MobileIron Predictions for 2020
January 2020 by Brian Foster, SVP of Product Management, MobileIron
Hackers will target small businesses more frequently, and with more sophisticated cyberattacks. Small businesses are in the most vulnerable position because they have little to no resources or infrastructure in place to address cybersecurity threats – making them the biggest targets. According to Verizon’s 2019 Data Breach Investigations Report, 43 percent of all breaches targeted small businesses. To put this in perspective, there are 30.2 million small businesses in the U.S., comprising 99.9% of all U.S. businesses. And a single breach could wipe out a small business. According to a report commissioned by the National Cyber Security Alliance and conducted by Zogby Analytics, 10 percent of small businesses hit with a cyberattack in 2019 were forced to shut down as a result.
Humans suck at security and we aren’t going to get any better. With the cybersecurity space constantly advancing, employees need to be up to date on the latest security protocols. This year, we saw Capital One fall victim to one of the most dangerous data breaches — and it was an inside job. Companies are accustomed to protecting against outside threats that target sensitive personal data, but they lack when it comes to protecting against internal threats. By keeping all employees up to date on the latest security standards, companies can ensure a firm security posture and hopefully, we’ll start to suck a little less.
The smallpox of cybersecurity – passwords – will be eradicated by 2025. Passwords are ingrained in our society because they’ve been around for over 60 years, but this doesn’t mean it’s the safest way to secure our digital lives. Passwords are not only a hassle – they’re antiquated and open us up to even more cyber threats. Similar to how smallpox was eradicated, if we ban together, we can wipe out passwords and the onus is on the technology industry to drive security forward by eliminating them. Capabilities like zero sign-on, software and hardware tokens, behavioral analysis, and biometrics already exist that allow organizations to switch to passwordless authentication today.
As we expose more data breaches, security paranoia will take over and dominate headlines. It’s easy to read a story about a data breach and immediately go into a panic, but we need to take a step back and examine the facts. Society has become hypersensitive to security – anytime we seen an issue in the space, we assume it’s bad. This panic will lead to security paranoia and ultimately distract us from the real cyber issues.
75% of knowledge workers will work remotely, at least part of the time, in 2020 and IT security will finally catch up. Expectations about work flexibility increase every year – employees want to work remotely and not worry about how secure the network is. IT departments used to take an all or nothing approach by locking things down, but employees continued to work the way they liked. In 2020, IT is going to be a lot less prescriptive by extending BYOD policies and resolving the tension between security and users, particularly when it comes to knowledge-intensive industries like financial services.
Seventy-five percent of work will be done on mobile devices by 2025. Virtual reality (VR) and augmented reality (AR) technologies will revolutionize business and change the way organizations communicate, learn, and collaborate across all industries. For example, there will be a huge uptick in virtual doctor’s visits. As a result, organizations will increasingly take control of their devices with a mobile-centric, zero trust security platform that supports productivity.
Companies will neglect proper security infrastructure as consumer privacy takes the spotlight. Standards such as the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) brought issues of consumer privacy to the forefront. With the CCPA going into effect on Jan. 1 2020, companies will race to get compliant – spending an estimated $55 billion in initial compliance costs. Companies will be distracted by the urgency to comply with new privacy standards and neglect important security protocols, and as a result, they will become even more vulnerable to cyberattacks.
5G will result in the first public disclosure of a data breach caused by a mobile device. Extremely fast 5G connectivity will enable new capabilities for self-driving cars, remote robotic surgeries, and many other applications that require decisions to be made in single-digit milliseconds. However, it will also accelerate the amount of data lost on mobile devices. 5G will continue to dissolve traditional enterprise network perimeters and cybercriminals will take advantage of security gaps to launch all kinds of attacks, such as phishing, man-in-the-middle, device takeovers, and more.
Consumers will take control of their privacy. Over the past few years, we’ve witnessed some of the biggest privacy and data breaches. As a result of the backlash, tech giants such as Apple, Google, Facebook and Amazon beefed up their privacy controls to gain back trust from customers. Now, the tables have turned in favor of consumers and companies will have to put privacy first in order to stay in business. Moving forward consumers will own their personal data, which means they will be able to selectively share it with third parties, but most importantly, they will get their data back after sharing, unlike in years past.
As cybersecurity threats evolve, we’ll fight AI with AI. The most successful cyberattacks are executed by highly professional criminal networks that leverage AI and ML to exploit vulnerabilities such as user behavior or security gaps to gain access to valuable business systems and data. All of this makes it extremely hard for IT security organizations to keep up — much less stay ahead of these threats. While an attacker only needs to find one open door in an enterprise’s security, the enterprise must race to lock all of the doors. AI conducts this at a pace and thoroughness human ability can no longer compete with and businesses will finally take notice in 2020.