2020 Predictions: Hear Me Now and Believe Me Later
Published 01/17/2020
By Jim Reavis, Co-Founder and CEO of CSA
I am typing up my prediction blog using an invisible ink font, to reduce my embarrassment when 2021 rolls by. I know prediction articles can be a dime a dozen and prognosticators pick both easy and vague items to appear smarter than they are. I am all about that!
Before I give you my predictions, here are a few predictions others made about the year 2020:
- In 1994, RAND Corp predicted we would have ape chauffeurs.
- In 1957, Popular Mechanics said roads would be replaced by pneumatic tubes. Hyperloop isn’t quite there yet.
- In 1955, Lewyt Vacuum Company said vacuums would be nuclear powered. Yikes!
- In a 1911 Lecture at the Royal College of Surgeons of England, it was predicted that human feet would become one big toe.
- In 1900, John Elfreth Watkins Jr., the curator at the Smithsonian, said C, X, and Q would not be part of the alphabet. He wouldn’t be a fan of cloud computing.
My predictions won’t be perfect, but they will be better than that. So, here we go.
#1 We will see an increase in Cloud Breaches. This is primarily a function of market adoption, more usage and more data in the cloud. It is going to be caused by ”Bread and Butter” security issues:
- Misconfigured VMs, Containers, Firewalls & Storage Buckets
- Poorly managed credentials, keys, often found through “GitHub scraping.”
- Lack of multifactor authentication & IdM strategy
- API insecurity
- Change control & patching deficiencies
#2 Artificial Intelligence “Deepfake” Ransomware. We have already seen Deepfake spearphishing, such as when a UK company was scammed out of $243k by a Deepfake voice message purporting to be that of their German CEO. Deepfakes are getting so good that they will make for a compelling click. I see them being deployed with worm technology and with ransomware being a logical payload.
#3 2020 US Presidential Election Mischief. Forget about state actors hacking the election or social media manipulation being used to change the results, that is above my pay grade. I am talking about security attacks on the rest of us due to this being the most controversial and passionate presidential election in modern times. I see three attacks happening. Widespread phishing attacks will be successful due to the high passions and hyperbole. Hacktivists will target businesses appearing to lean towards one party or another. I also see ransomware attacks on government agencies.
#4 The Year of Serverless Security. Serverless computing, such as Function-as-a-Service, is all the rage right now. It is easy to see why, you relieve the application developer from a great deal of server management considerations and the generous pricing structure from cloud service providers makes this compelling. We are still in the early days of understanding exactly how we secure Serverless. This can be exacerbated by developers designing applications in a way that expose its weaknesses, such as inadvertently creating frequent unexpected triggering events. Serverless Security will be a big topic, we will see new startups dealing with it and we will leave the year with a better perspective of when to use Serverless and how to secure it.
#5 Cloud Portability. Portability of applications in the cloud has become more difficult with each passing year. Cloud service providers have created so many valuable and proprietary services that developers love, leading to a world where applications tend to be tightly coupled with their underlying infrastructure-as-a-service. This is the market at work, and many enterprises I have talked to have said a loss of portability is a trade they are willing to make in exchange for having clear accountability from the provider. Still, I have a suspicion that by the end of the year, there will be an initiative to revisit portability from stakeholders that are concerned about the downsides of lock-in.
Well, I think we will leave it at five as I don’t want to use my incredible powers to give you this year’s Super Bowl winner. I wish you all a happy and prosperous new year, let’s enjoy watching 2020 unfold together!
Jim Reavis
Co-founder and Chief Executive Officer, CSA
For many years, Jim Reavis has worked in the information security industry as an entrepreneur, writer, speaker, technologist and business strategist. Jim’s innovative thinking about emerging security trends have been published and presented widely throughout the industry and have influenced many. Jim is helping shape the future of information security and related technology industries as co-founder, CEO and driving force of the Cloud Security Alliance. Jim has been named as one of the Top 10 cloud computing leaders by SearchCloudComputing.com.