How secure is tomorrow’s IT?

The question “How secure is today’s IT?” does not seem to be answered easily based on the constantly reported incidents and attacks. Even more controversial is the question how IT security will be set up in 2025.

The only ones capable of assessing this are today’s industry experts. They were interviewed in the course of this study with regards to digital threats that are awaiting us in the next couple of years as well as further developments in IT security.

About the experts and the method.

In the course of this study exclusively designated IT security experts were interviewed.

In total 105 experts participated. The survey was conducted in the second quarter of 2018. Experts from 25 countries in Europe and Asia took part in the survey. They work for companies employing between 50 and 120,000 people. It is an exclusively qualitatively conducted study. The answers were submitted anonymously and in writing. They were subject to a typological analysis.

How well prepared are companies for the future?

IT security experts are concerned

Companies are by far not sufficiently prepared for the future! 72% of the interviewees share this opinion. They evaluated on a scale from 0 (not prepared) to 10 (very well prepared).

Which security loopholes are frequently neglected by companies today?

55% name users as the most neglected security risk

Users, their behaviour with regard to IT security, their awareness as well as security know-how are a major issue. 55% of the experts point to that.

16% criticize the security of current IoT devices

Connected devices are part of our daily lives. It is impossible to imagine a production plant without Operational Technology (OT) or a household without smart devices. But from today’s perspective, they are quite unsafe. Cyber-attacks like WannaCry or the Mirai Bot are examples which have proven this.

12% miss clear responsibilities and processes

Who is responsible for what and which processes are established to make sure that security measures are in place and they work well in the daily business? Few resources and little time as well as hardly any awareness for IT security – these factors make it difficult for a strategy to be successful in an organization.

Will we see a rise in cyber-attacks until 2025?

The average of all responses: 300% growth of cyber-attacks a year. 24% of the interviewees expect an increase in cyber-attacks between 500% and 1,000%, 7% even above 1,000%. Almost 30% expect a growth rate between 100% and 500%. None of the experts foresee a decline or a sideways trend towards 2025.

Cyber-attacks of the future: IoT and critical infrastructure in the focus

This will be a major problem in the eyes of the experts: In the future cyber-attacks will concentrate on the Internet of Things (IoT) and in particular on the Operational Technology (OT) in production plants. Attacks on the advanced systems of cars are expected to be in the spotlight as well. Overall (future) “intelligent things” that support our daily lives will be under attack.

Broad blackouts are a major concern for experts as well.

Tomorrow’s IT security technologies – how quickly is AI evolving?

Experts state that IT security technologies have to become more “intelligent” and expect Artificial Intelligence (AI) / Machine Learning to be the major future trends.

Theoretical research on AI exists since 1999. The first milestone for the practical usage of intelligent systems was achieved only recently due to the immensely long computing times and therefore compatible, high-performance processors.

Currently, 70% of the experts see machine learning still in the early stages. But things will change over time: 67% expect a good or very good progress towards 2020. In 5 years time, 89% are convinced of well and very well-advanced machine learning capabilities. But there is still room for further development: 11% are not yet convinced that machine learning will be well-advanced by 2025.

Operational readiness of AI for IT security

Suggestions for a futureoriented resource allocation

AI and machine learning are decisive features for effective IT security technologies in the future. Continuous IT security monitoring – ranging from a Security Information & Event Management (SIEM) to a comprehensive Cyber Defence Centre – is named as the second major trend. Blockchain is also a topic for the security experts. Awareness trainings and encryption also belong to the five most frequently given answers.

Which IT security technologies will have lost importance until 2025?

33% of the experts mention anti-virus software. Furthermore, 14% of the interviewees rank signature based technologies and 12% firewalls. Blockchain is named as well although also mentioned in the previous question about resource allocation towards 2025. This indicates a mixed picture when it comes to the significance of blockchain for IT security.