2019 is set to break a record for the highest number of security incidents ever recorded and probably the biggest and most expensive year in terms of data breach fines, penalties and court settlements. While large-scale breaches always make big headlines, hackers are not sparing small businesses and consumers.
As we head into the new decade, cyberattacks will continue to grow in scale and volume. Cybersecurity is a fast-evolving industry, as hackers and security providers both continuously try to outsmart each other. Cybersecurity Ventures estimates that organizations will spend an estimated $1 trillion on cybersecurity from 2017 to 2021.
Let’s look at some of the innovations and emerging technology trends that are likely to shape the cybersecurity industry in 2020.
As the introduction of new devices, applications, the cloud and the internet of things (IoT) rapidly gains pace, the enterprise perimeter is slowly fading away. This calls for a new security approach built around zero trust; in other words, trust no one whether inside or outside your network. Zero-trust architecture inspects and monitors all traffic and adds authentication parameters like user identity, behavior-based scoring, location and multifactor authentication to the mix.
According to a study conducted by Cybersecurity Insiders, 75% of enterprises in the U.S. are planning to deploy a zero-trust solution for a specific use case over the next 12 months. Zero trust is built around the concept of microsegmentation — that is, defining users into smaller groups and granting limited access privileges (per their job role) to allow them to complete predefined tasks.
But what about users who cannot be easily segmented? Should these users be blocked?
Enter remote browser isolation (RBI) or zero-trust browsing. Report Consultant predicts RBI will grow exponentially and change the playing field. By isolating the browser away from the endpoint, RBI ensures that an employee’s system remains untouched even if the browser is infected. Basically, users browse in an environment that is totally outside of the company infrastructure, isolated in a cloud. (Gartner identified RBI as a “key preventive strategy in its adaptive security architecture for attack protection.”)
Following the introduction of the European Union’s data privacy act (GDPR), several regions and countries around the world have implemented or considered their own privacy laws. In the GDPR’s debut year, Google was fined $57 million for violations. The California Consumer Privacy Act (CCPA) will take effect on January 1, 2020, and will offer similar protection to California users: the right to know whether their personal data is being collected and sold as well as the ability to request the deletion of any personal information collected on them.
There’s also a shift in consumer attitudes and demands toward privacy and compliance. As the demand for security and compliance grows, organizations will increasingly purchase products and services that will help them fulfill compliance obligations and also ensure the privacy and security of their customers. This demand will open up new roles in 2020 that demand compliance skills and knowledge.
Technology continues to evolve at a rapid pace — and so does the attack surface. Hackers now have an even larger attack surface to exploit. The sheer number of assets across platforms, users, devices, applications and so on opens doors to more and more threats. When it comes to cybersecurity, a proactive approach is much better than a reactive one.
In 2020, organizations will move beyond traditional approaches that rely on learning from known attacks or historical data. Instead, organizations will deploy solutions powered by deep learning and AI that are capable of analyzing complex situations with a level of detail that is impossible with traditional methods.
According to a study from the Capgemini Research Institute, 63% of organizations are planning to deploy AI by 2020 in an effort to boost their defenses, and 69% of organizations believe they will be unable to monitor and respond to cybersecurity threats without AI.
Phishing is the No. 1 cause of data breaches in 2019. 2020 will see no abatement, as phishing attacks will become even more sophisticated and highly targeted than ever before. Email is no longer the only means of a phishing attack. Attackers might also send an SMS or launch targeted social engineering attacks via social media. New research from Akamai (via Dark Reading) has uncovered that 60% of all phishing kits found on the dark web are active for 20 days or less, indicating that cybercriminals will continue to develop new evasion techniques to keep their kits undetected.
Organizations in 2020 will continue to up their ante in the race to combat phishing attacks. This will, of course, not only include proper security awareness training for all employees and business partners, but also include vulnerability management and penetration testing to help prevent security breaches.
A recent report from INAP indicated that roughly 9 out of 10 (88%) enterprises will migrate some of their workload to the cloud by 2022. The rapid shift to the cloud has cybersecurity professionals thinking about the complications of protecting these workloads. While the traditional model uses a perimeter-based approach for security, the perimeter quickly fades away in the world of cloud computing.
Insider threats, misconfigured services and shadow workloads containing sensitive data signify that the cloud needs an inside-out approach to security. This is reinforced by Gartner, which recently predicted that “through 2025, 99% of cloud security failures will be the customer’s fault.”
The cloud is a shared responsibility, after all, and in 2020 and beyond, more CEOs, CIOs and CSOs will accept responsibility and ownership of the cloud. In line with the above growth, 2020 will see a growing demand for technologies that secure cloud containers, cloud assets, cloud identities and more, including the demand for professionals who are skilled at managing and securing the cloud.
This article was originally posted on Forbes.com. Click here to read >