BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

Three Important Information Security Predictions For 2020

Forbes Technology Council
POST WRITTEN BY
Corey Nachreiner

Getty

The information security landscape seems to evolve at a faster pace with each passing year. For organizations of all sizes, it’s critical to not only remain up to date on current attack techniques and defenses, but also to look ahead at potential security developments and circumstances that have yet to come. That’s why each year, our research team takes a step back to develop a series of predictions about emerging security trends that could have the biggest impact, new threats that might rear their ugly heads and how cutting-edge attacks will affect the industry.

Let’s take a look at three key cybersecurity predictions for 2020 -- and what you need to know to prepare:

1. The Cybersecurity Skills Gap Will Widen

The cybersecurity industry has exploded over the past decade. As the realities of data breaches and online attacks have penetrated mainstream consciousness, demand for skilled security professionals is at an all-time high. However, the current supply isn't sufficient. In fact, a recent (ISC)2 study found that businesses are currently suffering a cybersecurity workforce gap of over 4 million employees (up from a gap of 1.8 million in 2017). And according to one ESG report, 29% of organizations see insufficient security staffing as their top challenge, while 74% have already witnessed the cybersecurity skills gap take a toll on their business.

Unfortunately, targeted adjustments in security education and recruiting aren’t likely to take effect quickly enough to right the ship in the immediate future. As we continue to see a swell in demand for skilled infosec professionals, we expect to see the cybersecurity skills shortage continue to increase in 2020. Until we can quell this growing scarcity, organizations will be forced to find other ways to prevent advanced and frequent cyberattacks.

The good news is that more and more managed service providers (MSPs) have taken notice of the opportunity and begun to offer specialized security services. With the availability of both cloud-managed, layered security protections and the managed security service providers (MSSPs) to deliver them, enterprise-grade security has never been as simple, accessible and cost-effective for businesses of all sizes as it is today. In the face of this ongoing security skills shortage, organizations of all types and sizes will engage with MSSPs to outsource their security needs.

2. Ransomware Will Target The Cloud

Ransomware has been a major payload for cybercriminals over the past decade. In an effort to rake in profits, hackers have moved away from the “shotgun blast” approach to ransomware attacks (pursuing as many victims as possible) in favor of targeting healthcare providers, governmental groups, industrial groups and other organizations for which downtime is unacceptable. These targets are most likely to pay to resolve a ransomware infection quickly. I anticipate that cybercriminals will begin using ransomware to target public cloud properties.

One reason the cloud represents such an enticing target for attackers is that it’s now a critical uptime resource for vital network and web applications. Beyond that, the cloud also offers an attractive central aggregation point ransomware attackers can leverage to access a much larger pool of victims simultaneously.

According to our latest research, legacy signature-based anti-malware services fail to block half of today’s evasive malware attacks. As ransomware variants continue to become more evasive, organizations must deploy more proactive malware detection solutions that leverage advanced behavioral analysis with cloud sandboxing and machine learning.

Because many businesses rely heavily on cloud resources for day-to-day operations, deploying these advanced antivirus solutions in cloud environments will be key to preventing cloud-specific ransomware attacks in 2020. Every organization using cloud architecture today -- whether it be a public or private cloud -- can and should harden those environments using basic techniques like securing their S3 bucket configurations, closely managing file permissions, requiring multifactor authentication for access and more. Finally, one benefit the cloud offers is automated backup and imaging of resources as part of version control. Be sure to leverage these features to quickly recover to a clean state if you ever suffer a cloud store ransomware attack.

3. Individual States Will Enact Regulations Inspired by GDPR and CCPA

It’s been two years since the European Union came out with the General Data Protection Regulation (GDPR) to better protect the privacy of its citizens’ data. The level of protection the law provides to individuals has been immensely popular among consumers to date, and companies like Google and Marriott have already faced fines for their violations. As organizations continue to mishandle the data of American citizens whose appetite for privacy is growing by the day, we believe that in 2020, 10 or more states will enact privacy laws similar to GDPR.

In fact, California has already passed its own California Consumer Privacy Act (CCPA), which will begin administering fines by midyear. Although some lawmakers are pushing for a similar regulation at the federal level, I don’t believe the movement will gain the support it needs this year. Why? This is based on the fact that most individual states passed mandatory data breach disclosure laws in the mid2000s (led again by California in 2002), but a federal version still hasn’t passed yet. So in an effort to better protect their citizens quickly, I expect this state-level trend will continue.

Individuals concerned with personal privacy should petition their local representatives for state-level regulations and advocate for federal action as well. For businesses across the country, it will be important to proactively study CCPA requirements, as it will likely serve as a template for new states working to roll out their own privacy regulations.

As we move deeper into 2020, it will be important for your business to keep up to date with these trends -- and their long-reaching implications in near and future years.

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?