Spiceworks, the marketplace that connects the IT industry, announced a new study, The Future of Network and Endpoint Security, that examines current business vulnerabilities and emerging security trends in organizations across North America and Europe. The findings indicate many businesses are turning to next-gen security solutions like AI-powered threat intelligence and security as a service to face evolving security threats and existing vulnerabilities, including outdated operating systems, limited use of encryption, and a lack of in-house security expertise.
"There are massive opportunities for security vendors to help organizations better protect their devices, data, and networks as they turn to intelligent security technologies and security as a service solutions to guard against new threats and compensate for a cybersecurity skills gap," said Peter Tsai, senior technology analyst at Spiceworks. "Looking forward, security vendors that can offer solutions and services with the right mix of value for money, protection against emerging threats, and innovative capabilities will be well-positioned to capitalize on this trend."
Outdated operating systems and cybersecurity skills gap leaves many businesses at risk
According to Spiceworks technology deployment data, 32 percent of businesses have Windows XP installed on at least one device on their network, despite the operating system reaching end of service in 2014. Spiceworks deployment data also shows 79 percent of businesses are running Windows 7, which will reach its end of service in January 2020. When asked about their operating system migration plans, 25 percent of businesses surveyed said they don't plan to migrate from Windows 7 until after the end of service date, posing additional vulnerabilities for organizations.
Other current business vulnerabilities discovered in the research include:
- Limited access to cybersecurity experts: 53 percent of businesses do not have a cybersecurity expert on staff, and 17 percent have no access to cybersecurity expertise, either internally or externally through third-party security consultants.
- Limited use of data encryption: 17 percent of businesses reported they do not employ any type of encryption.
- Lack of preparedness for common cybersecurity threats: 27 percent of business believe they're unprepared to respond to internal data leaks.
Businesses turn to next-gen security solutions to face ever-evolving security threats
As security threats become more advanced and business vulnerabilities become more difficult to manage, the research indicates adoption of AI-powered security solutions have the potential to triple by 2021. For example, 18 percent of businesses have adopted AI-powered threat intelligence platforms, and an additional 30 percent are considering adopting them in the next two years. Additionally, 12 percent of businesses now use AI-powered network security appliances and an additional 32 percent are considering adopting them in the next two years.
Many businesses are also turning to security as a service solutions to outsource some security responsibilities to a trusted service provider. The most common as-a-service security solutions include endpoint security and threat protection with business adoption at 28 percent and 19 percent, respectively. Within the next two years, adoption of intrusion detection and prevention as a service is expected to see the most growth: 12 percent of businesses use it today and an additional 23 percent are considering using it by 2021.
When it comes to what IT decision-makers look for in security solutions, the data reveals great value for money, minimal performance impact, and zero-day threat protection are the top three most critical consideration factors.
Businesses rely on a mix of endpoint and network security providers to meet their needs
The study also examined business adoption and IT buyer satisfaction of the top endpoint and network security providers. Among endpoint security solution providers, the research shows Malwarebytes (35 percent) and Sophos (24 percent) have the highest adoption rates across all company sizes. Symantec, Webroot, Trend Micro, Bitdefender, and ESET are also among the top endpoint security providers. When IT buyer satisfaction was evaluated, the results show Sophos earned high marks for zero-day threat protection, while Webroot takes the top spot for great value for money and minimal performance impact along with ESET.
Among providers of network security appliances, the results show Cisco (35 percent), SonicWall (23 percent), and Meraki by Cisco (19 percent) have the highest business adoption rates today. Sophos, Fortinet, and Barracuda are also among the top providers according to IT buyers. When asked about IT buyer satisfaction, Sophos earned the top spot for great value for money, and zero-day threat protection, while Fortinet earned the top spot for minimal performance impact.
Despite using a mix of different endpoint and network security providers today, 51 percent of businesses would consider using a single security vendor if they offered a comprehensive, multi-layered product portfolio.
The Spiceworks survey was conducted in June 2019 and included 489 IT decision-makers in Spiceworks. Respondents represent organizations in North America (77 percent) and Europe (23 percent) across a variety of company sizes, including 37 percent from small businesses (1 to 99 employees), 53 percent from mid-size businesses (100 to 999 employees), and 10 percent from enterprises (1,000+ employees). Respondents represent a variety of industries, including education, healthcare, nonprofits, government, finance, retail, construction, manufacturing, and IT services. The survey data was supplemented by operating system data that was collected in April 2019, based on anonymized, aggregated technology deployment data from Spiceworks products.