Security Predictions for 2020

New Year, new prediction fun! Taking a look back at last year, it’s easy to see I was more hopeful than practical.

Ansible security modules? This partially became true in that there are now a number of security modules. More importantly the network modules are now considered stable and that signifies a huge overall improvement. This milestone represents a major advantage for Ansible over other automation frameworks that require an agent.

Machine learning becoming a free option in ELK or making application white-listing possible? Admittedly this was highly improbable and though it has not happened it would still be nice to see sometime down the road.

Quantum supremacy? It depends on who you believe. The Guardian summarizes this saga well. The Coles notes goes like this: Google and most of the internet celebrated quantum supremacy while IBM disagreed. They don’t discount Google’s achievement but rather the assertion that the supercomputer would have taken 10,000 years. Even accepting their claim that this task would actually take 2.5 days, I’m declaring a victory for the quantum computer.

Microsoft’s Advanced Threat Protection? The name wasn’t really modified but the underlying service is a combination of Office 365’s ATP and Azure’s ATP to create Microsoft Threat Protection. Even though this prediction was very hopeful, it happened! However the caveat that it is only available on expensive Office365 plans still makes it out of reach for most average users.

IPv6 mass adoption? There was very little change over the last year and virtually no additional adoption in Africa, South America, or the Middle East; which is what I predicted. India, the USA, and much of Europe has increased to about 50% adoption.

We are ecstatic every year at the continual technological improvement. My predictions this year will follow ongoing trends instead of airing on the side of hope.

1. Insider threats will be caught more often. Insider threats have long been considered the greatest threat to an organization and their cost is the highest. I believe more will be done to catch this threat.

2. More privacy laws/regulations will be created in Canada. GDPR in the EU hasn’t resulted in the expected Armageddon and Canadian privacy laws have largely gone untouched for 15 years. The federal government has made public plans to regulate online speech in Canada and I believe we will see some updated privacy laws as well.

3. Ransomware protection will proliferate and at least minimize damage done by ransomware.

4. Passwordless will get more coverage as the first round of passwordless organizations will work through issues and light the way for others.

5. More new named attack vectors. Meltdown, Spectre, Bluekeep, Zombieload, Fallout. There is already a trend of naming major security vulnerabilities that I suspect will take off this year.