Asaf Cidon, VP email security from Barracuda, writes as the network security product firm has its 15th anniversary this month.
We’ve been thinking about how much technology has changed since 2003 when we launched our first email security solution. We wanted to see how our customers and channel partners feel about the past, present, and future of cyber security and how their approach has evolved over time. We surveyed more than 1,500 IT leaders and security professionals in North America, EMEA, and APAC about their IT security priorities, how those priorities have shifted, and where they’re headed next.
Overall, the study indicates that while the top security priorities have remained consistent over the past 15 years, the types of threats organisations are protecting against has shifted significantly. Looking ahead, respondents believe that the cloud will be a higher priority 15 years in the future and that AI will be both a threat and an important tool. Let’s take a closer look.
Email and network security
The IT professionals we surveyed identified email and networks as their top two priorities in both 2003 and 2018. A full 25 percent of respondents said email was their top security priority in 2003, and 23 percent said the same about their current priorities. Network security came in a close second for both 2003 and 2018 priorities, with 24 percent and 22 percent respectively.
Evolution of email-borne threats
Although what organisations care most about protecting has stayed consistent over the past 15 years, the threat landscape has changed dramatically. Respondents identified viruses (26%) and spam and worms (18%) as the top two threats they were concerned about in 2003. When asked about current concerns, ransomware (24%) and phishing/spear phishing (21%) are topped the list.
This shift fits with how Barracuda’s approach to email security has developed over the years. Growing from the spam filter the company was founded on, Barracuda added critical capabilities to better fight much more targeted threats, such as spear phishing, phishing, zero-day malware, as well as secure data, and help with regulatory compliance. To keep up with changing threats and protect against phishing, spear phishing and other threats like account takeover and business email compromise, we were the first company to pioneer the use of artificial intelligence to stop spear phishing and detect account takeover, and we were the first company to add simulation and training to our email security portfolio.
Cloud security is a top priority for the future
While email and network security are currently a higher priority than cloud security for most of the IT professionals we surveyed, that order shifts when they look to the future. A full 25 percent said the cloud would be their most important security priority 15 years from now, outranking email, network, and data security, which were each selected by 14 percent of respondents.
This change has been gradual. Only 3 percent of respondents said cloud security was a top priority for them in 2003. That number went up to 14 percent when they were asked to rank their current security priorities. We don’t believe this shift means email protection will be less important to organisations in the future, simply that questions about how to secure the cloud loom large as IT professional try to predict the way their responsibilities will evolve over the next decade and a half.
AI
Artificial intelligence is another technology that is top of mind for many of the IT professionals we spoke with—both as an opportunity to improve security and as a theat. It’s an interesting contrast.
A full 31 percent of respondents chose AI as the new technology that they will rely on to help improve security, and 43 percent identified the increasing use of artificial intelligence and machine learning as the development that will have the biggest impact on cyber security in the next 15 years. On the other hand, 41 percent believe the weaponisation of AI will be the most prevalent attack tactic in the next 15 years. We share our customers’ concern about the weaponisation of AI. Imagine how social engineering attacks will evolve when attackers are able to synthesise the voice, image, or video of an impersonated target.
That’s why Barracuda has made significant investments in solutions powered by AI, such as Barracuda Sentinel, which provides AI-based protection from spear phishing, account takeover, and business email compromise. With our strong investment in AI and a robust big data infrastructure across our different products, we plan to stay several steps ahead in the upcoming cybersecurity AI arms race.
