By Brian Vecci, Field CTO, Varonis

Ushering in the Roaring Twenties... Again: Forecasting Trends for 2020

Facebook scandals, GDPR fines, data breaches, and ransomware attacks on businesses and government entities: 2019 did not disappoint from a data security and privacy standpoint. What major trends and seismic shifts will happen in this new year? Here's my take:

A Political Party Will Cry Wolf

In 2020, one or both of our political parties will claim a hack influenced the elections to delegitimize the results. Foreign influence has been an ongoing theme, and few prospects are more enticing than affecting the outcome of a U.S. presidential election. With so much at stake, a nation state attack is practically inevitable. The federal government has failed to pass meaningful election security reform. Even if an attack doesn't influence the results, it's likely that those who don't like the outcome will claim interference, and this scenario will discredit our democracy and erode trust in the electoral process. If we want to maintain the integrity of our elections and avoid political upheaval, real change needs to happen in how we store and protect our data.

REAL ID Will Cause Real Chaos

As the October 2020 deadline looms, REAL ID will catch several states off guard. Expect states to scramble to meet demand for new licenses. In the rush, security will be placed on the backburner. At least one state will be caught with exposed, sensitive data on drivers. And infrequent travelers who failed to update to the new licenses will be disappointed when they are turned away at airport security and must cancel their vacation to Disney.

CCPA...Cha-Ching!

Once January hits, the fines will roll in. A recent report released by California's Department of Finance revealed that CCPA compliance could cost companies a total of $55 billion - and this isn't even taking into consideration the firms that fail to comply. In 2019, we saw GDPR's bite finally match its bark, with more than 25 fines issued to offenders, totaling more than $400M, and the same is likely to happen in the U.S. under CCPA. In 2020, at least 5 major fines will be issued under CCPA, racking up upwards of $200M in fines. While a federal regulation is still a ways off, at least 3 other states will begin to adopt legislation similar to California, though none will be as strict.

Ransomware Will Evolve from Smash & Grab to Sit & Wait

Ransomware isn't the most pervasive or common threat, it's simply the noisiest. In 2020 attacks will become more targeted and sophisticated. Hackers will pivot from spray-and-pray tactics. They will instead linger on networks and hone in on the most valuable data to encrypt. Imagine an attacker that encrypts investor information before a publicly traded bank announces earnings. This is the type of ransomware attack I expect we'll see more of in the coming year, and organizations that can't keep up will continue to get hit.

Fake News Will Become Fake Facetime

Forget fake news: 2020 will be the year of the deepfake and at least one major figure will pay the price. Thanks to leaky apps and loose data protection practices, our data and photos are everywhere. It will be game-on for anyone with a grudge or a sick sense of humor. It raises the ultimate question: What is real and what is fake?

Finally, in 2020, consumer data privacy will finally start getting the attention it deserves in the U.S. Those who've been wishing for GDPR-like protections in the U.S. can look forward to the the California Consumer Protection Act (CCPA), set to go into effect in January. And while the draft federal consumer privacy legislation emerging from Congress still has a long road ahead to becoming law, it's a ray of hope and a sign of more progress to come. 

##

About the Author

As Field CTO at Varonis, Brian supports a wide range of security and technology initiatives by helping Varonis' customers and partner get the most out of the company's products. In his 20-year technical career, Brian served as a developer, tech architect, engineer and product manager for companies in financial services, legal, and cybersecurity. Brian joined Varonis in 2010 in technical marketing, led education and development, and now serves as the company's Field CTO. He holds a CISSP certification and frequently speaks on topics related to security and technology. He has been quoted in news sources ranging from The Financial Times to Dark Reading and has made multiple appearances on CNBC. Brian holds a Bachelor's Degree from The New School in New York City and graduated from The Lakeside School in Seattle, Washington.