Just like every year, we’ve seen the cybersecurity industry shift and change quite a bit in 2019. Finding new threats, building new infrastructure, and uncovering new risks both in and out of the cloud. WIth 2020 looming on the horizon, there’s plenty to unpack and predict what’s next for the security industry as we kickoff the new year.
2020 Cybersecurity Predictions
1 – More Than 50% of Enterprise Traffic will go to the Cloud
Cloud-based SaaS and IaaS apps will continue to be vital to the enterprise, and users will increasingly use remote and mobile devices as their primary way of accessing data. This makes a rise in enterprise cloud traffic inevitable. This dispersion of users and data from the corporate networks means security teams will have to start thinking outside of the traditional perimeter and consider how they can adapt their strategies for the cloud in 2020.
2 – Legacy Security Will Continue to be Blind to Cloud Traffic on the Web
The rise in cloud traffic will also result in a realization that the security industry is blind to the new language of the internet. Legacy security tools understand web (http/s) protocols, but the unique API’s utilized by cloud apps on the web are now considered the new language of the internet. Security teams may know that something is being communicated, but they likely won’t be able to understand the specifics, including what or who. In 2020 security professionals will reckon with this growing blindspot and look for ways to improve visibility, in turn, improving their cloud security posture.
3 – Cloud Phishing Will Increase as a Primary Tactic for APTs.
Phishing attempts will primarily launch through cloud applications instead of emails. Users implicitly trust the many cloud applications used in the workplace, making them vulnerable to phishing tactics. Similarly, mobile devices are becoming the primary cloud access venue, which makes them attractive targets for phishing attacks that take advantage of the small screen form factor of mobile devices to lure users to open malicious content.
4 – Accidental Exposure and Misconfiguration will Increase the Severity and Variety of Breaches
Cloud data breaches rooted in accidental exposure and misconfiguration of cloud applications will increase both in severity and in the number of different cloud apps that are affected. This aligns with Gartner’s prediction that by 2020, 95% of cloud security failures will be the customer’s fault. As cloud adoption continues to grow and more data is stored and shared in the cloud, exposure of that data is something that security teams will have to deal with.
5 – External Attackers and Insiders Turning to Allow Listed, Personal Instances of Cloud Apps
More personal instances of cloud apps will be utilized, forcing security teams to allow list the personal instances along with the corporate ones, which will provide an open window for external attackers and insiders stealing data. The challenge is that corporate, partner, and personal instances of certain cloud apps often use the same URL, skirting legacy security tools. As a result, security teams allow list the URL and allow all instances. With that in mind, this will drive organizations to look for security solutions that can see beyond the URL and differentiate between the instance of cloud apps so they can apply the appropriate protection to stop external attackers and malicious insiders from exploiting these allow listed apps.
6 – Remote/Mobile Devices Will Become the Primary Means to Access Enterprise Data
Another trend over the last few years is a workforce that is becoming increasingly mobile and remote. It’s been reported that the average worker has two or more devices they are using to access a given organization’s data. Keeping this in mind, 2020 seems poised to be the year that remote and mobile devices make up the majority of what workers in the industry use to access corporate data. This comes down to the need for security teams to rethink how they protect data, not just the device, when the enterprise is no longer in control of the device itself.
7 – The Market Evolution of SASE
As coined by Gartner in August of this year (2019), Secure Access Service Edge (SASE) is the latest research showing a shift in how security and networking need to change in order to keep pace with the digital transformation taking the enterprise by storm. The increased consolidation of on-premise security and networking equipment into the cloud, and mounting pressures to lower costs will drive enterprises toward a SASE based architecture. As a direct result, customers will push to consolidate their security stack and look to have both network and security services delivered from the cloud.
8 – The Data Protection Market Will be Completely Inverted
With the adoption of cloud taking hold everywhere, we predict that in 2020 enterprises will completely rethink how they approach data protection when it no longer sits within the four walls of the organization, but rather in the cloud and on personal devices all over the globe. Data protection services will invert outside the traditional data center utilizing more intelligent and scalable cloud-native technologies such as Artificial Intelligence (AI) and Machine Learning (ML).
9 – Native App and Sync Client use will Increase in Popularity with Enterprises and Attackers
2020 will continue the trend of popular cloud apps like OneDrive, Box, Microsoft Teams, and Slack being accessed not only from a browser, but also from an app that is installed locally on a PC, Mac, or mobile device. This access method will grow in popularity for users and also for attackers as many security products are blind to traffic that does not emanate from a browser.
10 – The Shift from Legacy VPN to Zero Trust Network Access will Accelerate
Zero trust will evolve from a buzz word to an actual solution to the challenge of providing secure access to private apps and data irrespective of where the users or the private apps and data are located. This push will surely disrupt the legacy VPN market as we know it in 2020.
11 – Reducing Console Clutter will be a Priority for Secure Teams
In 2019 we saw the security skills shortage challenge take center stage. In 2020 we will continue to see CISOs find new ways to get the most out of the resources they have. One area of focus will be to reduce the number of consoles the security team has to manage. A consolidation across tools is imminent, and we’ll likely see the security stack consolidate in the cloud.
For a deeper dive into these predictions, attend our upcoming webinar: Predictions for Cybersecurity in 2020.
What Do You Think?
It’s worth noting that these are all just predictions, so our educated guesses are just as good as yours. Cybersecurity, as an industry, can change in an instant with a new approach dominating the conversation in the blink of an eye. Do you have any predictions for what you think 2020 holds for the cybersecurity industry? Share them with us on Twitter (@Netskope).