2020 Cybersecurity Predictions: It is just that point of the year when cybersecurity predictions prevail, and cynical duel-worn security experts sometimes even stand with Neils Bohr, the Nobel laureate in physics who once said, “Prediction is really pretty difficult, particularly about the future.” Nonetheless, preparation needs to take a look forward because the we challenged security researchers, collaborators and consumers to identify key strategic ‘2020 cybersecurity predictions security patterns‘.
Here are the 8 cyber security predictions for 2020, designed by People, Processes and Technology—the familiar pillars of organization transformation that underpin the globally used information security standard, ISO/IEC 27001.
2020 Cybersecurity Predictions: Security Predictions For People
The scope of the CISO. The unabated tide of security breaches has boosted the pressure on chief information security officers. The CISO must answer when the board asks, “Are we secure? Are we doing the right things?” Their roles and power varies widely depending on the types and sizes of organizations, technologies used, and many other factors.
Our experts say that by 2020 cybersecurity, the CISO role will continue to evolve as underlying factors rapidly change. We’ll see CISOs seek out relationships to advance security and enable other leaders, teams and departments to have success beyond protecting digital assets. Prediction is CISOs will broaden the value and impact of 2020 cybersecurity.
“In addition to managing risk, the CISO will become more influential by spanning organizational authority and becoming an ambassador for security.”
In addition to security breaches, the way technology is used has changed. Steve Moore again, “An asset’s lifetime could be seconds, and the objects that we need to secure are complex and often don’t go on. That reality has changed the responsibilities of a CISO and the risks that a big organization has to face.”
“With Microdevices and other types of technology and assets being available and actively used, an organization’s environment has to be rock solid. A CISO really needs to get into the design, architecture and engineering way up front to be able to see that it will be in a secure state for however long that asset’s going to be around.” — Brian Haugli, CISO, Side Channel Security
Automation and SOAR. Experts predict security automation will play big in 2020, such as using SOAR (security orchestration, automation and response) to help ease the day-to-day incident response workflow activities of security analysts who are swamped with irrelevant alerts. Using automation tools will become more of an ingrained concept rather than being something new.
The practical benefits will be enormous. With incident response automation, things that would take hours to do will, with the click of a button, provide results five minutes later. Organizations ease into automation and try those projects in smaller stages to ensure success.
Compromised Credentials. During 2020, our experts say attackers will continue to steal credentials as a primary vector for accessing organizations. “Social engineering and phishing will continue to be the easiest vectors to gain access to assets and information,” says Scott Dungan, VP of information security at Fifth Third Bank.
Examples of social engineering are when users are compromised through phone calls, text or email phishing campaigns. “In 2020, deep fakes—videos created by artificial intelligence that make people appear to say or do something they did not — will be used as a social engineering attack vector.”
2020 Cybersecurity Predictions: Security Predictions For Processes
Awareness. “Lack of security awareness by employees is a fundamental issue,” says Samer Faour. In addition to systematically teaching employees about the usual practical security awareness issues, security practitioners will step up efforts to make employees aware of how security affects the business—particularly those who decide to stand up their own cloud applications.
Lamont Orange predicts “CISOs will build influence and emissaries and have the teachable moments to bring everybody around to understand, ‘Hey, this is good for the business. We’re not trying to stop you. We’re just trying to help you understand how we realize all the potential of what you’re proposing.’”
David Tyburski, CISO at Wynn Resorts also believes in educating users, “It’s our responsibility to put in better processes, better tools, better functionality to protect them as opposed to saying, ‘You’ve got to learn how to be a security professional. You’ve got to learn how to do all the things that I can do and do your day job.’”
Device Security. IoT and the security of voting machines and repositories of voter information will be front and center. Entities such as states and the federal government will react to the threat of election tampering by building and using ‘defense in depth’— multiple layers of controls that involve staffing, procedures, technical and physical security for all aspects of the security program. And, of course, analytics and machine learning.
The same will be true for operational technology (such as plan monitoring and control systems) and IoT devices in use at enterprises and governments such as security cameras, HVAC systems, and a myriad of sensors. These systems continue to be vulnerable to state actors looking to disrupt operations, to corporate and government espionage and for attackers looking to benefit financially from theft and ransomware.
Automation. One of the key roles of a security analyst is to evaluate and respond quickly to potential security incidents. SIEM users report seeing 4,000 attacks a week on each of their organizations, according to a Ponemon study. In order to respond to the magnitude of this threat, It’s really about mean time to respond.
He notes traditional playbooks stipulate multiple steps that require analysts to take a significant amount of time to execute the plan. In 2020, security automation will help by providing more information at analysts’ fingertips. It’s less to do with replacing bodies and more about making the people that are there more efficient and proactive.
2020 Cybersecurity Predictions: Security Predictions For Technology
Machine Learning (ML) and UEBA. The biggest trends we’ll see in security in 2020 will be the increased use of machine learning and automation in the SOC to respond to potential threats in near real time. In 2020, we’ll see greater adoption of next-generation platforms that allow analysts to collect unlimited log data, use AI-driven behavioral analytics to detect attacks and automate incident response.
UEBA (user and entity behavior analytics), in particular, will become a vital tool for detecting anomalous behavior. Once you bring data in for UEBA, the system can pretty much stop modeling and start using the specialized algorithm to start detecting weird things and anomalies. This allows the CISO and SOC to create better use cases for effective detection.
Scott Morris from BlueCross BlueShield Western New York agrees. The insider threat is “definitely one of the most difficult problems to tackle and has become more significant with the ease and movement of data. The use of behavioral analytics is going a long way to help with that problem. It’s something we are tackling every day and what worries me even more than an insider threat is the insider ‘ignorance’ — which is perhaps too strong of a word—that exists in organizations.”
Cloud. As organizations adopt a cloud-first approach and adversaries look to more aggressively target data stored this way, on-premises security information and event management tools will become outdated and dangerous, particularly for short-staffed security teams.
In addition to using SaaS-based SIEM (see “Modernization,” below), the prediction is 2020 that “DevSecOps will merge into engineering and be guided by product. This merger of product and customer knowledge is essential to keep up with the increasing complexity of SaaS apps and the sensitive data these apps can access.”
Modernization. The greatest 2020 cybersecurity threat will be organizations that are not shifting quickly enough from the old way of doing things. Security practitioners must prepare by thinking about security differently. Leaders need to encourage their teams to lift their maturity and look for modern ways of doing things, such as leveraging AI and implementing automated processes for threat response.
Automation. Machine learning is real and is working, and during 2020, more enterprises will deploy it to help them with these automated detection capabilities. Automated incident response playbooks will be enabled by enriched data feeds via multiple cloud connectors with a myriad of event data sources. In 2020, more organizations will be able to apply behavior analytics to cloud applications. For stronger security, cloud applications do belong in investigation timelines.
2019 Cybersecurity In Retrospect
So how did we do on our 2019 predictions? Looking back, most of our predictions were in line with what we saw this year — long attack dwell times persist, attacks on low-level system architecture on local systems and the cloud continue, IoT adoption grows and people remain the weakest link for attacks. We also called that the government would take the first steps to control large internet service companies.
One misses. While tariff, trade, and geopolitical differences remained in the news, it did not further fuel espionage-driven attacks on the private industry from nation states—especially in the US.
What remains to be seen is the resilience of election security following increased investments in those systems and the consequences of industrial controls and critical infrastructure that continue to stay exposed. So far, for the former, it has looked like the recently completed off-cycle elections in Virginia, Kentucky and elsewhere were undertaken successfully.
A year from now we’ll be able to look back and judge the accuracy of these 8 predictions for cybersecurity. Meanwhile, we urge you to weigh how each may play within your organization’s particular stage in the application of people, processes and technology for cybersecurity.
One point surfaced in predictions across this strategic model: the vital importance of automation for speeding and improving detection and response capabilities of security analysts. Based on its recurring mention by most of the experts, we suggest you put security automation as priority one for 2020.
In his book, The Foundations of Science, Henri Poincaré (who laid the groundwork for chaos theory) said, “It is far better to foresee even without certainty than not to foresee at all.” If there was one thing, our experts would be certain about, it’s that all points above predicted for 2020 are addressable with a modern SIEM.