Tag: cybersecurity

Navigating the New Landscape: How DORA Regulations Will Reshape the Future of Financial Services | Blog

With the deadline for the European Union’s Digital Operational Resilience Act (DORA) less than a year away, financial entities and service providers need to begin acting to reach compliance. Learn the steps organizations should take to prepare now and discover how the new DORA regulations will strengthen digital operational resilience.

Financial institutions’ reliance on information and communication technologies (ICT) for core operations brings immense opportunities in today’s digital world but also exposes banks, investment firms, insurers, and other financial entities to significant cyber threats and operational risks. To address these growing vulnerabilities, the EU has enacted DORA.

The DORA regulations are expected to significantly enhance the digital resiliency of the EU’s financial sector and foster greater stability, consumer protection, and trust. Financial institutions and authorities are working toward meeting the implementation deadline of January 17, 2025. Let’s explore this further.

DORA addresses two critical concerns:

  • Rising cyber threats: DORA mandates robust cybersecurity measures to protect financial systems from increasingly sophisticated and frequent cyberattacks that steal sensitive data, disrupt operations, and erode trust
  • Potential financial instability: DORA aims to prevent ICT incidents from cascading through the financial system, jeopardizing its stability and impacting consumers and businesses. The regulations ensure financial institutions can withstand, respond to, and recover from ICT-related incidents

Who will be impacted by DORA regulations?

DORA will impact all financial institutions and ICT third-party service providers. This includes banks and credit institutions, investment firms, trading platforms, and providers delivering critical services like cloud computing, data centers, credit ratings, and data analytics. It applies to over 22,000 financial entities in the EU and ICT infrastructure support outside the EU.

DORA framework

DORA establishes a comprehensive framework for managing digital operational resilience across the financial sector. Some key provisions include:

  • Enhanced ICT risk management: Financial institutions must implement robust ICT risk management practices, including threat identification, vulnerability assessments, and incident response plans
  • Mandatory incident reporting: Major ICT-related incidents and significant cyber threats must be reported to authorities, enabling faster response and improved threat intelligence sharing
  • Regular digital operational resilience testing: Financial institutions must conduct regular ICT systems testing to identify and address vulnerabilities
  • Strict oversight of ICT third-party providers: Financial institutions are accountable for the resilience of their third-party ICT service providers, with DORA outlining clear oversight and risk management requirements

DORA requires third-party providers to maintain robust cybersecurity measures and operational resilience capabilities to mitigate risks from potential vulnerabilities and disruptions. Moreover, financial institutions must ensure their current and future contracts with providers are compliant.

DORA focuses on five strategic pillars centered around data: risk management, third-party risk management, incident reporting, information sharing, and digital operational resilience testing. However, financial institutions still have many technology legacy systems that could create obstacles to data management.

Capture 3

How can financial institutions comply with DORA regulations?

Immediate next steps financial institutions should take to prepare for the January 2025 deadline include:

  • Conduct a gap analysis and develop an operational resilience framework, business continuity plans, and governance policies
  • Assess risks with third-party providers in the sourcing portfolio and review existing contracts that may be at risk of termination by authorities
  • Ensure risk and compliance leaders are represented on management boards, as the board will have full accountability for ICT risk management
  • Establish systems for managing, logging, and reporting ICT incidents to regulators

How can providers help financial institutions achieve compliance?

By leveraging their deep understanding of enterprise technology footprints, providers should proactively assist enterprises in meeting the regulatory deadline. We recommend providers take the following actions:

  • Develop a perspective on how DORA will impact financial institutions to ease clients’ worries and gain mindshare with new customers
  • Identify accounts needing support to determine current and future states, business continuity plans, risk management frameworks, etc.
  • Evaluate incumbency status and competitive landscape threats. Acknowledge financial institutions will need to reduce their reliance on a single or small group of providers and have open discussions with clients to ensure transparency and collaboration
  • Develop effective rules, procedures, mechanisms, and arrangements to manage ICT risks to financial entities
  • Review contracts and proactively identify clauses needing changes to incorporate DORA compliance
  • Prepare to undergo threat-led penetration testing with financial institutions if deemed critical by regulators

In the near term, we foresee the banking, financial services, and insurance (BFSI) industry in the EU being impacted in the following ways:

  • Spiked demand for security services as financial institutions run security services maturity assessments to review the current state of DORA compliance
  • Revamped sourcing portfolios as financial institutions assess concentration risk of functions deemed critical under DORA
  • Increased demand for a qualified talent pool to conduct vulnerability assessments, performance testing, penetration testing, etc.

With the deadline fast approaching, enterprises and providers cannot afford to wait for the regulatory process to conclude and must begin to take these recommended steps to reach compliance by 2025.

To learn more about the Digital Operational Resilience Act and how to achieve compliance with the DORA regulations, contact Kriti Gupta, [email protected], Pranati Dave, [email protected], and Laqshay Gupta, [email protected].

To learn about Global Services Lessons Learned in 2023 and Top Trends to Know for 2024, don’t miss this webinar.

MXDR: A Revolutionary and Comprehensive Solution Transforming Cybersecurity Detection and Response | Blog

Managed Extended Detection and Response (MXDR) has emerged as a game-changer in combating modern cybersecurity threats. Combining managed services with a technology platform, MXDR offers an encompassing, automated, scalable, and cost-effective solution incorporating real-time threat intelligence. Discover how MXDR compares to other cybersecurity offerings, its core components, and pricing models in this blog.

Request a complimentary price check on three cybersecurity roles across three countries.

In the ever-evolving cybersecurity landscape, organizations face the daunting task of safeguarding their digital assets against countless threats. With the increasing sophistication of cyber attacks, traditional security measures often fall short.

To counter this, various threat detection and response offerings have emerged over the years, including Endpoint Detection and Response (EDR), Network Detection and Response (NDR), Managed Detection and Response (MDR), Extended Detection and Response (XDR), and, most recently, Managed Extended Detection and Response or MXDR.

While these offerings are closely related, they differ in the following fundamental ways:

Offering

 

EDR NDR MDR XDR MXDR
Endpoint detection and response Network Detection and Response Managed Detection and Response Extended Detection and Response Managed Extended Detection and Response
Type Technology platform Technology platform Managed service Technology platform Managed service plus technology platform
Definition Protect endpoints and servers from malicious activity through continuous monitoring and behavioral analytics Analyze network traffic to stop network threats through machine learning and behavioral analytics Modern security operations center (SOC) capabilities to rapidly detect, analyze, investigate, and actively respond to threats Provides a holistic view of the threat landscape by analyzing telemetry from multiple sources such as endpoints, network devices, cloud workloads, third-party data, etc. Combines MDR and XDR

Although these cybersecurity solutions are effective, they are limited by being either a managed service or a specifically focused technology platform. This is where MXDR has emerged as a game-changer, offering a unique and holistic cybersecurity approach by integrating technology with managed services. As a result, MXDR currently stands out as the most comprehensive cybersecurity offering available.

Driving factors behind the evolution to MXDR

An MXDR solution always incorporates an XDR platform that integrates with a data lake to gather data from distinct sources. It employs Artificial Intelligence (AI)/Machine Learning (ML) and analytics to correlate the data and generate alerts that threat hunters subsequently investigate.

Given the threat landscape’s constant evolution and the expansion of attack surfaces, the industry is naturally transitioning from MDR to MXDR. Essentially, MXDR provides a “Managed XDR” solution, delivering around-the-clock threat management services.

Primary features that should define any MXDR solution include:

  • A modern, remotely delivered 24/7 SOC with around-the-clock monitoring capability
  • Threat hunting and analysis, which involves searching for undetected intrusions in an organization’s environment
  • Investigation of alerts and incidents generated by the XDR platform using telemetry gathered from various sources like endpoints, cloud workloads, networks, identities, etc.

While service providers or vendors may define their MXDR solutions in distinct ways, these solutions typically encompass the following core services and technological components:

Picture1 2

Some providers offer optional additional services in their MXDR solution, such as vulnerability scanning, onsite incident response and digital forensics, threat detection for OT environments, etc.

The MXDR vendor space is also quite diverse, ranging from global service integrators who partner with technology players to create MXDR offerings to specialized security providers who leverage deep cybersecurity expertise to develop MXDR offerings.

Let’s explore the different MXDR pricing models

While MXDR pricing models are still evolving, the following are the most frequently used:

  • Unit-based tiered pricing – Specialized security providers commonly bill customers according to specific units, such as the number of assets, endpoints, or IT users. Providers often establish distinct pricing tiers with varying unit prices. For example, they may set a per-unit price for environments with 2,000-5,000 assets and a different unit price for those with 10,000-15,000 assets
  • Fixed fee pricing – Global systems integrators (GSIs) typically follow this model that charges the MXDR fee based on the number of endpoints, servers, network devices, data processed, etc.

In a few cases, we also see hybrid pricing, such as per-unit pricing for some MXDR components and fixed fees for other elements.

While traditional detection and response solutions have played a crucial role in the cybersecurity landscape, the emergence of MXDR signifies a paradigm shift towards a more integrated, automated, and adaptive approach. Its holistic nature, automated capabilities, scalability, continuous monitoring, cost-efficiency, and integration of real-time threat intelligence position MXDR as a formidable response to today’s cyber threats.

As organizations strive to fortify their digital defenses and look to select an MXDR vendor, they should consider various factors like current needs, IT landscape, and existing technological investments.

For a more detailed analysis and assistance on MXDR services and pricing, please reach out to [email protected].

Or request a complimentary price check on three cybersecurity roles across three countries of your choice.

Operational Technology (OT) Security Products PEAK Matrix® Assessment 2023

Operational Technology (OT) Security Products

The convergence of IT and Operational Technology (OT) profoundly impacts the OT security landscape, enhancing operational efficiency while introducing vulnerabilities as traditional OT systems integrate with IT networks. Industries recognize the need to protect operational technology systems from escalating cyber threats, leading to a surge in demand for OT security. High-profile attacks on critical infrastructure drive investment in OT security solutions to ensure the integrity, availability, and resilience of essential operations.

As a result, organizations are increasingly investing in OT security measures, including network security, advanced asset visibility, threat detection, incident response plans, and risk and vulnerability management, to protect critical infrastructure and minimize cyber risks while embracing the benefits of IT/OT convergence. Technology providers are investing in next-generation themes in the OT security landscape, including AI-driven threat detection, integration of behavioral analytics, and robust cloud-based solutions. Supply chain security and collaborative information sharing are also on the rise, strengthening critical infrastructure protection and enhancing OT cybersecurity in the face of evolving threats. Technology providers are actively developing industry-specific OT security solutions for sectors such as energy, manufacturing, and healthcare. These solutions effectively address threats specific to each sector, ensure compliance with industry regulations, and maintain operational continuity. This approach offers a comprehensive and customized solution to safeguard critical infrastructure and industrial control systems. The OT security sector is actively pursuing enhanced capabilities and building a strong partnership ecosystem to combat the escalating cyber threats within OT environments.

Operational Technology

What is in this PEAK Matrix® Report

In this report, we analyze nine global OT security technology providers as featured on the Operational Technology (OT) Security Products PEAK Matrix® Assessment 2023. The research will help buyers select the right-fit provider for their needs, while providers will be able to benchmark themselves against each other.
 

In this report, we examine:

  • OT security products PEAK Matrix® characteristics 
  • Enterprise sourcing considerations
  • Providers’ key strengths and limitations

Scope

  • All industries and geographies
  • The assessment is based on Everest Group’s annual RFI process for the calendar year 2023, interactions with leading OT security technology providers, client reference checks, and an ongoing analysis of the OT security products market

Related PEAK Matrix® Assessments

Next-generation IT Services
PEAK Matrix®

Talent Readiness for Next-generation IT Services PEAK Matrix® Assessment 2023

Task Mining
PEAK Matrix®

Task Mining Products PEAK Matrix® Assessment 2023

System Integrators
Media

Network Transformation and Managed Services PEAK Matrix® Assessment – System Integrators (SIs) 2023

Cloud Services
PEAK Matrix®

Cloud Services PEAK Matrix® Assessment 2023 – North America

Our Latest Thinking

960x0 8
Blog

Why Choice of Tech Service Providers Becomes More Strategic with Operations Platforms

Cloud
Blog

A Delicate Balancing Act: Maximizing Cloud Value from AWS

Hamas
Blog

Examining the Impact of the Israel-Hamas Conflict on Cybersecurity Innovation

IT Modernization
Blog

Insights on Challenges and Opportunities from Oracle CloudWorld and the Oracle Health Conference

What is the PEAK Matrix®?

The PEAK Matrix® provides an objective, data-driven assessment of service and technology providers based on their overall capability and market impact across different global services markets, classifying them into three categories: Leaders, Major Contenders, and Aspirants.

LEARN MORE ABOUT Top Service Providers

AI and Automation: Graig Paglieri of Randstad Digital on How to Effectively Harness AI Technology in People Operations | In the News

Recently, Graig Paglieri, the CEO of Randstad Digital Americas was interviewed by Medium, where he talks about how they’re utilizing new technologies to make their jobs easier and provide greater strategic value.

In his interview, Graig mentioned a recent white paper with the Everest Group that estimates that the current global skill gap for AI/ML technologies is 25%-30% — and for cloud skills and cybersecurity, that skill gap stands at 20–25% and 30% percent, respectively. As a solution, enterprises should clearly outline what they hope to achieve with AI, from improving internal operations or enhancing customer engagement.

Read more in Medium.

Secure from the Get-Go: Top Challenges in Implementing Shift-Left Cybersecurity Approaches | In the News

An approach that builds cybersecurity into software and platforms can create stronger security, reducing vulnerabilities and risks. But implementation often comes with challenges.

Focusing on a software product’s speed to market, performance, and security, Ankit Gupta suggests embracing “integrated KPIs” for organizations, fostering shared accountability across product teams, DevSecOps teams, and stakeholders. “Developers don’t have KPIs around security, because it isn’t their main responsibility. But if you’re not incentivized as a developer to spend more time on security, it will limit the willingness to spend time on security,” says Ankit Gupta, Practice Director with Everest Group.

Read more in CSO.

Do You Have What It Takes to Be a CISO? Take the Personality Quiz | In the News

The position of the chief information security officer (CISO) stands out as one of the most influential and well-paying roles within an organization, attracting a diversity of talent. While strong technical skills are key, CISOs must also exhibit resilience, unwavering focus, and a strong commitment to transparency.

Interestingly, candidates with nontraditional backgrounds offer unique benefits to the cybersecurity field, specifically CISO roles. “I’ve found that individuals that have faced adversity in their life tend to make better CISOs,” noted Amit Anand, Senior Analyst at Everest Group.

Read more in ITPro Today.

Israel Surveillance Systems’ Failure to Avert Hamas Attacks Raises Questions | In the News

Israeli surveillance systems, supposed to be the best in the world, failed to detect the recent attack by Hamas. This has raised doubts about the system’s reliability.

Kumar Avijit, Practice Director at Everest Group, said considering the recent shortcomings of Israeli tech in confrontations with Hamas, nations like India that are investing or considering the acquisition of similar technologies might reconsider their stance.

Read more in The Hindu Business Line.

Cyber Resiliency Strategy: Key Themes and Pricing Trends for 2023 | Webinar

on-demand Webinar

Cyber Resiliency Strategy: Key Themes and Pricing Trends for 2023

Gone are the days when cybersecurity was solely the concern of IT departments. Today, the C-suite recognizes the criticality of cyber resiliency programs, which prioritize comprehensive threat advisory, holistic monitoring, and swift response mechanisms.

In this webinar, our experts will explain the differences in cyber resiliency and cybersecurity, outline key enterprise investment themes for cyber resiliency, explore opportunities and associated challenges for service providers, and cover the pricing and solution themes underlying the cybersecurity and cyber resiliency market.

What questions will the webinar answer for the participants?

  • What is cyber resiliency, and what is the enterprise adoption roadmap?
  • Why are service providers so gung-ho about cyber resiliency?
  • How should a cyber resiliency deal be structured commercially? 

Who should attend?

  • CIOs, CISOs, CTOs, and CDOs
  • IT and BPO department heads
  • Sourcing leaders
  • Strategy leaders
  • GBS leaders managing IT and BPO outsourcing contracts
  • Security product heads
  • Cybersecurity offering leads
  • Cybersecurity service line heads
Kumar Avijit Light Grey
Practice Director
Shukla Vinamra
Practice Director
Sundrani Ricky
Partner

Generative AI Heralds a New Era in Cybersecurity | Blog

In today’s ever-evolving threat landscape, generative Artificial Intelligence (GAI) is becoming an increasingly popular technology tool to defend against sophisticated cyberattacks. Read on to learn about the latest investments in GAI-powered security products, the potential benefits and drawbacks, and the ramifications for the cybersecurity workforce and industry. 

Learn about the latest pricing trends in cyber security in our webinar, Cyber Resiliency Strategy: Key Themes and Pricing Trends for 2023.

GAI has grabbed worldwide interest with its ability to create unique and realistic images, text, audio, code, simulations, and videos that previously were not thought to be possible. Lately, GAI has been applied in many industries, such as the creative arts, healthcare, entertainment, and advertising. Let’s explore the latest cybersecurity industry trends and how GAI can help security teams stay one step ahead of the latest threats.

Cybersecurity vendors are leaving no stone unturned to deliver the power of GAI

In recent years, advanced Artificial Intelligence (AI)- and Machine Learning (ML)-based technologies have been rapidly adopted across the cyber industry, providing intelligent automation capabilities and also augmenting human talent.

The vast use cases of AI/ML in cybersecurity include proactive threat detection, prevention, intelligence, user and entity behavior analytics (UEBA), anomaly detection, vulnerability management, automated incident investigation and response, and more.

With the release of ChatGPT (GPT-3.5/GPT-4), DALL-E, Midjourney AI, Stable Diffusion, and other developments, the hype around GAI is accelerating faster than ever, and vendors are racing to harness its power to develop new products and solutions leveraging this technology.

Key GAI vendor announcements

Picture1 5

Here are some examples of suppliers adopting GAI technology in the past four months alone:

  • SlashNext launched Generative HumanAI, an email security product aimed at combating business email compromise (BEC), in February
  • Microsoft introduced Security Copilot, a solution to help security professionals identify and respond to potential threats using OpenAI’s GPT-4 GAI and Microsoft’s proprietary security-specific model, in March
  • Flashpoint expanded its partnership with Google, incorporating GAI into its intelligence solutions for improved threat detection in April
  • Among other announcements last month, Recorded Future integrated OpenAI’s GPT model into its AI, Cohesity integrated with Microsoft’s Azure OpenAI for anomaly detection, and Veracode developed a tool utilizing GAI to address security code flaws

Generative AI captured massive attention at RSAC

At the recently concluded RSA Conference 2023 in San Francisco, GAI was a fascinating theme that was widely discussed and showcased in many innovative security products. These include SentinelOne’s announcement of Purple AI, which will leverage GAI and reinforcement learning capabilities to not just detect and thwart attacks but also autonomously remediate them.

Also at the event, Google Cloud launched its Security AI Workbench powered by a security-specific large language model (LLM), Sec-PaLM, aimed at addressing the top three security challenges – threat overload, toilsome tools, and the talent gap. The offering incorporates VirusTotal Code Insight and Mandiant Breach Analytics for Chronicle to augment efforts to analyze incidents and detect and respond to threats.

Foreseeable advantages stemming from GAI in the cybersecurity world

The advantages of using GAI for this industry can include:

  • Enhancing threat and vulnerability detection, response, and automated remediation

Its ability to analyze enormous amounts of data and insights from multiple sources enables GAI to detect malicious or anomalous patterns that otherwise might go unnoticed. This can lower alert fatigue and improve the mean time to detect or discover (MTTD), mean time to restore (MTTR), and threat coverage, and enhance overall risk management strategies while reducing total security operations costs. GAI can be employed for machine-speed triaging, predictive remediation, and automated response and action for low-risk incidents. Other potential applications are leveraging the technology to detect malicious URLs and websites and AI-powered phishing campaigns run against enterprises. Furthermore, it can be utilized in Infrastructure as a Code (IaaS) security for detecting and hardenings flaws and for auto-remediation of security misconfigurations and vulnerabilities in applications.

  • Bridging the cybersecurity talent gap

The cybersecurity skills shortage is widely recognized, with enterprises finding it daunting to hire and retain talent to effectively run internal programs. More than 3.4 million skilled cybersecurity professionals are currently required globally, according to the 2022 (ISC)² Cybersecurity Workforce Study.

GAI can create phishing/cyberattacks and stimulate threat environments or security awareness programs to test security professionals’ skills and knowledge, accelerating the learning curve and quickly upskilling and reskilling employees. The technology also can be applied to generate automated workflows, playbooks, use cases, and runbooks for enhanced security delivery capabilities.

  • Powering virtual assistance, enhanced collaboration, and knowledge sharing

GAI can lessen the burden on analysts of mundane tasks by analyzing, visualizing, and summarizing complex security data into comprehensive reports and charts that previously were created manually. GAI also can help build robust assistants for coding, chat, security, or investigation. It potentially can facilitate effective communication, and serve as a centralized knowledge repository, making it easy to share and manage data from one place. This can help enterprises augment knowledge management and foster a culture of continuous learning and engagement.

Watch out for offensive capabilities of GAI in cybersecurity

Major companies, including Apple, Samsung, Amazon, Accenture, Goldman Sachs, and Verizon, have either banned or restricted employees’ use of GAI-powered utilities to safeguard data confidentiality. Data breaches are a primary risk associated with GAI. Models use massive data sets for learning, and that data could contain enterprises’ sensitive information including Personal Identifiable Information (PII) and financial data. If carelessly handled, it could lead to unauthorized access, unintended disclosure, misuse, and even IP or copyright infringement. GAI also exposes enterprises to regulatory compliance risks, especially those subject to strict data protection laws like the General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), the California Consumer Privacy Act (CCPA), etc.

The use of GAI for malicious practices in social engineering, spear phishing, and other scams has been on the uptick. Another potential offensive aspect is that GAI can be employed to create advanced malware strains capable of evading signature-based detection measures.

Malicious actors could use GAI to create sophisticated exploits and other invasive codes to bypass security systems and exploit vulnerabilities in touchpoints. Considering its power to generate new content, brute-force attacks for password theft can be easily facilitated via GAI.

In addition, hackers can utilize deepfake technology to impersonate individuals, leading to identity theft, financial fraud, and the proliferation of misinformation. The efficiency and accuracy of an ML-based security system can be sabotaged if a hacker automates the creation of false positives, wasting analysts’ time and resources while ignoring the real threat.

GAI – A boon or bane?

In the words of Abraham Lincoln, “The best way to predict the future is to create it.” GAI is doing just that. The heavy investments in GAI are a double-edged sword. While the technology can strengthen enterprises’ cyber shield arsenal, adversaries can use it to thwart their defensive attempts. GAI is here to stay and its adoption will accelerate even with security threats, making it pressing for cyber leaders to quickly determine their response and adoption strategies.

Cyber leaders may find a path to expand their roles and become protectors of enterprises by actively taking actions to address GAI’s use. These proactive initiatives can include robust data loss prevention and governance; usage guidelines, policies, and frameworks; workforce education; thorough vulnerability and risk assessments; comprehensive identity and access management; and incident detection and response plans.

Everest Group will continue to follow this growth area. To discuss cybersecurity industry trends, please contact Prabhjyot Kaur and Kumar Avijit.

Continue learning about cybersecurity industry trends in the blog, Now is the Time to Protect Operational Technology Systems from Cyber Risks.

How can we engage?

Please let us know how we can help you on your journey.

Contact Us

"*" indicates required fields

Please review our Privacy Notice and check the box below to consent to the use of Personal Data that you provide.