Predictions 2020: Keeping Secure in the New Year
As we enter a new decade, security strategies will become a greater priority than ever. In fact, according to the “2020 Netwrix IT Trends Report,” nearly 3 in 4 (74%) organizations named data security as their top IT priority for the year ahead.
While that may come as no surprise, there are new dynamics impacting the application of security processes and strategies that may have a significant impact on how organizations mitigate their risk in 2020. From the monitoring of cybersecurity metrics to the IT skills shortage to artificial intelligence, many new trends will change the scope of cybersecurity and the compliant retention of critical data. Consider these seven 2020 security predictions:
- Prediction: Organizations will try to measure cybersecurity effectiveness with regular reporting and KPIs.
As organizations allocate more budget to data security, boards of directors will demand that those investments serve double duty: both improving the security of information assets and driving the business by enhancing user productivity or reducing spending on legal and compliance operations. They will require specific metrics and regular reporting to prove that these goals are being achieved.
Therefore, CIOs and CISOs will be challenged to develop security metrics to track success and provide meaningful reports to the board. To present this information effectively, they will need not just technical knowledge but also strong communication skills and financial fluency.
- Prediction: Ransomware attacks will become more sophisticated, and public-sector and healthcare organizations will be the top targets.
Ransomware attacks will remain on the rise because they work well and are easy to monetize. In 2020, ransomware will become even more sophisticated and targeted. The top sectors on cybercriminals’ radar will be health care and government—when the availability of IT systems and data is critical for peoples’ very lives, organizations are more likely to pay a ransom to return to normal operations faster, as proven by recent incidents.
To combat this threat, CIOs will have to establish controls that reduce the risk of ransomware infection, ensure fast detection of attacks in progress and enable prompt recovery. To this end, they will need to expand security training for employees, require multifactor authentication for all remote network access, ensure reliable backup creation and testing and institute comprehensive patch management. In addition, security pros must improve anomaly detection and alerting so they know immediately when intruders attempt to access the network, move laterally to review what systems and data the organization holds or disable backups before activating ransomware.
- Prediction: Data privacy will become a necessity for all organizations, regardless of industry, which will drive the creation of new business services.
The GDPR has been in effect for more than a year, but fewer than half of organizations in the U.S. achieved compliance by the deadline, according to Ponemon. In 2020, data privacy will become a priority for even more companies as more U.S. states will adopt privacy regulations similar to the GDPR and the CCPA, ultimately resulting in a federal regulation that will leave no organization untouched. The first to be affected will be financial institutions, followed by the education, healthcare and public sectors.
Since data privacy laws require consent for data collection and prohibit gathering more data than needed or keeping it longer than required, marketing, data collection and retention practices will be impacted dramatically. Therefore, CIOs and CISOs will need to gain deeper insight into the data being collected, where it is being stored and how it is used by employees.
As a result, the U.S. market will see new offerings that combine legal and IT services to help organizations interpret the various compliance mandates and develop actionable plans to achieve, maintain and prove compliance.
- Prediction: Organizations will struggle to satisfy data access requests, but initially, there will be few consequences for failure.
With the GDPR and CCPA in full effect, in 2020 organizations will be challenged to satisfy data access requests (DARs) within the required time frame, since locating all the data associated with an individual can be quite labor-intensive. Organizations that already experience frequent customer complaints will be at a particularly high risk of being bombarded with data access requests since consumers will flock to take advantage of the new legislation.
However, authorities still need to establish processes for checking whether organizations have actually provided or erased all information related to a DAR, so initially, enforcement will be difficult. As privacy regulations are refined, though, organizations will actually face penalties for failing to comply with DARs. Therefore, CIOs and CISOs will have to establish efficient methods for completing data searches to minimize the risks of compliance fines, lawsuits and damage to the organization’s reputation.
- Prediction: Organizations will make security training an integral part of employees’ job responsibilities.
Many organizations plan to increase cybersecurity training and consulting services. To justify the increased budget, CIOs and CISOs will be challenged to prove to the board that this training is both efficient and effective. Accordingly, they are advised to involve top and middle management in ensuring that the training content and methodologies match the needs of various groups of employees.
This means security will no longer be the security team’s problem alone. Indeed, as end user cybersecurity education matures and proliferates, organizations will measure how different teams perform compared to others in the organization. While this rivalry will drive some improvements in user behavior, eventually, line-of-business (LoB) managers will have security metrics for their employees tied to their compensation as a means of reducing the attack surface for the organization as a whole.
- Prediction: The IT skill shortage will drive urgency for automation.
To support growing business needs, IT teams will need to improve their efficiency and effectiveness. To help, they will seek out technologies such as robotic process automation (RPA) to streamline routine tasks, including various security and compliance processes.
Of course, businesses have always sought to automate routine tasks. But the acute lack of experienced IT staff to fill security jobs renews the urgency. CIO and CISOs will look more earnestly into automation tools to free IT resources to focus on the never-ending need to secure the organization and its data.
- Prediction: AI-based solutions will become a new target for attacks, and organizations will struggle to defend them.
As organizations implement more solutions based on artificial intelligence (AI) and machine learning (ML), adversaries will target those systems. Organizations will look for ways to protect their systems, especially ones involved in business-critical processes or decision-making.
Unfortunately, they will find few solutions available on the market for the next few years. In 2020, researchers will still be experimenting with ways that AI- and ML-based solutions can be misled or misused—and their results will be used both by vendors to develop cybersecurity solutions and by adversaries to conduct targeted attacks.
As we embark on a new year, the way in which we address security vulnerabilities and cyberthreats will have a direct bottom-line impact on business success. By automating tedious processes to free more time for data security projects, and applying automated data classification to reduce your attack surface without impacting IT team resources, you’ll be better prepared to withstand any new waves of security breaches that may hit us in 2020.
Want to learn more about what to expect in 2020? Join us Jan. 23 for our Predict 2020 Virtual Summit featuring discussions from some of the industry’s best and brightest offering up their visions for the future. Sign up today for this free daylong virtual event.
— Ilia Sotnikov
