“It’s difficult to make predictions, especially about the future”, Niels Bohr once famously said. Nevertheless, at the beginning of this new year, let’s try to identify some trends and developments we should expect to see in 2020. Referring to William Gibson’s quote “the future is already here, it’s just not evenly distributed”, the items on the following list (in no particular order) will probably all look somehow familiar to you. No more quotes for now, let’s dive into the 2020 trends:

1. Data breaches to stay highest security risk

Breaches concerning personal data are likely to stay a major security and privacy concern. Organisations will increase their defensive measures not only due to tighter privacy legislation, but also due to negative consequences of a breach on their image.

2. Phishing as top entry vector into organisations

Over 90% of attacks will still use e-mail as their primary entry vector into a target’s organisation, with more sophisticated und customised phishing attacks on the rise.

3. Cyber security skills shortage

The number of threats will increase, yet companies are still faced with a shortage of cyber security skills. This gap can partially be bridged by relying on external experts and automated security tools.

4. Automation and orchestration

Driven by lack of personnel and in order to match the speed of DevOps, automation, integration and orchestration in cyber security will be a key trend in 2020.

5. Security lagging behind cloud adoption

While adoption of cloud solutions in all deployment variants will continue to grow in 2020, the understanding and implementation of cloud security will lag behind. The shift to SecDevOps and change to managing security from an identity, data and distributed architecture perspective takes time.

6. AI on both attacker and defense side

Artificial intelligence and machine learning are being integrated in an ever increasing range of security products. Also attackers are making use of AI/ML to create more effective malware and run customized phishing campaigns.

7. Mobile attack vectors increasing

The number of mobile devices and also the amount of business data being stored on these devices continue to grow. Companies still underestimate the risk of data breaches and credential theft over the mobile attack vector.

8. IOT: more devices, more risks

The speed of the technology life-cycle and for cost reasons, security will still stay an afterthought for a lot of IOT-device manufacturers, both in the consumer and industrial area.

9. Prevention vs. Detection and Response

Preventive measures are still the best approach to defend against attacks. To detect and respond to attacks that made it through the loopholes, (automated) endpoint and network detection and response solutions will become more important in 2020.

10. Number of items on trend lists

The number of items on trend lists in security and other domains is likely to stay constant and fixed to magic number 10.

With these general trends for 2020 and the ever changing threat landscape it’s clear that companies will have to continuously reassess their specific security risks, adjust their mitigation approaches and enforce corresponding security controls.