Organizations will spend more than $37 billion on IT security in 2016, according to findings in IT analyst firm Ovum's Security 2016 Trends to Watch report.
Improving the usefulness of security analytics and threat intelligence is vital, the report noted, adding that keeping business data safe calls for new and innovative technology and that cyber-security controls must improve to deal with next-generation business systems.
"A major challenge that most organizations face starts with the need to better understand where their sensitive data is held. The newer elements of technology, including cloud and mobile, add to the problem and also muddy the waters by providing opportunities to use unsanctioned technology to store data away from corporate servers," Andy Kellett, principal analyst of IT security at Ovum, told eWEEK. "The focus on keeping business data and users safe is a key issue."
More needs to be done to control what users are allowed to do. There needs to be better access control and step-up authentication and then better monitoring and reporting of usage once access has been granted, Kellett said.
He said a lot of focus is now on security intelligence and analytics, and noted that perhaps more practically, many organizations should focus more on the use of detection and remediation tools that can spot malware more effectively and reduce recovery timelines after a breach has occurred.
In 2016, cyber-crime, state-sponsored activities and advanced persistent threats (APTs) will continue to make the headlines, and social engineering that targets human frailties will continue to put business systems at risk, the report noted.
"Security, both user and data protection, will continue to be a big issue for all types and sizes of organization," Kellett said. "The big enterprises will continue to make the headlines when a major beach occurs—Sony, Target, TalkTalk, etc. But for the smaller folks, the impact can be just as damaging. Larger organizations often have more resources available to deal with day-to-day security issues and respond when problems occur."
Small to medium-size businesses (SMBs) need the same levels of protection and, because of the shortfall in available security skills and resources, need more direct help from their security providers, he added.
"The security landscape will continue to evolve—it is a dynamic sector and never stands still," Kellett said. "As the effectiveness of more traditional threat detection products continues to decline, more reliance will be placed on next-generation protection tools that don't rely on signatures and can deal with advanced threats and zero-day cyber-attacks."
He also noted that mobile devices will continue to be part of the problem and at the same time part of the solution because of their ability to support advanced authentication techniques, including biometrics and user-defining measurements, and their ability to provide out-of-band transaction confirmation—but on the down side, they will increasingly become a cyber-crime target.