Just like every year, we’ve seen the cybersecurity industry shift and change quite a bit in 2019. Finding new threats, building new infrastructure, and uncovering new risks both in and out of the cloud. WIth 2020 looming on the horizon, there’s plenty to unpack and predict what’s next for the security industry as we kickoff the new year.
2020 Cybersecurity Predictions
1 – More Than 50% of Enterprise Traffic will go to the Cloud
Cloud-based SaaS and IaaS apps will continue to be vital to the enterprise, and users will increasingly use remote and mobile devices as their primary way of accessing data. This makes a rise in enterprise cloud traffic inevitable. This dispersion of users and data from the corporate networks means security teams will have to start thinking outside of the traditional perimeter and consider how they can adapt their strategies for the cloud in 2020.
2 – Legacy Security Will Continue to be Blind to Cloud Traffic on the Web
The rise in cloud traffic will also result in a realization that the security industry is blind to the new language of the internet. Legacy security tools understand web (http/s) protocols, but the unique API’s utilized by cloud apps on the web are now considered the new language of the internet. Security teams may know that something is being communicated, but they likely won’t be able to understand the specifics, including what or who. In 2020 security professionals will reckon with this growing blindspot and look for ways to improve visibility, in turn, improving their cloud security posture.
3 – Cloud Phishing Will Increase as a Primary Tactic for APTs.
Phishing attempts will primarily launch through cloud applications instead of emails. Users implicitly trust the many cloud applications used in the workplace, making them vulnerable to phishing tactics. Similarly, mobile devices are becoming the primary cloud access venue, which makes them attractive targets for phishing attacks that take advantage of the small screen form factor of mobile devices to lure users to open malicious content.
4 – Accidental Exposure and Misconfiguration will Increase the Severity and Variety of Breaches
Cloud data breaches rooted in accidental exposure and misconfiguration of cloud applications will increase both in severity and in the number of different cloud apps that are affected. This aligns with Gartner’s prediction that by 2020, 95% of cloud security failures will be the customer’s fault. As cloud adoption continues to grow and more data is stored and shared in the cloud, exposure of that data is something that security teams will have to deal with.
5 – External Attackers and Insiders Turning to Allow Listed, Personal Instances of Cloud Apps
More personal instances of cloud apps will be utilized, forcing security teams to allow list the personal instances along with the corporate ones, which will provide an open window for external attackers and insiders stealing data. The challenge is that corporate, partner, and personal instances of certain cloud apps often use the same URL, skirting legacy security tools. As a result, security teams allow list the URL and allow all instances. With that in mind, this will drive organizations to look for security solutions that can see beyond the URL and differentiate between the instance of cloud apps so they can apply the appropriate protection to stop external attackers and malicious insiders from exploiting these allow listed apps.
6 – Remote/Mobile Devices Will Become the Primary Means to Access Enterprise Data
Another trend over the last few years is a workforce that is becoming increasingly mobile and remote. It’s been reported that the average worker has two or more devices they are using to access a given organization’s data. Keeping this in mind, 2020 seems poised to be the year that remote and mobile devices make up the majority of what workers in the industry use to access corporate data. This comes down to the need for security teams to rethink how they protect data, not just the device, when the enterprise is no longer in control of the device itself.
7 – The Market Evolution of SASE
As coined by Gartner in August of this year (2019), Secure Access Service Edge (SASE) is the latest research showing a shift in how security and networking need to change in order to keep pace with the digital transformation taking the enterprise by storm. The increased consolidation of on-premise security and networking equipment into the cloud, and mounting pressures to lower costs will drive enterprises toward a SASE based architecture. As a direct result, customers will push to consolid