The worldwide security technology and services market is forecast to reach $67.2 billion in 2013, up 8.7 percent from $61.8 billion in 2012, as companies continue to expand the technologies they use to improve their overall security, according to a report from IT research firm Gartner.
Gartner analysts outlined three main trends shaping the security market moving forward—mobile security, big data and advanced targeted attacks—and the firm projected the market would grow to more than $86 billion in 2016. In addition, the report noted the bring-your-own-device (BYOD) trend is expected to have a far-reaching influence on the entire security industry.
"With security being one of the top IT concern areas, the prospect of strong continued growth is assured," Ruggero Contu, research director at Gartner, said in a statement. "The consistent increases in the complexity and volume of targeted attacks, coupled with the necessity of companies to address regulatory or compliance-related issues, continue to support healthy security market growth."
When examining the advanced targeted attack (ATA), and the new methods being used to breach today's security controls, Gartner found attackers, especially those who have significant financial motivation, have devised effective attack strategies centered on penetrating some of the most commonly deployed security controls, notably signature-based antivirus and signature-based intrusion prevention.
Most often, the attackers deploy custom or dynamically generated malware for the initial breach and data-gathering phase. Advanced attackers are now capable of maintaining footholds inside an organization once they successfully breach security controls by actively looking for ways to remain persistent on the target organization's internal network.
"Mitigating the threat from ATAs requires a defense-in-depth strategy across multiple security controls," Lawrence Pingree, research director at Gartner, said in a statement. "Enterprises should employ a defense-in-depth, layered approach model. Organizations must continue to set the security bar higher, reaching beyond many of the existing security and compliance mandates to either prevent or detect these newly emergent attacks and persistent penetration strategies. This layered approach is typical of many enterprise organizations and is often managed in independent ways to accomplish stated security goals, namely, detect, prevent, respond and eliminate."
The report also noted the amount of data required for information security to effectively detect advanced attacks and, at the same time, support new business initiatives, will grow rapidly over the next five years. This growth is expected to present unique challenges when looking for patterns of potential risk across diverse data sources, organizations should focus on the idea that big data is not in and of itself the goal, but rather collecting that information to delivering risk-prioritized actionable insight.
"To support the growing need for security analytics, changes in information security people, technologies, integration methods and processes will be required, including security data warehousing and analytics capabilities, and an emerging role for security data analysts within leading-edge enterprise information security organizations," Eric Ahlm, research director at Gartner, said in a statement.