Global survey reveals coming shift in cybersecurity priorities
As the Barracuda team celebrates the company’s 15th anniversary this month, we’ve been thinking about how much technology has changed since 2003 when we launched our first email security solution. We wanted to see how our customers and channel partners feel about the past, present, and future of cyber security and how their approach has evolved over time.
We surveyed more than 1,500 IT leaders and security professionals in North America, EMEA, and APJ about their IT security priorities, how those priorities have shifted, and where they’re headed next.
Overall, the study indicates that while the top security priorities have remained consistent over the past 15 years, the types of threats organizations are protecting against has shifted significantly. Looking ahead, respondents believe that the cloud will be a higher priority 15 years in the future and that AI will be both a threat and an important tool. Let’s take a closer look.
Consistent focus on email and network security
The IT professionals we surveyed identified email and networks as their top two priorities in both 2003 and 2018. A full 25 percent of respondents said email was their top security priority in 2003, and 23 percent said the same about their current priorities. Network security came in a close second for both 2003 and 2018 priorities, with 24 percent and 22 percent respectively.
Evolution of email-borne threats
Although what organizations care most about protecting has stayed consistent over the past 15 years, the threat landscape has changed dramatically. Respondents identified viruses (26%) and spam and worms (18%) as the top two threats they were concerned about in 2003. When asked about current concerns, ransomware (24%) and phishing/spear phishing (21%) topped the list.
This shift fits with how Barracuda’s approach to email security has developed over the years. Growing from the spam filter the company was founded on, Barracuda added critical capabilities to better fight much more targeted threats, such as spear phishing, phishing, zero-day malware, as well as secure data, and help with regulatory compliance. To keep up with changing threats and protect against phishing, spear phishing and other threats like account takeover and business email compromise, we were the first company to pioneer the use of artificial intelligence to stop spear phishing and detect account takeover, and we were the first company to add simulation and training to our email security portfolio.
Cloud security is a top priority for the future
While email and network security are currently a higher priority than cloud security for most of the IT professionals we surveyed, that order shifts when they look to the future. A full 25 percent said the cloud would be their most important security priority 15 years from now, outranking email, network, and data security, which were each selected by 14 percent of respondents.
This change has been gradual. Only 3 percent of respondents said cloud security was a top priority for them in 2003. That number went up to 14 percent when they were asked to rank their current security priorities. We don’t believe this shift means email protection will be less important to organizations in the future, simply that questions about how to secure the cloud loom large as IT professionals try to predict the way their responsibilities will evolve over the next decade and a half.
AI: High hopes and big worries
Artificial intelligence is another technology that is top of mind for many of the IT professionals we spoke with—both as an opportunity to improve security and as a threat. It’s an interesting contrast.
A full 31 percent of respondents chose AI as the new technology that they will rely on to help improve security, and 43 percent identified the increasing use of artificial intelligence and machine learning as the development that will have the biggest impact on cyber security in the next 15 years. On the other hand, 41 percent believe the weaponization of AI will be the most prevalent attack tactic in the next 15 years. We share our customers’ concern about the weaponization of AI. Imagine how social engineering attacks will evolve when attackers are able to synthesize the voice, image, or video of an impersonated target.
That’s why Barracuda has made significant investments in solutions powered by AI, such as Barracuda Sentinel, which provides AI-based protection from spear phishing, account takeover, and business email compromise. With our strong investment in AI and a robust big data infrastructure across our different products, we plan to stay several steps ahead in the upcoming cybersecurity AI arms race.
I recently spoke with BJ Jenkins, Barracuda’s CEO, and he explained it this way: “At Barracuda, we feel it’s important to see where customers’ concerns and priorities are moving and getting there ahead of the need, so we can provide the solutions they’ll be looking for as threats get more sophisticated. We’ve come a long way over the past 15 years, and we’re looking forward to finding new ways to protect businesses. We’re excited to celebrate this milestone with our customers and channel partners, as well as introducing a refreshed brand identity that reflects the way the company has evolved.”