It’s that time again to reflect on the past year and look to the future. At Cygilant, we spent time predicting what’s to come in cybersecurity in 2020.
1. Talent, and the ability to recruit talent, will continue to be a big problem.
The U.S. Department of Commerce estimates that there are currently 350,000 unfilled cybersecurity jobs in the U.S. Those jobs are likely to go unfilled in 2020. We are at a tipping point ready to fall into the talent abyss where there isn’t enough cybersecurity or compliance expertise and it’s not changing anytime soon. Getting help from security-as-a-service organizations will become the de-facto standard as the only way to fill the talent and recruitment gap.
2. Vendor noise will grow louder.
Navigating the cybersecurity market is tough in part due to the vendor noise. New products, companies, and solutions are popping up in what seems like a daily cadence. “One-off” products often turn to shelf ware fast since end users simply don’t have the time to get to it all. 2020 will see companies look across the products gathering dust combined with the lack of resource and change tactics to adopt a more holistic approach. Navigating through the noise to find services that provide talent resources and a full suite of solutions will help turn down the volume, ward off attacks and meet compliance mandates.
3. Machine learning and AI will play center stage.
Machine learning and AI will become all the rage in 2020. But it’s not just that we need to be adopting these technologies to combat cyber attacks, it’s also that the attackers will begin leveraging it against us. AI can work at a much faster cadence to find gaps to breach. Security professionals will realize this quickly in 2020 as they fight to keep up. Embracing these technologies, combined with human expertise, will help to thwart off more attacks.
4. Cloud security visualization is worth 1,000 words.
They say a picture is worth a 1,000 words. The same holds true for cloud security visualization. In 2019, we saw the rise of cloud visualization to easily view data flows, logs, metrics, and general operations for example. In 2020, we’ll see widespread adoption of security visualization in the cloud. We want to see how our apps and data are connecting and where, and if, there are any security gaps. Users will want to see their entire security posture presented in a single, holistic visual dashboard.
5. Endpoints proliferate.
More laptops, desktops, mobile phones, tablets, servers, and virtual environments are connecting to systems. Each one of these endpoints requires security. In 2020, endpoint security will become a “must-have” for all organizations. Perimeter detection is no longer adequate as your perimeter doesn’t exist. It is anywhere and everywhere and one misconfigured laptop, server or firewall may be the cause of a data breach.
6. The regulation floodgates are opening.
Every year we see an increase in updated guidance or compliance requirements. We believe in 2020 the floodgates will open as more regulation is put in place to protect privacy and data. We already know that GDPR-like regulations are coming. The California Consumer Privacy Act (CCPA) is the most notable, set to take effect January 1, 2020. This will affect any company that serves California residents and has at least $25 million in annual revenue; or those companies of any size that have personal data on at least 50,000 people; or that collect more than half of their revenues from the sale of personal data. With the floodgates opening, it’s important to have processes and logs in place that prove how security and privacy is handled at your business.
7. The business of ransomware grows.
Ransomware is trending upwards because for a lot of businesses it’s simply easier to pay the ransom. We’ll see more ransomware attacks in 2020. But we’ll also see more companies closing the loop on ransomware to prevent these types of attacks or at the very least containing ransomware to particular machines. Dedicated resource should be spent on prevention by monitoring for suspicious activity including phishing attempts and ransomware. If you don’t have the internal resources, look to security-as-a-service with security monitoring solutions.
8. Small businesses are irresistible.
Hackers want the easiest route to data and as a result small businesses are irresistible. 2020 will see a heightened focus on small businesses from credit unions to local doctors’ offices. Cybersecurity isn’t just for the enterprises. One breach could be the death of a small business. But whereas enterprises have larger budgets and resources, small businesses don’t. Overcoming these constraints calls for security-as-a-service adoption in 2020.
9. Cybersecurity will truly damage a brand.
2019 headlines were littered with data breaches. Consumers are over it. They want their data to be protected and they will go elsewhere if they know a company isn’t protecting it. In 2020, we’ll see major financial loses and brand damage for breached data.
10. Security professionals will be more stressed.
More attacks, less resources means more stress for security professionals. The job is packed full of stress and it’s only set to get worse. Help is needed, not just for anxiety but to actually safeguard against attacks. 2020 will see the rise of security-as-a-service as security professionals can no longer keep up with the daily grind and stress.