The IT world has become more vulnerable than ever as attackers develop their arms beyond phishing attacks to target everything from hijacked credentials to cloud misconfigurations to the remote access tools (RATs) that MSPs depend on to bring out IT functions on their customer’s account.
 
Whether you call them cybersecurity predictions, trends or security forecasts, here’s a collection of 5 Security Trends to watch in 2020.
 

“Passwordless” Authentication
Password privacy and security is a significant security problem bothering since the appearance of AOL. But just lately, a new authentication system has endeavored to take the position of passwords. Passwordless authentication mechanisms can incorporate hardware tokens or one-time password generators, biometric authentication and knowledge-based authentication.
 
By 2022, Gartner's research prophesies that 90 percent of mid-size companies will achieve a passwordless authentication program in more than half of use cases.


Growth of Cloud-Based Security


As the world migrates a lot of technology base into the cloud, we’re witnessing cloud-based security platforms and services. Cloud computing has developed considerably over the last two decades and now is commonly applied to support important services of everyday affairs. From cloud-based data-storage services to all-in-one CRM clouds, customers and companies have become reliant on putting delicate data in cloud environments.
 
According to Kaspersky Lab, approximately 75 percent of businesses are expected to migrate applications to the cloud in the next few years. We can assume cloud-based cybersecurity to remain growing well into 2020.
 
Cybercriminals targeted MSPs completely in the year 2019 and forced upon the tools they utilize to handle customer IT systems as a means to attack those same clients. Given the level of access and support, MSPs use in their client’s network, expect hackers to continue trying to use MSPs as an entry position into their clients in 2020 and beyond.
 
Growing Security and Privacy Concerns
 
The last few years witnessed a definite improvement in security and privacy legislation, and there are no symptoms of this trend decreasing. Grey regions in compliance are pushing the need for more control – from both customer and company.
 
The first privacy law came in May 2018 when residents and people of the European Union gained more comprehensive power over how their data is being handled as part of the new General Data Protection Regulation (GDPR) laws. The new conditions are the most unfavorable in the world, with violators directed to penalties of up to 4 percent of global income or 20 million euros–whichever is higher–for refusal.
 
 
Progress in Data Encryption
 
Since cyber-attacks have become more complex over recent years, an increasing number of data-encryption progress has resulted in a group. Recent research conducted by the Ponemon Institute published that 45 percent of examined organizations have an encryption policy that is implemented consistently over their business. But when a special encryption technology or policy becomes old and exposed to cyber-attacks, all data can be jeopardized.
 
Orchestration/Automation and Integration in Cybersecurity
 
Security experts, developers, and researchers are all under stress to achieve more with less, so automation and integration are necessary across the board. By combining security into active processes, companies can efficiently handle risk while keeping the necessary speed and state of development. Sprawling web applications connecting multiple web services are more difficult to secure, and automated solutions are becoming a requirement to lessen the workload on understaffed units.
 
Security teams are fighting to make knowledge of all the data generated by the proliferating number of security tools, and typically lack the economic resources to go pick new SOC (Security Operations Center) analysts.
 
For this reason, organizations are looking to integrate the gathering and analysis of different data as well as automate the response to problems that are more generally recognized by utilizing ATAR’s SOAR (Security Orchestration, Automation and Response) tools.
 
ATAR is one such solution that helps an organization to accomplish the automated procedures for less response time and precise way. By using ATAR, SOC teams can move all repetitive actions to the platform and whenever an incident occurs ATAR manages it without human interaction. ATAR also enables to bring the incident up to a specific point that human analyst can take over from that point and continue to work on the incident.
 
Conclusion
The engines of 2020’s biggest cybersecurity warnings have already been set in motion. These are the trends that will continue to be exploited by attackers. Pair that with the accelerated growth of software development and a cybersecurity skills shortage and that should be sufficient to keep security people on their toes.
 
The rules and methods that established IT, security, QA, and compliance teams have been applying are usually incompatible with the improvement of new and sophisticated tools and techniques of attackers and cannot cope with the rate of change. It seems that the solution lies in automating many of these practices, processes, and toolchain by solutions like ATAR, enabling a more integrated, ‘detect early, fix fast’ environment.
 
 
 

Ahmet Ozturk
Product Manager