Worldwide Information Security Spending to Exceed $124B in 2019, Says Gartner

IT_securityGarner forecasts that worldwide information security spending will top $124 billion in 2019, an 8.7 percent increase from $114 billion this year.

The top drivers are security risks, business needs, industry changes, and privacy concerns. As a result, privacy concerns will drive at least 10 percent of market demand for information security services through 2019. In particular, privacy worries will impact identity and access management, identity governance and administration, and data loss prevention, according to Gartner.

“Security leaders are striving to help their organizations securely use technology platforms to become more competitive and drive growth for the business,” said Gartner Research Director Siddharth Deshpande. “Persisting skills shortages and regulatory changes like the EU’s Global Data Protection Regulation [GDPR] are driving continued growth in the security services market.”

Deshpande said publicized data breaches reinforce the need to view sensitive data and IT systems as critical infrastructure.

Therefore, “security and risk management has to be a critical part of any digital business initiative,” he said.

A focus on building detection and response capabilities, privacy regulations, and the need to address digital business risks are the main drivers for information security spending.

Key IT security trends

Gartner has identified a number of key trends affecting information security spending in 2018-2019:

1) At least 30 percent of organizations will spend money on GDPR-related consulting and implementation services through 2019.

Organizations are continuing their journey toward compliance with the GDPR. Implementing, assessing, and auditing the business processes related to the GDPR will be the focus of security service spending for EU-based organizations and for those whose customers and employees reside there.

2) Risk management and privacy concerns within digital transformation initiatives will drive additional security service spending through 2020 for more than 40 percent of organizations.

Consulting and implementation service providers have retooled their service offerings over several years to support customers on their digital transformation journey. Security is a key factor in the uptake of that transformation process for regulated data, critical operations, and intellectual property protection spanning public cloud, SaaS and the use of IoT devices.

3) Services (subscription and managed) will represent at least 50 percent of security software delivery by 2020.

Security-as-a-service is on the way to surpassing on-premises deployments. And hybrid deployments are enticing buyers. Respondents to Gartner’s security buying behavior survey said they plan to deploy security technologies in a hybrid deployment model in the next two years. Managed services represented roughly 24 percent of deployments.

“On-premises deployments are still the most popular, but cloud-delivered security is becoming the preferred delivery model,” said Deshpande.

SamSam Ransomware Attackers Cover their Tracks

Bitcoins

Attackers behind SamSam ransomware use two tactics to penetrate and organization. They target vulnerabilities in a target organization’s systems to gain access its network or they launch brute-force attacks against weak passwords of the remote desktop protocol (RDP).

This is according to an analysis by security firm SophosLabs.

“Unlike most of the well-known ransomware families, which attack randomly, SamSam is used against specific organizations, those most likely to pay to get their data back, like hospitals or schools,” SophosLabs researchers said in a white paper

Once the attackers get in, they look for additional victims through network mapping and credential theft. Then, the attackers manually deploy SamSam on targeted systems using PSEXEC and batch scripts.

The attackers cover their tracks, so security pros have trouble determining the initial infection point and the some of their steps inside the network. They also delete attack files, including the SamSam payload, and change the deployment methodology.