Sami Laine, director of technology strategy, Okta
Look out for contextual access spending to spike in 2020. In the coming decade, organizations will shake up their security budgets to account for a Zero Trust strategy. Spend on perimeter will move instead towards access points that are more dynamic; we’ll see a decrease in firewall and perimeter investment and in 2020, expect an increase in spend on tech like context-based access management. With 97 percent of organizations using cloud services, the network perimeter can no longer serve as a barometer for trust – companies are starting to operate through the lens of least privilege, analyzing each authentication and authorization deeply. And as machine learning technology continues to evolve and move past heuristics towards true individualized pattern recognition, we’ll see that increasingly baked into security budgets as well.

Humberto
Gauna, information security advisor, BTB Security.
The increasing
frequency of ransomware attacks shows no sign of slowing down, but companies
have found success in quickly recovering from these attacks without paying by
investing in recovery operations. Next year, CISOs and security teams will
continue to invest in the tools and processes needed to recover backups
seamlessly and ensure business continuity. Every organization should have the
ability to recover from data loss, no matter the cause, but we have strayed
away from data backup and recovery due to resiliency in RAID configurations as
well as equipment availability. I expect more CISOs to invest in recovery
operations as the threat of ransomware continues to grow.

Nilesh
Dherange, CTO, Gurucul
Organizations will
significantly increase spending on cyber security. The big challenge is to
ensure that the spending is focused in the right areas. For the most part it
won’t be, and we can expect an uptick in data breaches in 2020 despite the
record amount of money spent on cyber defense worldwide. Part of the problem
will be an inability of many organizations to keep up with basic cybersecurity
hygiene tactics such as patching, frequently changing privileged credentials
and utilizing multi factor authentication. Expect the bad guys to continue
penetrating environments due to these basic oversights.

Another part
of the problem is many organizations continued use of yesterday’s security
technology to fight tomorrow’s security battles. Rules based security solutions
like SIEMs are great for detecting known vulnerabilities. But they are
ineffective defending against new, unknown threats. So even as companies
continue to invest ever larger sums of money in such products, we can expect
data breaches to keep occurring on a regular basis.