Unpredictions for 2020 in Cyber Security
The end of the year tradition of prediction is becoming a guessing game as the pace of innovation is increasing towards pure randomness. So I will stop pretending I know what is going to happen in 2020, and I want to write on areas that seem like the most unpredictable for 2020. Below you can find an honest review of my 2019 predictions.
5G – A much talked about topic in 2019 with billions poured on rollouts across the globe. However, it is still unclear what are the killer use-cases, which is usually one step before starting to think about threats, security concepts, and the supply chain of cybersecurity vendors meant to serve this future market. I think we will stay in this state of vagueness for at least the next three years.
Insurance for the Digital World – Even though a big part of our lives has shifted into the digital realm, the insurance world is still observing, and hesitatingly testing the waters with small initiatives. It is unclear how insurance will immerse into digital life, and cyber insurance is one example of such unpredictability. It seems like a room for lots of innovation beyond helping the behemoth to transform.
Cloud Security – 2018 and 2019 where glorious years for cloud security – it seems as if it is clear what the customers need, and the only thing left for the vendors is to get the work done. Cloud transformation, in general, is hiding a high complexity and a highly volatile transition of businesses and operations into the cloud. A process that will take another ten years at a minimum, and during that time, technologies/models and architectures will change many times. Since security is eventually attached to the shape this transformation takes, it will take some time until the right security concepts and paradigms will stabilize — much shuffling in the security vendors’ space before we see an established and directed industry. I believe the markets will meet this random realization in 2020.
Alternative Digital Worlds – It seems many countries are contemplating the creation of their own “internet” including countries such as Russia, China, and others, and the narrative is about reducing dependency on the “American” controlled internet. It is a big question involving human rights, progress, nationalism, trade, and the matter will remain unsolved as the forces at play seem to be here for the long haul.
2019 predictions review
IoT – I said IoT security is a big undefined problem, and it still is. I don’t see anything changing in 2020 even though IoT deployments have become more commonplace.
DevSecOps – I predicted 2019 would be the start of a purchasing spree for cloud DevOps related security startups, and I was spot on. The trend will continue into 2020 as the DevSecOps stack is emerging.
Chipsets – I predicted a flood of new chip designs beyond Intel and AMD, and with many security vulnerabilities disclosed. I was slightly right as there are many efforts to create new unique chipsets. However, the market is still stuck with the golden standard of Intel tilting a bit towards AMD product lines. I was dead wrong about the level of interest in researching vulnerabilities in chipsets, maybe because there is not much to do about them.
Small Business Security – I predicted small businesses would emerge as a serious target market for cybersecurity vendors. I was wrong as no one cares to sell to small companies as it does not correspond to the typical startup/VC playbook. Still optimistic.
AI in Cyber Security – I predicted that the hype in the endpoint AI security market would fade, and I was spot on – the hype is gone, and limitations became very clear. There is a growing shift from local AI in endpoints towards centralized security analytics. Pushed by Azure, CrowdStrike, and Palo Alto Networks with the narrative of collecting as much as possible data and running some magic algorithms to get the job done on the cloud – a new buzz that will meet reality much faster than the original hype of AI in endpoints.
AI in the Hands of Cyber Attackers – I predicted 2019 would be the year we will see the first large scale attack automated by AI. Well, that did not happen. There is a growing group of people talking about this, but there is no real evidence for such attacks. I am still a believer in weaponization using AI becoming the next big wave of cyber threats, but I guess it will take some more time. Maybe it is due to the fact it is still easy to achieve any goal by attackers with rather simplistic attacks due to weak security posture.
Data Privacy – I predicted it would be the year of awakening where everyone will understand the fact they “pay” for all the free services with their data. I was right about this one – everyone knows now what is the nature of the relationship they have with the big consumer tech companies, what they give, and what they get.
Elections & Democracy – I predicted that manipulations of elections via social networks would diminish the citizens’ trust in the democratic process across the globe. I was spot on – In Israel, for example, we are entering; unfortunately, the third round of elections and the confidence and trust is at all times low.
Tech Regulation – I wrongly expected regulation to be fast and innovative and that it would integrate with tech companies for tight oversight. I was optimistically wrong. I don’t see anything like that happening in the next five years!
The Emergence of Authentication Methods – I predicted the competition for the best authentication method would stay a mess with many alternatives, old and new, and no winner. I was right about this one. The situation will remain the same for the foreseeable future.
Supply Chain Attacks – I predicted supply chain attacks would become a big thing in 2019, and I was wrong about the magnitude of supply chain attacks even though they played a decent role in the mix of cyber threats in 2019.
Happy End of 2019 🥳🎉