People are lazy, they are the weakest link - I expect we will see more compromises and data breaches due to this in the following year! this trend won't ever change.
However, I believe trends always follow the path of least resistance. So at some point, I expect to see more compromises from home devices such as Alexa and Google Nest Hubs and Hue lightbulb ( see https://www.digitaltrends.com/home/hackers-target-philips-hue-smart-bulbs/).
People will just plug them into their home networks, not caring. It's just a lightbulb. IOT is a ticking time bomb, there are strides to get a handle on it...
However, as vendors get better, the skill level required to author malware and bypass safeguards is becoming harder. Proof that things like SDLC are working, but it always has been an arms race!
Another trend I expect we will see more of in 2020 - will be state-sponsored cyberweapons used and then subverted for criminal usage.
The AI golden bullet security vendor product era will decline as people opt for sensible proven controls rather than the "bleeding edge" newest security tool.
Another trend I believe will be maintained is that - researchers are finding more and more complex issues and edge cases, where the real-world threat isn't aligned with the severity given in the CVE.
No, what to expect in 2020 thread, would be complete without the prediction that there will be a few more named CVE's with amazing catchy names and logos.
I also predict that the trend of hardware designed flaws, from Intel and AMD will continue. This with a tinfoil hat could be a means to drive future sales. "Oh there a is a flaw and if you want to be secure from complex malware, upgrade to the latest CPU"....
I also predict a lot of certification changes this year, that doesn't really provide any benefits to end-users or employers but do help the revenue of certification bodies. Thinking about Ciscos recent changes. This makes certifications earned less valuable as its easier to obtain.
On Jobs, I expect to see an increase in requirements for roles, with broad in-depth skills, and high-level qualifications for entry-mid level positions. You will struggle to get a helpdesk job with a degree these days!
On a positive note, I also think there will be a trend to improve diversity in Cyber Security, I already have seen a large increase in really good young women in cybersecurity.
I also would like to believe there is a trend in end-user education improvements, however, the phishing stats available seems to prove this is still the most common vector but there is a noticeable improvement in awareness from public bodies.
Also positively, I expect more services to become 2FA by default.
With the (hopefully) retirement of older OS, to more secure by default, including auto-patching, we hopefully should see better patch levels and security.
Just my thoughts...
