2020 Predictions for Phishing, Email Security, Firewalls, Network Security and Cloud Security

This is our first annual roundup of expert predictions for the coming year. Here’s what leading industry figures have to say about phishing, email security, firewalls, network security and cloud security trends coming in 2020.

• Phishing attacks will remain the dominant and preferred method of attacks by cybercriminals. Phishing attacks will only get worse simply because they are successful. Organizations and relying parties need to continue to educate consumers / customers about phishing and not to click on links or attachments in emails or text messages from unknowns. Vendors must advance “phish-resistant” technologies to protect unsuspecting users. A great start is to move away from static passwords login. – OneSpan

• Firewall misconfigurations will increase. The sheer volume of rules today is already unmanageable without some form of policy behavior analysis. According to the 2019 “FireMon State of the Firewall” report, manual processes led to misconfigurations accounting for 10 to 24 percent of the changes that require work. With security teams dealing with 25 to 100 manual firewall changes per week, it’s no wonder misconfigurations are at an all-time high and the number of data breaches is following suit. In the coming year, we can expect to see policy complexity increase if better firewall management hygiene is not applied.  As unnecessary complexity increases across the infrastructure, you can count on human error and additional risk to enter the picture at an even more alarming rate. The year 2020 could set a new record for breaches as a result of firewall misconfigurations. – Tim Woods, FireMon VP of Technology Alliances

• The cost of failure to comply will cost organizations more. In the recent “State of the Firewall” report, we uncovered that almost 20 percent of C-level executives were unsure if they failed a compliance audit in the last 12 months. This was largely due to a lack of visibility regarding security risk. If businesses don’t adopt automation, we will see this number increase almost 50 percent and result in crippling fines from noncompliance. – Tim Woods, FireMon VP of Technology Alliances

• Firewall misconfigurations decrease by 20 percent. If enterprises increased their adoption of automated change management tools, we could expect misconfigurations to decrease by almost 20 percent. This would, of course, lead to a significant decrease in data breaches as well. – Tim Woods, FireMon VP of Technology Alliances

• Network visibility will take a hit. Increased firewall change requests with ad hoc/manual processes will decrease visibility into network security risks. In the 2019 report, 12 percent of respondents did not even know when a misconfigured firewall caused an issue on their network. As the lack of visibility increases from growing network complexities, we could see that number double. – Tim Woods, FireMon VP of Technology Alliances

• Changing network topologies will challenge traditional assumptions, and require new security models – Josh Lemos, VP of Research & Intelligenceat BlackBerry Cylance

• Cloud misconfigurations will continue to cause massive data breaches. As enterprises continue to adopt cloud services across multiple cloud service providers in 2020, we will see a slew of data breaches caused by misconfigurations. Due to the pressure to go big and go fast, developers often bypass security in the name of innovation. All too often this leads to data exposure on a massive scale such as the First American Financial Corporation’s breach of over 885 million mortgage records in May. Companies believe they are faced with a lose-lose choice: either innovate in the cloud and accept the risk of suffering a data breach, or play it safe with existing on-premise infrastructure and lose out to more agile and modern competitors. In reality, companies can accelerate innovation without loss of control in the cloud. They can do this by leveraging automated security tools that give organizations the ability to detect misconfigurations and alert the appropriate personnel to correct the issue, or even trigger automated remediation in real-time. Automation also grants enterprises the ability to enforce policy, provide governance, impose compliance, and provide a framework for the processes everyone in the organization should follow—all on a continuous, consistent basis. Companies can innovate while maintaining security, they simply must adopt the proper cloud strategies and solutions.- Chris DeRamus, CTO and co-founder, DivvyCloud

• A Meteoric Rise: Cloud Security Adoption to Accelerate in 2020 – The coming year will usher in an even greater adoption of cloud security, with a material change in attitude and organizations fully embracing the cloud. As organizations increasingly access enterprise applications like Box, Salesforce, etc., it’s no longer practical for them to VPN back to the stack to remain secure while accessing these services in the cloud. With this move to the cloud comes countless security risks. Not only will we see more companies jump on the bandwagon and shift their applications and operations to the cloud, but we will also see the security stack move to the cloud and more resources dedicated to securing the cloud, such as cloud councils. – Kowsik Guruswamy, CTO at Menlo Security

• Cloud Migration Causes New Headaches Financial services companies have been accelerating their adoption of cloud technologies as part of digital transformation strategies. But this migration from the data center to the cloud also can result in increasing cybersecurity challenges, driven by factors like misconfigurations in networking devices and business application servers that lead to exposed critical data. This is particularly concerning as more financial services companies migrate more of their critical business applications to the cloud.We predict that this acceleration in cloud migrations will result in a massive data breach in 2020, the size of which could be as significant as Equifax, given the amount of data these companies hold and their increased willingness to migrate critical data. – Rob McNutt, CTO at Forescout

• Cloud migration projects will slow. In 2020, there will be a number of major enterprise breaches leveraging hybrid/multi-cloud architectures resulting from insufficient visibility of the underlying network topology that leads to misconfigured routes between the cloud provider, enterprise and internet. These types of breaches in 2019 and beyond are slowing cloud migration projects as IT security professionals are concerned about having a consistent way of managing policies across their infrastructure and cloud workloads. – Tim Woods, FireMon VP of Technology Alliances

• Misconfigurations of cloud databases will continue to plague enterprises around the world and will be a leading cause of data breaches in 2020. Gartner forecasts that global public cloud revenue will reach $249.8 billion in 2020, a 16.6% increase from 2019. This rapid rise in revenue is spurred by continued growth in cloud adoption. However, cloud adoption is clearly outpacing the adoption of the tools and expertise needed to properly protect data in cloud environments; this is supported by the fact that 99% of cloud security failures will be the customer’s fault through 2025, according to Gartner. Consequently, misconfigurations will continue to be a leading cause of data leakage across all verticals. – Anurag Kahol, CTO and co-founder, Bitglass

• Email security will prove to be the weakest link in election security. Email is implicated in more than 90 percent of all cybersecurity attacks, and election infrastructure is also vulnerable to email-based attacks. This means email security must be a priority for thwarting interference with the 2020 presidential election. But research shows the majority of U.S. states are overlooking this vulnerability. Only 5% of email domains associated with local election officials across the U.S. have implemented and enforced DMARC. DMARC is a widely accepted open standard that ensures only authorized senders can send emails from a particular domain – it’s one of the most basic and highly effective means of stopping phishing attacks, which is why the Department of Homeland Security mandated its use for federal agencies in 2017. Yet below the federal level, governments remain vulnerable. In May 2019 we learned Russian hackers breached two county election systems in Florida via a spear-phishing campaign, and in November we learned of a phishing-based ransomware attack on Louisiana during an election cycle. Because only a tiny percentage of counties and states have DMARC configured at enforcement, email is an easy way in for malicious actors looking to disrupt our elections. – Peter Goldstein, CTO and Co-founder Valimail 

• AMP for email is lifting off in 2020. AMP, a Google-backed technology for accelerating web page load time, will take off in 2020. With AMP for Email, users will have expanded interactive capabilities within email messages, such as scheduling appointments, taking surveys and completing purchases – all without needing to open a browser. Retailers will likely be early adopters of this technology, and we can expect to see personalized emails leveraging previous purchases and items in shopping carts to be used to accelerate purchases and increase customer engagement. Customer satisfaction surveys will also likely be early use cases of this technology – consumers will receive a short survey after visiting their favorite coffee shop and be able to complete and submit the survey, all within their email. – Peter Goldstein, CTO and Co-founder Valimail