Top 20 Predictions 2020 - Preparing for the Future of Digital Risk

If the past decade has taught us anything, it’s that change is a constant.

Fueled by technological innovation and digital transformation, our world is evolving and changing more quickly than ever—and that includes unprecedented digital risk.

What changes can you expect in 2020?

We’ve outlined RSA’s top 20 predictions for the security and risk industry with a focus on the elements of digital risk that will shape the future of your business.

Business predictions

1. The rise of the cyber-savvy board

Accountability for cyber risk will move up the org chart, with forward-thinking businesses appointing board members with experience in risk management and information security. Over time, investors will further elevate the need for clear digital risk management strategies, and such board expertise will become the new normal

2. Authentication demands adapt to evolving needs

Despite a growing list of options, there is still no one-size-fits-all solution for identity and access management. Better buyer support and more decision-making guides will help businesses looking to strike a balance between security and user experience

3. A focus on data sovereignty in the Middle East

As Turkish, Middle Eastern and North African businesses rush to the cloud, countries will demand that data centers be established within their borders. Major technology providers will feel the pressure, and invest more heavily in the region

4. Brexit brings new risk assessments

With the UK’s exit from the E.U. looming, businesses must re-evaluate their risk assessment—including identifying and mitigating Brexit-associated cyber threats

Info Sec Predictions

5. Security shifts left

Increasing demand for cloud-native apps will force security teams to work more closely with DevOps. Moving pentesting and code analysis up in the development lifecycle will boost product security. But security teams will need to communicate with developers in a language they understand—for example, referencing delays and unplanned work instead of talking about vulnerabilities

6. Technology helps close the skills gap

Even with the best tools, processes and budget, a lack of talent makes it hard to manage cyber risk—and more than half of companies surveyed report a “problematic shortage” of cybersecurity skills. Businesses will look to reduce dependency on talent via security orchestration and automation software, risk-based prioritization, and comprehensive threat analytics

Technology Predictions

7. A.I.’s black box opens a crack

Artificial intelligence (AI) will evolve to a point where recommendations based on its analysis can be more readily understood—even by those without technical skills

8. Legacy systems under the microscope

Many businesses operate on a fragile network of legacy systems, stitched together with API connections. The stage is set for a security incident that disrupts this patchwork, triggering major outages and serving as a wake-up call to evaluate legacy system security

Cyber Predictions

9. Cybersecurity and democracy collide

Have governments learned anything from 2016? This election cycle will prove pivotal in shaping the future of election security

10. Hacking attacks rise in the cryptosphere

The security of cryptocurrencies rests on safeguarding users’ private keys. Cybercriminals tend to follow the money, so expect cryptocurrency to be at the top of attackers’ wish lists in 2020

11. An attack at the edge puts businesses on notice

The continued proliferation of IoT devices is making edge computing an essential component of IT infrastructure. But threat visibility becomes more critical as the number of endpoints in the network multiplies. A major security incident could see enterprises rushing to invest in monitored and controlled device gateways

12. Criminals focus on taking over accounts

Savvy cybercriminals are shifting their focus from stealing credentials to infiltrating password recovery mechanisms, with a goal of harvesting and resetting user credentials en-masse. User identities will be re-established with new usernames and passwords as fast as you can say “cybercriminal”

13. A target on the infrastructure backbone

Too much of global infrastructure, including fundamentals like water and power, relies on aging technology vulnerable to exploitation. Expect to see nations bolster industrial control system (ICS) monitoring and defenses, in hopes of fending off increasingly commonplace—and devastating—attacks

14. A new angle for ransomware

The popular attack vector won’t just hold your data hostage—it will stop you from connecting to critical infrastructure. How much would you pay for access to your systems and accounts?

Consumer Predictions

15 Cybersecurity gets physical

With global events such as the Summer Olympics and Dubai World Expo delivering experiences through a blend of infrastructure and connected systems, cybersecurity will move beyond data to encompass more and more of our physical well-being—or “cyber safety”

16. Companies pass the BYOD hot potato

Bring Your Own Data (BYOD) programs bring tremendous assets—and new cybersecurity liabilities. More and more businesses will use BYOD policies such as user-owned decentralized storage to limit liability—and leave it to employees. Meanwhile, organizations that don’t directly monetize data will make data security consumers’ problem

17. IoT attacks shake consumer confidence

Motivated more by vast disruption than a big payout, malicious actors will attack the unsecured IoT endpoint of a popular connected device. Consumers will question their security assumptions raising important questions about weaknesses in, and governance of, virtual assistants

18. Spoofing goes mainstream

A popular mobile app will offer consumers on-demand animated spoofing—and trigger widespread discussion of deepfakes, media integrity, and how to regulate and police false content

Regulatory Predictions

19. Breach accountability gets even murkier

A high-profile organizational breach will be traced to an API integration. So, who pays the GDPR fine? The resulting controversy will spark debate about regulatory accountability in a growing third-party ecosystem

20. The Feds punt on privacy

Despite many states ratifying data privacy laws in 2019, the U.S. federal government won’t reach agreement on 2020 privacy legislation—leaving states to regulate the issue.