British security vendor Sophos has a few "dirty secrets" to reveal on the state of firewalls in enterprise-- IT managers cannot identify 45% of network traffic, and 25% of managers cannot identify 70% of traffic.

Such findings come from "The Dirty Secrets of Network Firewalls," a global survey of 2700 IT decision makers from mid-size businesses in 10 countries, including the France, Germany, UK, US, Canada, Australia, Japan, India and S. Africa. It shows 84% of respondents agree a lack of application visibility is a serious security concern, but firewalls with signature-based detection do not provide adequate visibility into application traffic. This is due to the increasing use of encryption, as well as browser emulation and advanced evasion techniques.

The FIDO (Fast Identity Online) Alliance and the World Wide Web Consortium (W3C) announce a "major standards milestone" with Web Authentication (WebAuthn)-- a password-free protocol currently in Candidate Recommendation (CR) stage.

WebAuthn is a standard web API allowing users to securely authenticate online, in the browser and across sites and devices. It is a core component of the FIDO2 specification project (the next generation of the U2F and UAF standards) together with the Client to Authenticator Protocol (CTAP), the specification allowing external authenticators to communicate strong authentication credentials locally via USB, Bluetooth or NFC to a PC or smartphone.

Global security-related hardware, software and services software will reach $91.4 billion in 2018, IDC reports-- a 10.2% increase over 2017, with such growth set to continue over the next few years.

Security spending should reach a CAGR of 10% over the 2016-2021 forecast period, growing to a total of $120.7bn in 2021.

"Banks, discrete manufacturers, especially within the high-tech sector, and the federal government are spending the most on security to avoid large scale cyber-attacks and adhere to regulatory compliance," the analyst adds. "Looking ahead to 2021, as the need the to protect IoT connected devices and infrastructure becomes paramount, industries like telecom and state and local government will drive growth in worldwide security spending."

According to Juniper Research, global spending on security solutions will grow by 33% over the next 4 years to reach $134 billion annually by 2022, with medium-size businesses driving good part of the spending.

Around 70% of 2022 spending is to come from medium-size businesses, the result of cybercriminals targeting "low-hanging fruit." That said, hitting such fruit still leads to big losses, since Juniper estimates the cumulative costs of data breaches for the 2017-2022 period will reach $8 trillion.

Of course, it all depends on the nature and scale of the attack-- for instance, the cost of NotPetya infecting the shipping giant Maersk in 2017 stands at around $200-300 million.