Industry executives and experts share their predictions for 2020.  Read them in this 12th annual VMblog.com series exclusive.

By Brian Foster, Senior Vice President, Product Management, MobileIron

The biggest cybersecurity concerns of the new decade

We might be saying hello to a new decade, but we definitely aren't saying goodbye to the cybersecurity threats of the 2010s. In fact, the hacks, breaches, and attacks that have haunted us for the past 10 years are expected to only become more threatening. From the smallpox of cybersecurity being eradicated to 5G resulting in the first public disclosure of a data breach caused by a mobile device, we must prepare for another busy year - and ten years - in the security space.

Hackers will target small businesses more frequently, and with more sophisticated cyberattacks. Small businesses are in the most vulnerable position because they have little to no resources or infrastructure in place to address cybersecurity threats - making them the biggest targets. According to Verizon's 2019 Data Breach Investigations Report, 43 percent of all breaches targeted small businesses. To put this in perspective, there are 30.2 million small businesses in the U.S., comprising 99.9% of all U.S. businesses. And a single breach could wipe out a small business. According to a report commissioned by the National Cyber Security Alliance and conducted by Zogby Analytics, 10 percent of small businesses hit with a cyberattack in 2019 were forced to shut down as a result.

5G will result in the first public disclosure of a data breach caused by a mobile device. Extremely fast 5G connectivity will enable new capabilities for self-driving cars, remote robotic surgeries, and many other applications that require decisions to be made in single-digit milliseconds. However, it will also accelerate the amount of data lost on mobile devices. 5G will continue to dissolve traditional enterprise network perimeters and cybercriminals will take advantage of security gaps to launch all kinds of attacks, such as phishing, man-in-the-middle, device takeovers, and more.

Humans suck at security and we aren't going to get any better. With the cybersecurity space constantly advancing, employees need to be up to date on the latest security protocols. This year, we saw Capital One fall victim to one of the most dangerous data breaches - and it was an inside job. Companies are accustomed to protecting against outside threats that target sensitive personal data, but they lack when it comes to protecting against internal threats. By keeping all employees up to date on the latest security standards, companies can ensure a firm security posture and hopefully, we'll start to suck a little less.

The smallpox of cybersecurity - passwords - will be eradicated by 2025. Passwords are ingrained in our society because they've been around for over 60 years, but this doesn't mean it's the safest way to secure our digital lives. Passwords are not only a hassle - they're antiquated and open us up to even more cyber threats. Similar to how smallpox was eradicated, if we ban together, we can wipe out passwords and the onus is on the technology industry to drive security forward by eliminating them. Capabilities like zero sign-on, software and hardware tokens, behavioral analysis, and biometrics already exist that allow organizations to switch to passwordless authentication today.

Don't get too excited, you won't be voting on your phone this election. While casting your ballot from your mobile device sounds appealing, the industry has not worked out the kinks. There are many threats facing election security today and these will continue throughout the next year, however, political campaigns are the biggest target. With so many volunteers working on each campaign, many digital interactions take place on non-enterprise systems such as Gmail - opening up privy information to hackers who then weaponize it to influence election outcomes.

As we expose more data breaches, security paranoia will take over and dominate headlines. It's easy to read a story about a data breach and immediately go into a panic, but we need to take a step back and examine the facts. Society has become hypersensitive to security - anytime we seen an issue in the space, we assume it's bad. This panic will lead to security paranoia and ultimately distract us from the real cyber issues.

75% of knowledge workers will work remotely, at least part of the time, in 2020 and IT security will finally catch up. Expectations about work flexibility increase every year - employees want to work remotely and not worry about how secure the network is. IT departments used to take an all or nothing approach by locking things down, but employees continued to work the way they liked. In 2020, IT is going to be a lot less prescriptive by extending BYOD policies and resolving the tension between security and users, particularly when it comes to knowledge-intensive industries like financial services.

75% of work will be done on mobile devices by 2025. Virtual reality (VR) and augmented reality (AR) technologies will revolutionize business and change the way organizations communicate, learn, and collaborate across all industries. For example, there will be a huge uptick in virtual doctor's visits. As a result, organizations will increasingly take control of their devices with a mobile-centric, zero trust security platform that supports productivity.

Companies will neglect proper security infrastructure as consumer privacy takes the spotlight. Standards such as the European Union's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) brought issues of consumer privacy to the forefront. With the CCPA going into effect on Jan. 1 2020, companies will race to get compliant - spending an estimated $55 billion in initial compliance costs. Companies will be distracted by the urgency to comply with new privacy standards they will neglect important security protocols and as a result, they will become even more vulnerable to cyberattacks.

##

About the Author

 

As SVP of Product Management, Brian is responsible for overseeing product direction and innovation. Brian brings more than 25 years of experience to his role.  Prior to MobileIron, Brian founded a startup in the identity management space. Before that, he was SVP of information services at Neustar, the leader in identity resolution. At Neustar, Brian's teams were responsible for solutions in marketing services, risk and fraud, registries, and security services. He also oversaw the product development and go-to-market operations. Prior to that, Brian was CTO at Damballa, a private company that discovered advanced threats running in enterprises and large internet service providers. As CTO, Brian was responsible for the advanced research, product strategy, and engineering operations.

Before Damballa, Brian was SVP of product management at McAfee. He oversaw McAfee's global product management functions and was responsible for over 80 enterprise and consumer products, generating more than $2B in revenue. Prior to joining McAfee, Brian was VP of product management at Symantec, where he oversaw product innovation for the enterprise endpoint. Brian has a BA in Economics from UCLA and completed the executive program in management from UCLA's Anderson School of Management.