Cybersecurity is always important, but it takes a front seat in the news when something bad happens, as it did when a ransomware attack shut the Colonial Pipeline system down for several days in early May, resulting in one of the worst cyberattacks on U.S. infrastructure. The U.S. government has responded with new cybersecurity requirements in the pipeline sector, but what should other sectors take away from this incident? Worldwide security spending across sectors is set to grow this year, and organizations like MISA (Microsoft Intelligent Security Assn.) are growing as well—all in an effort to help the ecosystem defend against increasing cyber threats.
At the end of last month, the DHS (Dept. of Homeland Security) announced a Security Directive designed to help it better identify, protect against, and respond to threats to critical companies in the pipeline sector. The directive comes as a response to the ransomware attack that crippled part of the nation’s access to petroleum. Under the new directive, critical pipeline operators must designate a cybersecurity coordinator to be on duty 24 hours a day, seven days a week. Critical pipeline owners and operators will also be required to report potential and confirmed cybersecurity incidents to DHS’s CISA (Cybersecurity and Infrastructure Security Agency), and they must review their current practices for cyber risk.
Beyond the energy sector, spending on security and risk management technology and services worldwide could reach $150.4 billion in 2021, according to a new report from Gartner. That’s up 12.4% from 2020. The firm’s 2021 CIO Agenda Survey put cybersecurity as the top priority for new spending for the 2,000+ CIOs surveyed in this year’s report. More than half (61%) said their companies plan to bump up their investments in cyber and information security in 2021. The increase in spending is likely due to changes in the workplace due to the COVID-19 pandemic, like remote work requirements and the resulting need for cloud security.
The tech space is responding to entities’ need for tighter security in general. MISA is an ecosystem of independent software vendors and managed security service providers that have integrated their solutions with Microsoft to better defend against security threats. There are nearly 200 partner companies, and, in March, Microsoft announced its members had created 215 product integrations to date. The company also announced its pilot program for adding MSSPs (managed security service providers) had formally transitioned, and MISA now includes at least 39 MSSP members.
In the past month or so, several new companies have joined up with MISA, including Trustwave, a cybersecurity and managed security services provider; Arctic Wolf, a security operations platform provider; Senserva, a cloud security provider; and Netskope, a SASE (secure access service edge) provider. As cybersecurity events continue to wreak havoc on businesses and infrastructure, threatening not only business and consumer data but also national security, the ability to come together to maximize defense efforts against cybercriminals is imperative.
Spending $150 billion on security and risk management in 2021 seems like a lot, but the cost of inaction is greater. Especially for industries in critical infrastructure, investment in proactive security is the better road to take versus reactive, clean-up spending after much damage has already been done. With diligence, 2021 can be a much less “exciting” year than 2020 was, but in all the right ways.
Want to tweet about this article? Use hashtags #IoT #sustainability #AI #5G #cloud #edge #digitaltransformation #machinelearning #infrastructure #cybersecurity #energy #riskmanagement