Joerg Habermeier - stock.adobe.c

Canalys: Cyber security channel set for further growth

Analyst house Canalys forecasts another decent year ahead for those set to can help customers fend off cyber attacks

The cyber security channel is set for a solid year ahead, with the protection of data remaining a high priority for users, according to analyst house Canalys.

The firm is forecasting a potential 10% increase in worldwide spending on security in 2021, with Canalys making the assumption that the current momentum in the market will continue.

In terms of product categories, Canalys is forecasting a 12.5% climb in web and email security, while vulnerability and security analytics will increase 11.0%. Growth in endpoint security will slow to 10.4% after a solid 2020.

Although small and medium-sized enterprise (SME) budgets have been hit in the pandemic, overall spending on cyber security has remained high. Most users have had little choice but to keep their defences protected as staff work from home and vulnerabilities increase.

Even with all of the spending, 2020 saw records being set on the data loss front. Canalys reported that data breaches and ransomware meant that life was particularly difficult for businesses last year, with 12 billion records being compromised.

The coronavirus pandemic has been an opportunity for some of the more loathsome elements of society to target users with phishing scams, and the pressure on the health and education sectors has increased significantly.

As an example, Webroot has charted a 336% increase in suspicious domain names that include the word “vaccine” since the 8 December and 6 January, when compared to March last year.

Nick Emanuel, senior director of product at Webroot, said that mass vaccination programmes were being exploited by cyber criminals. “We’re already seeing cyber criminals exploiting the publicity and anticipation surrounding [vaccines] to target businesses and consumers in phishing and domain spoofing attacks,” he said.

“Scams using keywords based on emotive subjects concerning medical safety and the pandemic are always going to be more effective, especially when they’re in the public interest. And remote work has forced many employees to use personal devices for business-related activities, which presents unique security concerns.

“With a higher prevalence of malware and generally fewer security defences in place, it’s easier for malware to slip into the corporate network via an employee’s personal device. For businesses, better security systems and training are key for protection, along with backing up data,” he added.

Matthew Ball, Canalys chief analyst, said that another problem for users was the constant evolution of threats. “The biggest threats are always those not yet known. The discovery of the Solorigate/Sunburst advanced persistent threat campaign at the end of 2020 – stemming from malicious code injected into the widely used SolarWinds Orion IT management platform and subsequent infiltration into other systems – highlights this,” he said.

“Cyber security professional services engagements in response to this latest issue will be one of many factors contributing to sustained investment this year, especially in newer solutions to mitigate emerging threats.

“Growth in add-on subscriptions providing new features, products to secure the cloud and delivered from the cloud, and upgrades to existing solutions will be key drivers for expansion,” he added.

Ball was also clear that the existing need for firms to take a multi-layered approach is set to continue in 2021.

Exploiting Covid-19

Webroot’s Real-Time Anti-Phishing protection system found a rise in malicious URLs and terms to target vulnerable people, using subjects such as the vaccine and Covid-19 cures to get people to click on links and open malicious emails.

The Webroot system found:

  • More than 4,500 new suspicious domains which contained a combination of words relating to ‘Covid-19’, ‘corona’, ‘vaccine’, ‘cure Covid’ and so on.
  • 934 domains which included the word ‘vaccine’ within the title.
  • 2,295 domains which contained ‘covid’ in the title.
  • 622 domains which contained the words ‘test’ or ‘testing’ in their title.

Read more on Remote Access Security