Compliance fatigue will spread among security professionals

Being a source of ongoing controversy and debate, the California Consumer Privacy Act (CCPA) was finalized on 11th January 1, 2019.

The pitfall is that if every US state introduces its own state privacy law, one will have to comply with over 50 overlapping and sometimes incompatibly contradictive regulations only on the US territory or otherwise face harsh financial penalties or even criminal prosecution.

Exacerbated by the mushrooming regional, national, and transnational regulations, 2020 may become a year when cybersecurity compliance will erode and start its rapid downfall.

Third-party data breaches will dominate the threat landscape

Supply chain attacks are up 78% in 2019, says Symantec. Competitive and successful businesses are usually distinguished by a high level of proficiency and specialization, concentrating all available resources to attain excellence in a particular market to outpace competitors.

Sadly, suppliers also operate in turbulent and highly-competitive global markets and thus can rarely afford a decent level of cybersecurity and data protection for their clients.

Cybercriminals are well aware of this low-hanging fruit and will continue to purposely target this weakest link to get your data, trade secrets, and intellectual property.

External attack surface will continue to expand without control

61% of organizations have experienced an IoT security incident in 2019, according to CSO Online by IDG. The global proliferation of IoT and connected devices, usage of public cloud, PaaS, and IaaS greatly facilitates business and enables rapid growth.

Traditional digital assets, such as network or web servers, are usually well inventoried, but RESTful API and web services, hybrid cloud applications, and business-critical data hosted on external platforms - are just a few examples of mushrooming digital assets of a modern-day attack surface that remain unattended.

Cloud misconfigurations will expose billions of records

Forbes says that 83% of enterprise workloads will move to the cloud by 2020. Unfortunately, the steady growth of the cloud for data storage and processing widely outruns requisite security skills and adequate training among IT personnel in charge of cloud infrastructure.

In July 2019, the world media reported a breach of Capital One, being presumably the largest data breach within the US financial sector and affecting approximately 100 million individuals in the United States and 6 million in Canada. Foreseeably, in 2020, cloud security incidents will stay atop of data breach root causes.

Password re-use and phishing attacks will skyrocket

Just for the world's largest companies from the Fortune 500 list, one may ferret out over 21 million of valid credentials exposed in the Dark Web in 2019, says ImmuniWeb. Cybercriminals prefer rapid and riskless raids to time-consuming APT attacks, costly 0days, or chained exploitation of sophisticated vulnerabilities in SAP.

Even if the passwords found or purchased by the attackers on the Dark Web are invalid, they provide a great wealth of ideas for ingenious social engineering campaigns, facilitate phishing and smart brute-forcing attacks.