and future states, business continuity plans, risk management frameworks, etc.
  • Evaluate incumbency status and competitive landscape threats. Acknowledge financial institutions will need to reduce their reliance on a single or small group of providers and have open discussions with clients to ensure transparency and collaboration
  • Develop effective rules, procedures, mechanisms, and arrangements to manage ICT risks to financial entities
  • Review contracts and proactively identify clauses needing changes to incorporate DORA compliance
  • Prepare to undergo threat-led penetration testing with financial institutions if deemed critical by regulators

In the near term, we foresee the banking, financial services, and insurance (BFSI) industry in the EU being impacted in the following ways:

  • Spiked demand for security services as financial institutions run security services maturity assessments to review the current state of DORA compliance
  • Revamped sourcing portfolios as financial institutions assess concentration risk of functions deemed critical under DORA
  • Increased demand for a qualified talent pool to conduct vulnerability assessments, performance testing, penetration testing, etc.

With the deadline fast approaching, enterprises and providers cannot afford to wait for the regulatory process to conclude and must begin to take these recommended steps to reach compliance by 2025.

To learn more about the Digital Operational Resilience Act and how to achieve compliance with the DORA regulations, contact Kriti Gupta, [email protected], Pranati Dave, [email protected], and Laqshay Gupta, [email protected].

To learn about Global Services Lessons Learned in 2023 and Top Trends to Know for 2024, don’t miss this webinar.

MXDR: A Revolutionary and Comprehensive Solution Transforming Cybersecurity Detection and Response | Blog

January 19, 2024

Managed Extended Detection and Response (MXDR) has emerged as a game-changer in combating modern cybersecurity threats. Combining managed services with a technology platform, MXDR offers an encompassing, automated, scalable, and cost-effective solution incorporating real-time threat intelligence. Discover how MXDR compares to other cybersecurity offerings, its core components, and pricing models in this blog.

Request a complimentary price check on three cybersecurity roles across three countries.

In the ever-evolving cybersecurity landscape, organizations face the daunting task of safeguarding their digital assets against countless threats. With the increasing sophistication of cyber attacks, traditional security measures often fall short.

To counter this, various threat detection and response offerings have emerged over the years, including Endpoint Detection and Response (EDR), Network Detection and Response (NDR), Managed Detection and Response (MDR), Extended Detection and Response (XDR), and, most recently, Managed Extended Detection and Response or MXDR.

While these offerings are closely related, they differ in the following fundamental ways:

Offering

 

 EDR NDR MDR XDR MXDR
Endpoint detection and response Network Detection and Response Managed Detection and Response Extended Detection and Response Managed Extended Detection and Response
Type Technology platform Technology platform Managed service Technology platform Managed service plus technology platform
Definition Protect endpoints and servers from malicious activity through continuous monitoring and behavioral analytics Analyze network traffic to stop network threats through machine learning and behavioral analytics Modern security operations center (SOC) capabilities to rapidly detect, analyze, investigate, and actively respond to threats Provides a holistic view of the threat landscape by analyzing telemetry from multiple sources such as endpoints, network devices, cloud workloads, third-party data, etc. Combines MDR and XDR

Although these cybersecurity solutions are effective, they are limited by being either a managed service or a specifically focused technology platform. This is where MXDR has emerged as a game-changer, offering a unique and holistic cybersecurity approach by integrating technology with managed services. As a result, MXDR currently stands out as the most comprehensive cybersecurity offering available.

Driving factors behind the evolution to MXDR

An MXDR solution always incorporates an XDR platform that integrates with a data lake to gather data from distinct sources. It employs Artificial Intelligence (AI)/Machine Learning (ML) and analytics to correlate the data and generate alerts that threat hunters subsequently investigate.

Given the threat landscape’s constant evolution and the expansion of attack surfaces, the industry is naturally transitioning from MDR to MXDR. Essentially, MXDR provides a “Managed XDR” solution, delivering around-the-clock threat management services.

Primary features that should define any MXDR solution include:

  • A modern, remotely delivered 24/7 SOC with around-the-clock monitoring capability
  • Threat hunting and analysis, which involves searching for undetected intrusions in an organization’s environment
  • Investigation of alerts and incidents generated by the XDR platform using telemetry gathered from various sources like endpoints, cloud workloads, networks, identities, etc.

While service providers or vendors may define their MXDR solutions in distinct ways, these solutions typically encompass the following core services and technological components:

Picture1 2

Some providers offer optional additional services in their MXDR solution, such as vulnerability scanning, onsite incident response and digital forensics, threat detection for OT environments, etc.

The MXDR vendor space is also quite diverse, ranging from global service integrators who partner with technology players to create MXDR offerings to specialized security providers who leverage deep cybersecurity expertise to develop MXDR offerings.

Let’s explore the different MXDR pricing models

While MXDR pricing models are still evolving, the following are the most frequently used:

  • Unit-based tiered pricing – Specialized security providers commonly bill customers according to specific units, such as the number of assets, endpoints, or IT users. Providers often establish distinct pricing tiers with varying unit prices. For example, they may set a per-unit price for environments with 2,000-5,000 assets and a different unit price for those with 10,000-15,000 assets
  • Fixed fee pricing – Global systems integrators (GSIs) typically follow this model that charges the MXDR fee based on the number of endpoints, servers, network devices, data processed, etc.

In a few cases, we also see hybrid pricing, such as per-unit pricing for some MXDR components and fixed fees for other elements.

While traditional detection and response solutions have played a crucial role in the cybersecurity landscape, the emergence of MXDR signifies a paradigm shift towards a more integrated, automated, and adaptive approach. Its holistic nature, automated capabilities, scalability, continuous monitoring, cost-efficiency, and integration of real-time threat intelligence position MXDR as a formidable response to today’s cyber threats.

As organizations strive to fortify their digital defenses and look to select an MXDR vendor, they should consider various factors like current needs, IT landscape, and existing technological investments.

For a more detailed analysis and assistance on MXDR services and pricing, please reach out to [email protected].

Or request a complimentary price check on three cybersecurity roles across three countries of your choice.

EG with tagline Neg
Linkedin-in Facebook-f Play Instagram
Better Decisions Powered by Tenacious Research    

Contact Us

Who We Are

About Us

Newsroom

Office Locations

Partners & Affiliations

What We Offer

Memberships

Custom Decision Support

Published Research

Careers

Why Everest Group

Explore Openings

Equal Opportunity Employer

Resources

Access Reports

Citation Policy

Everest Group Market Intelligence (EGMI)

Legal

Using the Reports Portal

©2023 Everest Global, Inc.         Privacy Notice          Terms of Use        Do Not Sell My Information

How can we engage?

Please let us know how we can help you on your journey.

Contact Us

"*" indicates required fields

Please review our Privacy Notice and check the box below to consent to the use of Personal Data that you provide.
Consent*