Top 5 Cybersecurity and Cybercrime Predictions for 2020
December 4, 2019
We distilled 30 independent reports dedicated to cybersecurity and cybercrime predictions for 2020 and compiled the top 5 most interesting findings and projections in this post.
Compliance fatigue will spread among security professionals
Being a source of ongoing controversy and debate, the California Consumer Privacy Act (CCPA) was finalized on 11th January 1, 2019.
Driven by laudable objectives to protect Californians' personal data, prevent its misuse or unconsented usage by unscrupulous entities, the law imposes formidable monetary penalties of up to $7,500 per intentional violation and $2,500 per unintentional violation.
The Act is enforceable against organizations that process or handle personal data of California residents, regardless of the geographical location of the former. Akin to the EU GDPR, data subjects are empowered with a bundle of rights to control their personal data and its eventual usage.
The pitfall is that if every US state introduces its own state privacy law, one will have to comply with over 50 overlappings and sometimes incompatibly contradictive regulations only on the US territory or otherwise face harsh financial penalties or even criminal prosecution.
Exacerbated by the mushrooming regional, national, and transnational regulations, 2020 may become a year when cybersecurity compliance will erode and start its rapid downfall. In light of the slow judicial system on one side, and insufficient cybersecurity skills and scanty budgets on another, cybersecurity professionals may start flatly disregarding the wide spectrum of superfluous regulations.
Third-party data breaches will dominate the threat landscape
Supply chain attacks are up 78% in 2019, says Symantec. Competitive and successful businesses are usually distinguished by a high level of proficiency and specialization, concentrating all available resources to attain excellence in a particular market to outpace competitors.
Hence, they outsource most of their secondary business processes to skilled suppliers and experienced third-parties, thereby reducing costs, increasing quality, and accelerating delivery.
Sadly, suppliers also operate in turbulent and highly-competitive global markets and thus can rarely afford a decent level of cybersecurity and data protection for their clients.
IBM says the average time to identify a breach in 2019 was as high as 206 days. Still, even worse, such attacks are infrequently detected both due to their sophistication and lack of skills amid the victims, eventually being suddenly reported by security researchers or journalists and flabbergasting the data owners.
Cybercriminals are well aware of this low-hanging fruit and...