Artificial intelligence, automation and cloud visibility will shape the future of IT security, according to Gartner.
Gartner says automation and artificial intelligence (AI) offer countless possibilities for digital businesses, but they also create complexities. Gartner 2017 security forecasts highlight potential benefits for companies such as faster and better penetration testing. However, they also show the potential dangers of automation when it comes to actual security incidents. One thing is clear: Organizations need to be prepared for a complex and connected future.
During the Gartner Safety & Risk Management Conference on August 8 and 9 in Sao Paulo, analysts will present Gartner security predictions aimed at helping companies prepare for the future and identify where they can need help tomorrow.
1. By 2020, investments in artificial intelligence tools and machine learning for automation (focused on orchestrating IT flexibility) will more than triple, helping to reduce business breakdowns due to IT issues. Airlines waste more time on failures and have more disruptions to their operations due to IT than weather. “In part, this is because emerging ecosystems bring more interdependencies, that is, there are cascading failures. Recovery also needs to happen like this. Automation is customized to identify where failures might be, where they might happen, and to create strategies for recovery. For this automation to be accepted by companies, you need to link the security problem to the direct business impact, ”says Rob McMillan, Gartner Research Director.
2. By 2020, zero-day vulnerabilities will be present in less than 0.1% of general attacks, excluding confidential public targets. It is easy to be fooled by the zero-day attack story (done on the very date the bug was reported before it could be fixed), but the vast majority of successful attacks exploit well-known susceptibilities. People tend to worry about these attacks, but they are not common cases. It is important that security teams combat existing vulnerabilities and ensure effective basic security.
3. By 2020, 10% of penetration testing will be performed by machine learning-based intelligent machines, which was not the case in 2016. Today, penetration testing uses some level of automation, but there is still a lot of human involvement. However, machine learning has evolved into practical applications. This means that testing can be done at the speed of a robot rather than limited to the pace of human thinking.
4. During the conference, Gartner analysts will also show that by 2020, more than 20% of companies' business plans will use infonomy (intelligent information management) to perform a financial analysis of data assets and liabilities. This prediction relates to the connection of safety outcomes to business performance and the application of value to the work of security teams in terms of risk mitigation and business function empowerment. When thinking about protecting information, the question arises about the net value of data compared to the cost of protection. What is the value of data for the company? What is the cost of protecting this data? It's viable? Analyze the investment and possible responsibilities and make the decisions.
5. By 2020, at least one major security incident will be caused by IT security failure, leading to serious damage. For example, a temporary power outage caused by a utility problem is inconvenient. Loss of control of a device for automated drug administration can be dangerous. It's easy to imagine a scenario where an IT problem could have a physical security-related consequence. The increasing complexity of connections shows that things and infrastructures with different levels of security are now interacting. It is difficult to predict the risks that will arise.
6. 60% of companies implementing the appropriate cloud control and visibility tools will have a third fewer security issues by 2018.
Adding telemetry to cloud workloads will be important for managing security breaches. Even if the manufacturer is protected, telemetry and documented testing will allow security teams to prove that the cloud is up and running. This technology enables the company to identify danger signals so that it can respond quickly and possibly preventively.
7. By 2020, IT-created information security programs will have three times more significant gaps than those of business leaders. The Gartner Conference itself shows that executives' interest in risk and safety is increasing. This increases the security burden of bringing the work being done into the business context. Without communication, there is a problem of alignment between security and what is happening in the rest of the organization. This is where things like Shadow IT come up. When the company is aligned, it is in a better position to defend itself than if it is separated into silos.
Source: securityinformationnews.com
