By Earl Perkins, Gartner, Inc. Contributor for Forbes
As the rate of security breaches continues to increase, so does the variety of attacks and the technologies and processes deployed to prevent them. Yet the top threats in the next few years will likely be from a type of hack known to security professionals today. Our first prediction below underscores the fact that attacks will stem from known vulnerabilities. The following list shares other Strategic Planning Assumptions (SPAs) by Gartner for security in the next two to four years.
- Through 2020, 99% of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year.Companies should stay focused on fixing the vulnerabilities they know exist. While these vulnerabilities are easy to ignore, they’re also easier and more inexpensive to fix than to mitigate.
- By 2020, a third of successful attacks experienced by enterprises will be on their shadow IT resources.Business units deal with the reality of the enterprise and will engage with any tool that helps them do the job. Companies should find a way to address shadow IT and create a culture of acceptance and protection versus detection and punishment.
- By 2018, the need to prevent data breaches from public clouds will drive 20% of organizations to develop data security governance programs. Organizations should develop enterprise wide data security governance (DSG) programs by identifying data security policy gaps and seeking cyber insurance when appropriate.
- By 2020, 40% of enterprises engaged in DevOps will secure developed applications by adopting application security self-testing, self-diagnosing and self-protection technologies.Adopt runtime application self-protection (RASP) for DevOps. Evaluate less mature vendors and providers for potential security options.