The IT security professionals should better address the known risks, monitor the value of computer IT devices in the shade and solve the inherent weaknesses introduced by the Internet of things, according to Gartner.
The consulting firm has reviewed the five key areas of security problem facing businesses this year, and issues forecasts and recommendations on how to protect networks and data threats that are likely to arise for each.
The areas are threats and vulnerability management, data security and applications, mobile security and network identity and access management, and security of the Internet of Things (IoT). Gartner’s findings were announced at its recent Summit Security and Risk Management by analyst Earl Perkins.
A key recommendation is that companies should be aware that the delay of the security measures to avoid business interruption, can be a bad measure. Gartner recommends that security professionals should make decisions on the protection of networks and based on the series of risks posed known deficiencies of the company and its objectives resources. Instead of thinking about its purely protective role, they should see it as a facilitator of the favorable results of the company.
Here are the predictions and recommendations:
The management of threats and vulnerabilities
Prediction: By 2020, 99% of exploited vulnerabilities continue to be known by security professionals and IT for at least one year.
With attackers in search of vulnerabilities in applications and exploitable configurations, it is important that companies prevent vulnerabilities in a timely fashion. If they do not, they may lose money through damage to systems and data theft.
Prediction: In 2020, one-third of attacks experienced by companies will be successful in their IT resources in the shade.
One area of growing concern is the introduction of new technologies by business units, without control by the security team. The fact that avoid the review, and that many of these technologies are new and still contain vulnerabilities, making them susceptible to attacks.
Data security and applications
Prediction: In 2018, the need to prevent data breaches from public clouds will boost 20% of organizations to develop government data security programs.
The government data security will be promoted by insurance companies that will set the cybernetic premiums based on whether companies have these programs in place.
Prediction: In 2020, 40% of companies dedicated to DevOps ensure applications developed by adopting self-diagnostic application security and self-protection technologies.
The mature technology called self-protection application at runtime would be a solution as a way of avoiding vulnerabilities in applications that might result from problems overlooked because of the rapid pace of DevOps teamwork. Self-protection application does its job quickly and accurately in order to provide protection against vulnerabilities that could be exploited.
Mobile and network security
Prediction: In 2020, 80% of the new jobs for security officers access to the cloud (CASB) will be packaged with secure web gateway link (SWG), network firewall, and web application firewall platform (WAF).
Traditional providers network security products such as firewalls, SWGs and WAFs want to be in the protection of SaaS applications, which is carried out efficiently through CASBs. Companies should assess whether the CASB services are guaranteed by their plans for the deployment of applications, and should consider offers from their current providers of these traditional technologies.
Identity and access management
Prediction: In 2019, 40% of identity as service implementations will replace implementations of AMI in facilities.
This increase in the use of IDaaS be derived in part because of the difficulty and cost of operation of the IAM infrastructure facilities, and the increasing use of other offers of something-as-service will make the decision more comfortable. The continued introduction of more and more mobile Web applications will create a natural opportunity to transition from IAM in the premises of the company IDaaS.
Prediction: In 2019, the use of passwords and sample use cases medium risk will be reduced by 55% due to the introduction of recognition technologies.
With the cost and accuracy of biometric data, they will become a good option for authentication continuously. In combination with the analysis of use and behavior of the entity, this technology can make a difference when cases requiring an average level of confidence applies.
Security for the Internet of Things (IoT)
Prediction: By 2018, more than 50% of manufacturers of IoT devices will not be able to cope with the threats of methods of weak authentication.
The IoT devices are still being manufactured without taking much consideration of security; however, some are on networks so that, if exploited, could expose them to a data damage in case of default. Companies need a framework to determine the risks posed by each type of IoT devices and adequate controls to deal with them.
Prediction: In 2020, more than 25% of the identified business attacks involve the IoT, although, in reality, it is liable for 10% of the budgets of IT security.
As security professionals will not be able to determine the importance of IoT devices for the organization, the business unit that uses them must decide what risk they represent. Security professionals must reserve 5% and 10% of security spending for surveillance and protection of these devices.