“Today’s security professionals battle threats from outside the organizationas well as those from their own employees. But what about threats that they already know exist? The next few years will see a variety of attacks as well as progress in the technologies and processes that prevent them. At the 2016 Gartner Security & Risk Summit, Earl Perkins, research vice president at Gartner, presented the top Strategic Planning Assumptions (SPAs) for security in the next two to four years. Highlights include:
- Through 2020, 99% of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year.
By 2020, a third of successful attacks experienced by enterprises will be on their shadow IT resources.
By 2018, the need to prevent data breaches from public clouds will drive 20% of organizations to develop data security governance programs.
By 2020, 40% of enterprises engaged in DevOps will secure developed applications by adopting application security self-testing, self-diagnosing and self-protection technologies.
By 2019, use of passwords and tokens in medium-risk use cases will drop 55%, due to the introduction of recognition technologies.
Through 2018, over 50% of IoT device manufacturers will not be able to address threats from weak authentication practices.
By 2020, more than 25% of identified enterprise attacks will involve IoT, though IoT will account for only 10% of IT security budgets.”