The pace of breaches and cybersecurity threats continues unabated. In 2019 alone, we saw two of the top five largest breaches in history with First American Financial Corp and Facebook not to mention the Capital One breach that impacted more than 100 million Americans. As enterprise infrastructures become cloud-based, security teams are struggling to keep pace with dynamic threat vectors across networks that are increasingly virtualized, potentially misconfigured and exposed.
With that as the backdrop, we have synthesized conversations, data and trends from our interactions with customers and partners across the industry and our own threat intelligence research and highlighted six predictions for 2020:
- Lower demand for next-gen SIEM market
While a couple of vendors have held a formidable lock on the SIEM market for years, enterprises have been looking for new approaches and options for their next-gen SIEM. However, next-gen SIEMs are relying too much on AI along with the massive overpricing that accompanies these next-gen technologies. We predict more traction from SIEMs with traditional capability in 2020 as the market for next-gen SIEMs shrinks. This shift will result in a dramatic change in pricing models.
- An increase in contextual, targeted ransomware campaigns
As ransomware pivots back to being the top threat over cryptojacking, we also predict ransomware will get much worse in 2020. Increasingly we are seeing ransomware campaigns that are evolving to target specific organizations. As evidenced by the highly-publicized ransomware attacks against various Texas government agencies, attackers are targeting specific organizations – state and local government, healthcare, financial services, etc. – based on contextual knowledge of what data and assets they have encrypted and using that to make the ransom context-sensitive. Hackers encrypting basic corporate documents might be able to charge one rate, but when they have county tax records or patient health records, the ransom goes up.
- State legislation will drive security compliance regulations
This past year was marked by litigation and some notable fines levied against enterprises for lack of compliance with GDPR. In addition to GDPR, we predict that state legislation such as the California Consumer Privacy Act (CCPA), New York’s DFS 500, and legislation in Washington and Nevada will drive federal action as states put pressure on the federal government to develop standards.
- Cybersecurity skills shortage will reshape the org chart
The industry’s Achilles heel continues to grow with the unfilled cybersecurity positions at nearly 1 million globally, up nearly 40% from the same time a year ago. With increased MDR adoption, as companies attempt to shore up talent shortages, we predict that MDR will become part of the org chart. This will boost talent retention as security professionals are freed up to do work that’s more specific to the organization instead of general alert management.
- Enhanced security culture will mean greater accountability for employees
Too often the weakest links in enterprise cybersecurity are employees: an employee clicks on a link and spreads malware throughout the enterprise. To combat this, we predict that enterprises will dramatically increase end-user awareness training as end-users become an integral part of an organization’s cybersecurity defenses. At the same time, the increase in end-user training means more accountability by employees, who may now be held liable for spreading malware since they have undergone training. As a result, we also predict that we may see a rise in lawsuits for employee-created breaches.
- More organizations participating in active defense
Just as we saw with Microsoft in successfully taking down the notorious and complex botnet known as Rustock earlier this decade, we predict that more organizations will take an active role in cyber defense as they acquire the knowledge and expertise to combat malware.
We’ll see where our predictions go. Check back with us mid-year as we monitor the state of the industry and see how well our predictions may be playing out.
by Randy Watkins | CTO, CRITICALSTART
and Jordan Mauriello | SVP of Managed Security, CRITICALSTART