Leading executives from information technology players, A10 Networks, Attivo Networks, BT, Control Risks, Equinix, IFS, IDC, Intel Security’s McAfee Labs, Riverbed Technology, Sophos, present their take on what lies ahead in Africa in 2017.
(Top left to right) Mohammed Al-Moneer is Regional Director MENA at A10 Networks; Ray Kafity is Vice President of Middle East, Turkey and Africa at Attivo Networks; Wael El Kabbany is Vice President of Middle East, North Africa and Eastern Mediterranean at BT; Daniel Heal is Senior Partner for Control Risks East Africa; Jeroen Schlosser is Managing Director of Equinix MENA; Graham Grose is Global Industry Director of Aerospace and Defense at IFS.
(Below left to right) Jyoti Lalchandani is Group Vice President and Regional Managing Director for IDC Africa, Middle East and Turkey; Mark Walker is IDC’s Associate Vice President for Sub-Saharan Africa; Jon Tullett is Research Manager for IT services at IDC South Africa; Vincent Weafer, Vice President of Intel Security’s McAfee Labs; Taj ElKhayat is Regional Vice President of Middle East and Africa at Riverbed Technology; Harish Chib is Vice President, Middle East and Africa at Sophos.
A10 Networks identifies ten soft cyber targets in 2017
The cyber landscape changes dramatically year after year. If you blink, you may miss something, whether a noteworthy hack, a new attack vector or new solutions to protect your business. Sound cyber security means trying to stay one step ahead of threat actors.
IoT poses major threat
In late 2016, all eyes were on IoT-borne attacks. Threat actors were using IoT devices to build botnets to launch massive distributed denial of service attacks. In two instances, these botnets collected unsecured smart cameras. As IoT devices proliferate, and everything has a web connection, refrigerators, medical devices, cameras, cars, tyres, you name it, this problem will continue to grow unless proper precautions like two-factor authentication, strong password protection and others are taken.
Device manufactures must also change behaviour. They must scrap default passwords and either assign unique credentials to each device or apply modern password configuration techniques for the end user during setup.
DDoS attacks
We recently saw some of the largest DDoS attacks on record, in some instances topping 1 Tbps. That is absolutely massive, and it shows no sign of slowing. Through 2015, the largest attacks on record were in the 65 Gbps range. Going into 2017, we can expect to see DDoS attacks grow in size, further fueling the need for solutions tailored to protect against and mitigate these colossal attacks.
Predictive analytics
Math, machine learning and artificial intelligence will be baked more into security solutions. Security solutions will learn from the past, and essentially predict attack vectors and behavior based on historical data. This means security solutions will be able to accurately identify and predict attacks by using event data and marrying to real-world attacks.
Industrial systems
Similar to IoT attacks, it is only due time until we see major industrial control system attacks. Attacks on ecommerce stores, social media platforms and others have become so commonplace that we have almost grown cold to them. Bad guys will move onto bigger targets: dams, water treatment facilities and other critical systems to gain recognition.
Upstream providers
The DDoS attack launched against DNS provider Dyn, which resulted in knocking out major sites that use Dyn for DNS services, made headlines because it highlighted what can happen when threat actors target a service provider as opposed to end customers.
These types of attacks on upstream providers cause a ripple effect that interrupts service not only for the provider, but for users. The attack on Dyn set a dangerous precedent and will likely be emulated several times over in the coming year.
Physical security
Cyber security is just one part of the puzzle. Strong physical security is also necessary. In 2017, companies will take notice, and will implement stronger physical security measures and policies to protect against internal threats and theft and unwanted devices coming in and infecting systems.
Automobiles
With autonomous vehicles on the way and the massive success of sophisticated electric cars like Tesla’s, the automobile industry will become a much more attractive target for attackers. Taking control of an automobile is not fantasy, and it could be a real threat next year.
Point solutions
Instead of buying a single solution, businesses must trust security solutions from best-of-breed vendors and partnerships that answer a number of security needs. Why have 12 solutions when you can have three? In 2017, your security footprint will get smaller, but will be much more powerful.
Ransomware grows
Ransomware was one of the fastest growing online threats in 2016, and it will become more serious and more frequent in 2017. We have seen businesses and individuals pay thousands of dollars to free their data from the grip of threat actors. The growth of ransomware means we must be more diligent to protect against it by not clicking on anything suspicious. If it sounds too good to be true, it probably is.
Security teams
The days of security teams working 9-to-5 are long gone. Now is the dawn of the 24/7 security team. As more security solutions become services-based, consumers and businesses will demand security teams and their vendors be available around the clock. While monitoring tools do some of the work, threats do not stop just because it is midnight.
Retail threats, deceptive capability, to grow in 2017, Attivo Networks
The region’s rapid digitisation and technological transformation, coupled with its wealth, has opened the doors to cyberattacks from a host of attackers. In the wake of smart services, mobility and the Internet of Things, the attack surface has increased.
POS breaches
On the surface, it may appear that the number of breaches affecting retailers and incidences of customer data theft are decreasing. This, in fact, is a misnomer. The number of attacks seems lower because of the lack of disclosed information, as well as the gradual shift in focus from retail segment to others, such as travel and restaurants.
Attackers are also moving downstream and focusing on smaller retailers and businesses, tempted by the number of target organisations available and less sophisticated IT infrastructure. The core problem around point of sale breaches remains largely unaddressed.
Thousands of POS systems continue to run without any form of anti-virus software because of older Windows XP operating systems and the trust relation system with asset management servers. With compromise to the asset management system, malware can be distributed un-noticed to POS terminals en masse.
With this compromise, attackers can continue updating new variants of malware, commands and exfiltration of data. This is an extremely high-risk vulnerability that can go undetected for months, even years, before the breach is discovered.
This is worrying, considering the UAE e-commerce market is estimated to grow to AED 40 billion almost $11 billion by 2020, according to Frost & Sullivan. Furthermore, with increased use of the TOR network and the value of data sold on the DarkWeb being between $5-$30 per stolen credit and debit card, the incentive to target POS systems will remain high.
Detection over prevention
As breaches continued this year, a larger number of CISOs started considering more budget allocations towards detection systems, so that attackers inside the network could be identified and stopped. Historically, more than 75% of InfoSec technology budgets are spent on preventive solutions and their maintenance.
However, a recent survey by Pierre Audoin Consultants among 200 decision makers showed they expected to spend 39% of their IT security budgets overall on detection and response within two years. Gartner has also projected that by 2020, 60% of security budgets will be allocated for rapid detection and response approaches, up from less than 10% in 2014.
Deception enters mainstream
Gartner predicts that by 2018, 10% of enterprises will use deception tools and tactics, and actively participate in deception operations against attackers, closing the gap in detecting signature-less or unknown attacks. In 2017, deception technology will be a preferred solution for advanced threat detection.
Gartner has called out deception as an automated responsive mechanism, representing a major shift in capabilities and the future of IT security. They have stated that deception is the most advanced approach for detecting threats within a network and acknowledged it as a top 10 security trend for 2015, 2016, and again for 2017.
Dwell time
According to a variety of sources, malware continues to go undetected within companies for months, with some detections occurring after as many as 200 days. With more emphasis on detection technology, there will be a decrease in dwell time and an increase in the number of breaches being detected by internal teams.
Historically, only 1 in 5 breaches are detected internally. By the end of 2017, this number will increase to 50% of all breaches being detected internally by customers, law enforcement agencies, and third parties.
Intelligence sharing
Frost & Sullivan estimates that network security spending in the GCC will reach $1 billion by 2018. While this is encouraging, intelligence-sharing is as important in the campaign against cybercrime. Vendors will continue to collaborate in sharing information and on integrating their solutions, enabling the sharing of data and providing security teams with a single source of information on possible attacks.
Collaboration will allow teams to see real threats they might have missed on their own, based on a partial view of threat activity throughout the network. Operational efficiency will increase significantly, providing better detection, quick remediation, and more effective incident response at the time of attack.
BT’s view of regional trends in 2017
One of the primary roles of a market leader is to envisage powerful technology trends that are poised to drive significant shifts across industries. The point of making predictions is not to be right, but to be ready. So with that purpose in mind, what might technology have in store for the Middle East in 2017 and the years beyond?
One prediction we can make with absolute confidence is that several long term underlying trends will continue to unfold. Digitisation, security, cloud and big data technologies are maturing and manifestly changing the way we work.
Cloud services
More and more organisations have started to fully embrace cloud services, recognising the cost-cutting and agility-improving benefits that they provide. According to Gartner, Cloud Business Process as a Service BPaaS, is the largest segment of cloud services market in the Middle East and North Africa, and is expected to reach $340.2 million in 2020.
An important trend in the world of the cloud is the emergence of ecosystems. In a bid to differentiate, cloud providers have recognised that they must have the right partners embedded in their cloud. In line with this move, we are going to see more cloud providers take steps to attract new partners to their communities.
Intelligent networking
Intelligent networking will be a major trend in 2017. The virtualisation of network functions will allow Chief Information Officers to connect more sensors, access more data and undertake better analytics. An intelligent network will be security aware, it will detect that it is under attack, be able to identify the threat and alert other networks.
We will see an amplifying demand for dynamic networks that enable a more agile response to major security events, especially with heightening security concerns surrounding smart cities.
Era of immersive technology
According to IDC, the augmented and virtual reality market in the Middle East and Africa MEA is set to increase to a staggering $6 billion by 2020. Businesses in the Middle East have been quick on leveraging this immersive technology to transform their consumer interactions. And as the line between physical and virtual reality continues to blur, we might see its application in the collaborative space, replacing messaging services, chat rooms and more.
Moreover, augmented reality will enable medical institutions across the region to facilitate access-at-a-distance surgeries. This is likely to increase the relevance of the efforts put forth by Dubai, which is taking giant strides in becoming the medical tourism hub with an aim to draw 500,000 medical tourists by 2020.
Self-aware Security Solutions
Security remains a systemic threat, but the security challenge is a wide one. 2016 has already seen a spate of notable network infiltrations – the most notorious one being the hack against Qatar National Bank, the biggest lender in the Gulf. Banking and finance and the energy sector are increasingly finding themselves in the crosshairs of advanced cyberattacks.
The continued focus of threat activity against relevant critical systems such as SWIFT, are a constant reminder of the reach and capability of a determined and motivated cyber-criminal. According to Frost and Sullivan, GCC’s network security spending is set to grow to $1 billion by 2018. This statistic reflects the demand for next-level machine learning techniques and network function virtualisation in 2017 to help create networks that are ‘security aware’.
IoT in banking
IoT spending in the Middle East is expected to reach $3.2 billion in 2019, according to IDC. With a growing number of data sensors, and with clients becoming increasingly comfortable with the concept of the IoT, banks now find themselves in a position to create sophisticated systems not seen before.
For example, the use of IoT will enable banks to streamline mortgage applications by employing data intelligence pertinent to a specific property. Using IoT, banks will be able to develop real time analysis of risk in a specific area, making risk profiling quicker and more personalised.
Big Data
The real value of business lies in its data. As we move forward, businesses will invest in technologies to develop new capabilities needed to refine big data. Extracting value from user-generated data poses a major challenge for businesses. Hence, businesses will lean towards expanding their big data projects in order to capture real-time insights, meet customer expectations efficiently and accommodate future business growth.
This will also act as an impetus driving businesses to adopt the public cloud as a platform for data storage, which is steadily increasing.
Control Risks presents opportunity and risks in East Africa in 2017
Macro-economic instability fuelled by low oil prices and global economic sentiment will continue to be the main driver of business risks across East Africa in 2017. Governance improvements and the embedding of certain democratic practices and norms will limit the scope of potential for deterioration, but challenges will still persist.
Cyber-attacks are advancing in nature. Businesses will become increasingly vulnerable until the impact of cyber risks on their operations and reputation is as well understood as the effects of political and security risk.
Macro-economic and domestic political changes are driving African nations to reinvent themselves in the hope of becoming Dubai or Singapore style commercial hubs. This will present lucrative new opportunities for business, but equally engender unknown risks and require a deeper understanding of the local political and regulatory environment.
Companies will pursue different strategies to protect value and seize opportunity in 2017. Organisations will be defined as arks, sharks or whales by their response.
Arks will be defensive and focus on core businesses and markets. They will shed non-performing assets, reverse unsuccessful mergers, cut costs, and delay expansion. While particularly associated with mining and oil and gas due to the collapse in commodity prices, the ark strategy also characterises retrenchment by retailers and re-shoring by manufacturers.
Sharks are less risk-averse and will hunt for opportunities in new activities and locations. Financial services facing regulatory uncertainty and the rise of competing power centres in the emerging world is likely to take on risk to capture first-mover advantages in frontier markets or disruptive sectors.
Whales will take advantage of their deep pockets and cheap financing to engineer mega-mergers and monopolise markets. Their main risks are economic nationalists and competition regulators. Consolidation strongly characterises the technology sector, pharmaceuticals, and agribusiness, which have often arbitraged regulatory environments to gain dominant market positions.
Kenya
The Jubilee Party of Kenya is likely to secure another term in office. However, due to opposition pressure, it is likely the months ahead of the polls will be marked by instability and localised violence in particularly contentious constituencies.
Ethiopia
The ruling party Ethiopian People’s Revolutionary Democratic Front is expected to retain power through continued repression of opposition forces and the introduction of limited political and economic reforms. Fractures within the coalition will become more visible, complicating attempts at more comprehensive reforms to diffuse tensions and woo back investors.
Tanzania
President Magufuli is expected to continue his austerity and reform programme while showing a growing nationalistic stance, increasing fiscal and regulatory risks to business.
Uganda and Sudan
Growing trends of insecurity and economic hardship will pose challenges to the power of two of the region’s longest standing leaders and have the potential to facilitate a surprise change at the top.
Somalia
Sporadic acts of terrorism will continue, mainly affecting border areas of Kenya. Attacks under the banner of so called Islamic State are expected to remain opportunistic, unsophisticated and directed at symbols of the state, particularly security forces.
For businesses to succeed in this diverse region, it is important to take a threat-led approach and understand the unique and evolving risks that could impact the business in that specific market.
Dell looks at seven key trends in 2017
If you could predict the future, how would you do things differently? According to the Digital Business study conducted by Dell Technologies across 16 countries which include UAE and Saudi Arabia, 66% said competition from digital start-ups is incentivising them to invest in IT infrastructure and digital skills leadership.
The last couple of years have been tumultuous for organisations to say the least. Every cinema in the region has its Netflix and YouTube. Every bookstore and library has its Amazon. Expect even more disruption to come down the pike. Established companies are being out-maneuvered and out-innovated by digital start-ups across the world. Nearly one in two do not even know whether they will be around in three to five years’ time.
But amid the disruption is opportunity, and lots of it. Here are seven significant trends for 2017 and beyond seven being a lucky number. No doubt some of these will change the way you do business, from the edge, to the core, to the cloud.
Immersive technology goes mainstream
2017 will signal the democratisation of immersive creativity. Very soon, creators will be able to weave their magic with some super powerful technology, and in time, this technology will be adopted by the wider population. Builders and architects will walk onto project sites and use their devices to see full-scale models of buildings before any work has even begun.
Augmented reality and virtual reality come to fore
According to IDC’s Worldwide Augmented and Virtual Reality Spending, the Middle East and Africa market is set to expand to $6 billion by 2020. Organisations in the region have been quick on leveraging this technology to transform consumer processes and interactions, in addition to democratising business, education and health care.
The blurring of the physical and virtual worlds could well herald the end of lectures and incessant note-taking, by bringing education to life with more immersive senses like touch. Furthermore, AR and VR will enable medical institutions and hospitals in the region to facilitate access-at-a-distance surgeries and medical care.
Chief IoT Officer
Business chiefs are popping-up all over the place. Chief Digital Officers were all the rage but now there is a new kid on the block, in the shape of the Chief IoT Officer. Why do we need them? Because companies will experience mounting pressure to bridge the gap between operations and IT. IDC claims that the global data volume will increase to 44 zettabytes over the next six years.
In a bid to improve efficiency, the Chief IoT Officer will be the agent of change, responsible for pulling their organisations into the Fourth Industrial Revolution.
Securing mobility
Expect the attack perimeter to widen this year and encroach upon other areas of the business beyond the IT network. 2016 has been earmarked with a series of advanced cyber-attacks particularly targeting the banking and finance, oil and gas and energy sectors, which are the backbone of the regional economy. Recently, a variant of a lethal computer virus called Shamoon attacked Saudi Arabia’s General Authority of Civil Aviation. It crippled thousands of computers in its wake, bringing all operations to a halt. This proves that in the age of the connected world, practically anything with an IP address can be hacked.
Understanding that it is not just your data that needs to be protected, but devices as well is going to be a critical awakening for businesses going forward.
The era of intelligent machines
Any doctor will tell you that prevention is better than cure. And now, thanks to machine learning, we can tell when a piece of technology is about to break before it does, and address the issue quickly. Advancements in machine learning are enabling organisations to take a step closer to develop intelligent systems, which are more responsive to the changing IT environments. Machine learning allows IT staff to focus on business innovation.
5K and more
Just when people thought 5K resolution would supplant 4K as the next industry standard, rumors of large displays with double the resolution are starting to circulate. In 2017, people’s experiences of living in technicolor will be upgraded further, until the real-world will look dim in comparison.
Machine perception
It is no secret that companies, and people, are struggling to cope with the tremendous amount of data now online. By making machines watch popular TV shows they are learning how to predict how humans will behave. MIT researchers believe machine perception will revolutionise industries where insight can be acquired from data at scale. For example, computer vision may provide an affordable, more accurate procedure to screen people for medical issues. In time, machines will start to apply their learning across modalities and domains, making it possible to learn from text or virtual worlds.
Equinix looks at interconnected enterprise in 2017
Equinix, the global interconnection and datacentre company, announced its 2017 industry predictions, noting that global IT transformation will trigger significant changes for several industries in the coming year.
Year of multi-cloud convergence
Cloud adoption has matured to an advanced stage where enterprises are increasingly relying more on cloud infrastructure. Enterprises are already using multiple clouds, and the need to connect more diverse and traditionally divided ecosystems with demanding expectations around performance, user experience and seamless integration will push this trend more aggresively in the coming year.
2017 will be the tipping point, when the convergence of multiple clouds across the enterprise, data, applications, infrastructure, personal, will fundamentally change the way people and businesses operate.
Rise of digital edge
Business models are being disrupted, forcing changes in how enterprises operate in the digital economy. The convergence of multiple clouds will call for a natural extension of the corporate boundaries for today’s digital business to the edge, where users and data reside.
This will be important for businesses to better engage with customers in real-time, leveraging social, mobile, analytics and cloud technologies.
Rise of interconnected fabric
Companies will move to connect their digital and physical worlds, to support business around the globe. As enterprises leverage multiple clouds, it can be challenging to manage solutions across different cloud environments from different vendors. If the right cloud management structure is not in place early, these operational issues could start stacking up at a rapid speed leading to severe issues impacting service delivery at the digital edge.
2017 will see the acceptance of an interconnected fabric among enterprises, residing in carrier neutral facilities, to create a central nervous system that connects all aspects of the digital business.
Security paramount
For digital business to be successful and address demands placed by regulatory compliance, companies need to solve for security in a distributed environment across people, things, processes and information. As hybrid cloud becomes more popular, enterprises will realise that cloud providers do not provide all encompassing security solutions. Enterprises will have to own the security of their applications and data within the multi-cloud environment.
Interconnections will provide customers the choice to move from point security solutions to the flexibility of buying Security-as-a-service with benefits such as speed of implementation, ease of set-up and maintenance, real-time protection.
Interconnected commerce
The payments world is undergoing more change, more rapidly than it has encountered since the dawn of currency. Growing smartphone penetration and web access are enabling widespread popularity of global, mobile and online commerce.
The proprietary siloed approach that has been the standard for payments services delivery is beginning to fade away and opening doors for new technologies and business models at the intersection of commerce and payments. At the same time, decentralisation of payments services technology is expanding value for merchants, as they are now able to select platforms that work better for their businesses.
This shift will require businesses to become interdependent and cloud-enabled, with reliable, secure and instantaneous connectivity to compete. A universe of interconnected commerce and payments providers will create new opportunities for the integration of payments, commerce, data, and marketing, enabling new solutions and partnerships around the globe.
SDN and NFV
The ongoing and massive surge in data traffic worldwide has pushed the way for the new age of global network backbone consisting of intercontinental submarine cables, 5G wireless networks and satellites that beam data down to earth using lasers. Networking that previously depended on physical wiring can now be dynamically controlled via software.
Going forward, the next generation infrastructure, compute, storage, network and datacentres, will be open source based. Software Defined Networking and Network Functions Virtualisation, centralise and automate the management of large, distributed multi-datacentre networks using simple application level policies.
IoT becomes a reality
IoT will truly evolve from single vendor independent solutions to those that talk to each other leveraging the same data. As the number of players in the value chain increases, the end-to-end service concept will take precedence and interconnection will become more important for access to networks and multiple clouds.
Going forward, the objective will be to relieve pressure on corporate-centric networks by distributing the traffic more broadly as well as to better control the performance of the streaming IoT information for more real-time business and operational insight.
Performance-based logistics for military assets key in 2017, IFS
In 2017 I expect performance-based logistics, a strategy that optimises total system availability while minimising costs and logistics footprint, will deliver huge changes and opportunities. Organisations in the region are not just being judged on the delivery of military capability and the efficiency and completion of operations any more, but on cost effectiveness too. This comes at a time when organisations are undergoing significant structural transformation as forces continue to mature and defense budgets increase.
Performance-based logistics bases decisions on the contractor’s ability to perform maintenance efficiently and cost-effectively. In the past, OEMs would sell or lease an aircraft to the military which would take control and maintain the asset themselves. With performance-based logistics, there is much more emphasis on working at the asset itself, and software providers are being helped by new opportunities provided by the Internet of Things.
IoT-enabled sensors allow for the recording of data in real-time as the asset is still in use and alert engineers on the ground who can prepare for repair work. All versions of the fifth-generation fighter include Autonomic Logistics Information System, a self-diagnostic solution that alerts maintenance engineers as soon as a fault appears.
And we will see more uses of data collection and analysis techniques such as the Health Usage Monitoring Systems and condition-based maintenance solutions. These reduce unnecessary maintenance, which in turn cuts the total cost of ownership and prolongs the lifespan of the asset – an important aspect as contracts for modern military assets can last up to 25 years or more.
Drones are flying off the shelves in the consumer market, but potential advantages also exist for defense maintenance operations and here I will specifically just address maintenance type applications as opposed to the proven operational benefits of drone technology.
Easyjet is already doing this in the commercial space, but the same can be applied in the defense sector to reduce the time and costs associated with the maintenance of assets. The UK Royal Navy is using drones to scan Navy vessels for damage. Due to the size and area of naval ships, inspections now take hours rather than days, with fewer people involved and can even be done while at sea.
In the future, we may even see automated maintenance drones than can pick up on faults or damage and do the repairs themselves without the control of an engineer. Trials of autonomous maintenance drones are already happening in the oil and gas industry, so it will not be long until this idea becomes a reality in defense.
3D printing will become a huge disruptor in 2017. No longer just a buzzword, the military are already looking into the potential of printing spare parts and military equipment in-theater to drive down costs and drive up availability.
The aerospace and defence sector is set to become one of the biggest contributors to 3D printing’s global revenues, predicted to reach a mammoth $1.4 billion by 2019, producing parts in-house, a development that will completely reshape the relationship between contractors and manufacturers.
Currently, all branches of defense organisations rely on the commercial industry for spare parts and materials. But it will not be long until the military starts to produce its own. Tier two and three suppliers will need to jump on the 3D bandwagon fast, or risk losing business.
Investment in cyber security is growing, with research forecasting $1 trillion will be spent globally on projects in the next five years, driven by an increase in attacks and security concerns. But despite increasing investment, traditional security strategies have struggled to defend against sophisticated cyber-attacks and protect valuable data, made worse by legacy systems and basic security tools.
Look out in 2017 for a new breed of cybersecurity solutions that offer a forward-looking and holistic approach, with a better view of entire security operations to monitor and react to attacks, and where to focus resources to maximise security while attaining business goals.
The defense industry is in a state of flux. Budgets are shifting due to increased border tensions, the rising threat of cyber-attacks and the transformation of supply chains and support. Defense organisations cannot afford to be caught flat-footed. 2017 will start to see defense organisations continue to realign their strategies to take advantage of disruptive technologies, and further tighten their focus on keeping their assets available and ready for deployment as efficiently as possible.
Regional ICT industry to show modest growth in 2017 says IDC
ICT spending in Africa, Middle East, and Turkey, is forecast to total $243 billion in 2017, according to the latest insights presented today by International Data Corporation. IDC expects the region’s ICT market to grow 3.6% YoY in 2017. While this is down on previous forecasts, it still represents a considerable improvement on the 1.6% YoY growth that is anticipated for the current year.
“There is no doubt that 2016 has been a particularly challenging year, characterised by currency volatility, weak oil and commodity prices, and a subsequent softening of government spend,” says Jyoti Lalchandani, IDC’s Group Vice President and Regional Managing Director for META.
“And while these issues will continue to linger, we expect organisations to start pushing ahead with their planned technology investments as the wait-and-watch period draws to a close. Digital transformation initiatives will top the CIO agenda in 2017, as emerging technologies are increasingly leveraged in an effort to drive desired business outcomes. Innovation will be key in this regard, and we expect to see considerable disruption of the traditional ICT mix as a result.”
Complementing that disruption will be an acceleration in the shift towards software and services in the region’s IT market. Indeed, IDC expects spending on software and IT services to grow at respective CAGRs of 7.0% and 8.6% over the 2015-2020 period, far outstripping the 1.7% rate of growth anticipated for hardware.
Communications, finance, and government will be META’s biggest-spending verticals in 2017, but healthcare, transportation, and utilities are expected to be the fastest growing over the five-year forecast period.
IDC expects the markets of South Africa $10.5 billion, Saudi Arabia $7.5 billion, UAE $6.2 billion, and Turkey $5.6 billion to once again lead the way in terms of IT spending in 2017 as Third Platform technologies like cloud, big data, social, and mobility become investment imperatives and dominate the ICT decision-making agenda.
The emergence and increasing traction of so-called innovation accelerators such as the Internet of Things, robotics, cognitive systems, virtual reality, next-gen security, and 3D printing will both disrupt and boost this spending on the Third Platform.
IDC outlined five overarching trends that it expects to shape the region’s investment landscape over the coming 12 months and beyond.
#1
The first of those was that cloud will accelerate to a new level of adoption in 2017, with increased competition among cloud providers set to drive aggressive pricing, bundling, and customer service, as well as a growing focus on securing SME accounts.
#2
The second major trend identified by IDC was that big data analytics will become increasingly more predictive than descriptive in nature, driving new use cases around exploration and discovery, performance management, and operational intelligence.
#3
IDC’s third major trend for 2017 builds on the idea that the emergence of innovation accelerators will usher in a new wave of IT disruption as early adoption gathers pace. In particular, IDC expects the transformational impact of IoT to become more evident over the course of the next 12 months, with the most prominent use cases to include freight monitoring, smart grid electricity, manufacturing operations, production asset management, and remote health monitoring.
Given these applications, it makes sense that the biggest spenders on IoT in 2017 are tipped to be the region’s manufacturing, transportation, utilities, and healthcare verticals.
#4
The fourth major trend identified by IDC is the fact that maintaining security continues to be the number-one challenge facing the region’s CIOs, with spending on security solutions by META organisations set to cross the $2 billion mark in 2017.
IDC expects threat management, compliance remediation, security management, automatic malware removal, and mobile security solutions to be the top five investment priorities in this area.
#5
Finally, IDC anticipates a more pragmatic focus from the region’s Smart City initiatives in 2017, with governments and their partners looking to enable innovative transportation, citizen engagement, and emergency response services that drive tangible improvements in the lives of their residents.
South African recessionary conditions putting squeeze on IT spending
The next wave of ICT development in South Africa will see organisations across the country doing more with less while consolidating and outsourcing legacy IT, according to the latest forecasts from International Data Corporation. IDC predicts that innovation will continue to disrupt the traditional ICT mix and that there will be a much stronger focus on ensuring that technology enables business outcomes.
“This year has undoubtedly been a difficult year for economies around the world,” says Mark Walker, IDC’s Associate Vice President for Sub-Saharan Africa. “The South African economy has not emerged unscathed. Marginal economic growth and political instability have made the business environment very difficult to navigate, and organisations are looking at technology to drive down their costs, while improving the way they operate. Business confidence has also taken a knock because of the economic and political instability.”
“We have seen a very strong focus on datacentre infrastructure and operations during the past year,” continues Walker. “Information security and enterprise software have also been among the top three priorities for CIOs during the same period. Interestingly, cloud computing was only at number seven of the top priorities, which is unexpected considering the global rush to the cloud as a driver of digital transformation and business agility.”
Jon Tullett, Research Manager for IT services at IDC South Africa, says South Africa has lagged in cloud adoption due to the lack of local infrastructure, data protection concerns, and conservative investment strategies. “IDC believes 2017 will see at least one major global cloud provider establishing local datacentre infrastructure to service the region,” says Tullet.
This will address key concerns and spur competition and adoption while putting pressure on local providers. New public cloud spend will overtake on-premises in areas such as collaborative applications, application development software and platforms, and customer relationship management.
Tullett recommends that organisations continue to invest in private cloud but develop the capabilities to transition workloads into public cloud as circumstances change.
Organisations should reassess their application capabilities with a view to cloud capabilities and invest in cloud skills around critical workloads, as well as integration and management. They should also reevaluate contracts and relationships with software providers to ensure that they meet their business requirements.
IDC pointed out that 2016 was also a tough year for information security, with the prevalence of massive data leaks, ransomware, and IoT malware compounded by a shortage of IT security skills.
“We believe 2017 will be worse in every aspect of information security,” says Tullett. “We expect continued exposure for South African businesses to major cybercrime syndicates, both directly and indirectly.”
IDC also believes 2017 will see at least one high-profile public breach in South Africa, which is likely to be a data leak within the public sector, although it cannot rule out malware or ransomware attack in retail or healthcare. However, IDC expects that South Africa will contribute several new technologies aimed thwarting attacks, particularly in relation to IoT applications.
George Kalebaila, Senior Research Manager for Telecommunications at IDC South Africa, says until now most of the IoT applications have been cellular based and mainly under the domain of traditional mobile operators. “In 2017, we will start seeing several smaller non-mobile operators deploy low-power WAN IoT networks to provide low-cost IoT applications.”
IDC expects that most of these implementations will be LoRA based rather than SigFox. IoT will remain a preserve of mobile operators. Post 2017, IDC expects to see an acceleration of IoT deployments in other African countries using similar business models.
LPWAN IoT network implementations will slowly start pushing IoT into the limelight away from traditional M2M applications and lower the barrier to entry in the market, reduce the cost of connectivity, and contribute to the rapid growth of connected devices. IDC also forecasts the developer community taking more interest in developing localised IoT solutions. Once these solutions find their way into the market, this will also drive IoT adoption.
Kalebaila says mobility is becoming one of the key drivers of digital transformation as customer engagements and transactions move to digital platforms.
Choose your own device has become the de-facto device policy for most enterprises to reduce the cost of mobilising the workforce. Financial services will continue to lead the adoption of mobility solutions mainly due to the inherent benefits and cost savings from the reduction in branch footprint and improving customer experience. However, securing data and data recovery have become more important than securing devices as data becomes the new capital in the digital economy.
IDC expects the number of mobile enterprise applications to almost double as the shift from devices to mobile application accelerates.
“In 2017, near field communication will start pushing mobile payments to the fore, but will still remain on the peripheral and will be niche,” says Kalebaila. “5G curiosity and hype from mobile operators and vendors will lead to 5G becoming part of enterprise executive discussions.”
Organisations should plan for mobile applications as a natural part of all workflows in the organisation. The focus should move to mobile application development platforms as a critical tool and security must be integrated across the mobile application development lifecycle. Organisations should also develop an intermediate understanding of 5G elements and what they mean in a commercial setting.
Tullett believes that South African companies will increase their investment in analytics and big data in 2017. While the primary investment will remain limited to large enterprises, he says South African companies are building foundation technologies for cognitive computing, whether it is part of the long-term strategy or not.
Behavioral analysis and prediction will become mainstream in 2017, directly driving product development in banking, financial services, and insurance in particular. In 2017, analytics will be the primary resource responsible for thwarting major criminal incidents.
When machine learning does arrive in the country, it will do so rapidly, with mature, proven technologies ready to deploy by then and ready to take advantage of aligning projects towards that future. Tullett’s advice to organisations in South Africa is to continue to invest in analytics and data processing capabilities.
Measure everything, bearing in mind this will require investment in data handling infrastructure and development resources. Ensure data is robust and accessible to your development, customer experience, business intelligence and data science teams. Finally, workshop strategic projects around current and future analytic capabilities.
McAfee Labs lists security trends for 2017
The 2017 threat predictions run the gamut, including threats around ransomware, sophisticated hardware and firmware attacks, attacks on smart home IoT devices, the use of machine learning to enhance social engineering attacks, and an increase in cooperation between industry and law enforcement.
“To change the rules of the game between attackers and defenders, we need to neutralise our adversaries’ greatest advantages,” said Vincent Weafer, Vice President of Intel Security’s McAfee Labs.
“As a new defensive technique is developed, its effectiveness increases until attackers are compelled to develop countermeasures to evade it. To overcome the designs of our adversaries, we need to go beyond understanding the threat landscape to changing the defender-attacker dynamics in six key areas: information asymmetry, making attacks more expensive, improving visibility, better identifying exploitation of legitimacy, improving protection for decentralised data, and detecting and protecting in agentless environments.”
- Ransomware attacks will decrease in second half of 2017 in volume and effectiveness
- Windows vulnerability exploits will continue to decline, while those targeting infrastructure software and virtualisation software will increase
- Hardware and firmware will be increasingly targeted by sophisticated attackers
- Hackers using software running on laptops will attempt dronejackings for a variety of criminal or hacktivist purposes
- Mobile attacks will combine mobile device locks with credential theft, allowing cyber thieves to access banks accounts and credit cards
- IoT malware will open backdoors into the connected home that could go undetected for years
- Machine learning will accelerate proliferation of and increase the sophistication of social engineering attacks
- Fake ads and purchased likes will continue to proliferate and erode trust
- Ad wars will escalate and new techniques used by advertisers to deliver ads will be copied by attackers to boost malware delivery capabilities.
- Hacktivists will play an important role in exposing privacy issues
- Leveraging increased cooperation between law enforcement and industry, law enforcement takedown operations will put a dent in cybercrime.
- Threat intelligence sharing will make great developmental strides in 2017.
- Cyber espionage will become as common in the private sector and criminal underworld as it is among nation-states
- Physical and cybersecurity industry players will collaborate to harden products against digital threats.
Architecture, DevOps, Paas, hybrid, next disruption points says Riverbed
In 2016, Middle East enterprises went through one of the biggest transitions in a decade as they began to embark on their digital transformation journeys. Characterised by growing uptake of third-platform, enterprise mobility and big-data initiatives, all supported by increasingly complex hybrid networking infrastructures, this necessary evolution has not been without its challenges for businesses in the region.
Now as the digital transformation continues to steam head in 2017, Riverbed Technology provides the following list of trends and predictions to help organisations better plan their IT strategies for the year ahead.
Architecture for digital transformation
IDC predicts that by 2017, 60% of digital transformation initiatives will be unable to scale due to lack of strategic architecture. And by 2018, 70% of siloed digital transformation initiatives will fail due to insufficient collaboration, integration, sourcing, project management. Research from MIT Sloan Management and Deloitte University Press found that less-mature digital companies tend to take a tactical, piecemeal approach as they solve discrete business problems with individual digital technologies.
As a result, they do not fully integrate digital technologies with their business operations, do not solve underlying infrastructure problems that cause frequent application performance issues across the enterprise, and fail to deliver required technical capabilities at scale.
Enterprises will realise for application, compute, storage, networking to work optimally, they must all work together, seamlessly as a system. Any point of weakness or failure in the infrastructure can make the whole system fail.
Everything software defined
Whether it is compute, storage or networking, you can see increased impact and adoption of software-defined everything. In the software-defined world, management and control of computing environment, storage and networking is automated by intelligent software and not by hardware components. Enterprise organisations will implement technologies in order to transition to software-defined enterprise.
Next cloud wave
Enterprise-level internal resources including business-critical applications are now being moved to the cloud. This is a new development as internal-facing applications are traditionally kept internal. The challenge with migrating old systems and applications to a newer encrypted approach is that network capabilities can be stretched becoming too fragile. This ultimately creates complexities tied to application planning, performance monitoring and final migration to the cloud.
Digital transformation is not a fad and we expect to see migration of critical applications to cloud increase in 2017. Large enterprise clouds are now being adopted beyond customer-facing resources. Cloud-only and internet-only transport are the future as they allow enterprise organisations to become more agile while providing cost savings.
Hybrid enterprise advantage
After deploying a hybrid environment, which can be complex and difficult to manage, the work is just beginning for the enterprise. The process continues as application requirements and business needs evolve. So, to increase agility, IT is always evaluating and adopting cloud services and related technologies like PaaS, containers and micro-services to deliver applications faster.
We expect to see greater adoption of application and network management functionality to ensure visibility into the hybrid cloud, creating more trust in IT and alignment to business objectives.
DevOps for digital services
DevOps teams are increasingly using PaaS capabilities together with third-party components to develop composite applications faster. According to Sonatype, the average enterprise downloads more than 229,000 components annually, of which one in 16 has security defects.
Third-party components account for 80%-90% of the code in a typical enterprise application today. Current monitoring for components traces application transactions through server interactions, which obscures dependencies within the application layer.
Enterprises will seek new solutions that provide clear visibility into behavior and interaction of third-party components and platforms in cloud-based environments in order to accelerate development of apps and digital services in the cloud, proactively prevent performance issues, and improve performance of cloud-based apps.
Top security trends in 2017 according to Sophos
2016 saw a number of cyberattacks, ranging from high-profile DDoS using hijacked Internet-facing security cameras to alleged hacking of party officials during the US election. We also saw a rising tide of data breaches from organisations big and small and significant losses of personal information. A look at how some of those trends might play out in 2017.
IOT attacks will rise
In 2016, Mirai showed the massive destructive potential of DDoS attacks as a result of insecure consumer IoT Internet of Things devices. Mirai’s attacks exploited only a small number of devices and vulnerabilities and used basic password guessing techniques. However, cybercriminals will find it easy to extend their reach because there are so many IoT devices containing outdated code based on poorly-maintained operating systems and applications with well-known vulnerabilities.
Expect IoT exploits, better password guessing and more compromised IoT devices being used for DDoS or perhaps to target other devices in your network.
Targeted social attacks
Cybercriminals are getting better at exploiting the ultimate vulnerability – humans. Ever more sophisticated and convincing targeted attacks seek to coax users into compromising themselves. For example, it is common to see an email that addresses the recipient by name and claims they have an outstanding debt the sender has been authorised to collect.
Shock, awe or borrowing authority by pretending to be law enforcement are common and effective tactics. The email directs them to a malicious link that users are panicked into clicking on, opening them up to attack. Such phishing attacks can no longer be recognised by obvious mistakes.
Financial infrastructure at risk
The use of targeted phishing and whaling continues to grow. These attacks use detailed information about company executives to trick employees into paying fraudsters or compromising accounts. We also expect more attacks on critical financial infrastructure, such as the attack involving SWIFT-connected institutions which cost the Bangladesh Central Bank $81 million in February.
SWIFT recently admitted that there have been other such attacks and it expects to see more.
Internet’s insecure infrastructure
All Internet users rely on ancient foundational protocols, and their ubiquity makes them nearly impossible to revamp or replace. These archaic protocols that have long been the backbone of the Internet and business networks are sometimes surprisingly flaky.
For example, attacks against Border Gateway Protocol could potentially disrupt, hijack, or disable much of the Internet. And the DDoS attack on Dynin October launched by a myriad of IoT devices, took down the DNS provider and, along with it, access to part of the internet. It was one of the largest assaults seen and those claiming responsibility said that it was just a dry run.
Large-scale ISPs and enterprises can take some steps to respond, but these may well fail to prevent serious damage if individuals or states choose to exploit the Internet’s deepest security flaws.
Increased attack complexity
Attacks increasingly bring together multiple technical and social elements, and reflect careful, lengthy probing of the victim organisation’s network. Attackers compromise multiple servers and workstations long before they start to steal data or act aggressively. Closely managed by experts, these attacks are strategic, not tactical, and can cause far more damage. This is a very different world to the pre-programmed and automated malware payloads we used to see.
Attacks using admin tools
We see more exploits based on PowerShell, Microsoft’s language for automating administrative tasks. As a scripting language, PowerShell evades countermeasures focused on executables. We also see more attacks using penetration testing and other administrative tools that may already exist on the network, need not be infiltrated, and may not be suspected. These powerful tools require equally strong controls.
Corruption of online advertising
Malvertising, which spreads malware through online ad networks and web pages, has been around for years. But in 2016, we saw much more of it. These attacks highlight larger problems throughout the advertising ecosystem, such as click fraud, which generates paying clicks that do not correspond to real customer interest. Malvertising has actually generated click fraud, compromising users and stealing from advertisers at the same time.
Downside of encryption
As encryption becomes ubiquitous, it has become much harder for security products to inspect traffic, making it easier for criminals to sneak through undetected. Unsurprisingly, cybercriminals are using encryption in creative new ways. Security products will need to tightly integrate network and client capabilities, to rapidly recognise security events after code is decrypted on the endpoint.
Attack against society
Technology-based attacks have become increasingly political. Societies face growing risks from both disinformation and voting system compromise. For instance, researchers have demonstrated attacks that might allow a local voter to fraudulently vote repeatedly without detection. Even if states never engage in attacks against their adversary elections, the perception that these attacks are possible is itself a powerful weapon.
Click below to share this article