Trends for the year ahead

Another year has passed, and we are already looking forward to 12 months of fresh inspiration for companies and users, and new and exciting trends in information security. Last year, various manufacturers and experts identified IoT security, artificial intelligence for attackers and defenders, phishing and ransomware as important trends. Looking back, they were not entirely wrong, but we didn't really see groundbreaking developments in these areas either.

Although nothing much has happened with AI and IoT so far, we are likely to see trending topics that spark a revolution this year whether this helps or hinders humans. If the last 12 months are anything to go by, IoT has shown one thing: IoT security can only work with an overall security concept. In truth, there's almost nothing special about IoT security – the most important aspect is integrating IoT into the security concept for an entire system. The true relevance for AI or machine learning to the field of security is just as sobering. Both the attackers and the defenders are still working with a proverbial pickaxe rather than a light saber. Phishing mails and ransomware are all old hat – successful attacks using the same methods as 20 years ago. And IT departments are still failing to document, plan, and make one reckless mistake after another. The disastrous enthusiasm for the public cloud does not make it any easier.

And while we're on the subject of the public cloud: Gartner predicted that 95% of all security incidents in public cloud services would be caused by customer configuration errors as early as 2016. If the adoption rate really gets going this year – even banks and insurance companies are seriously thinking about public cloud deployment –without security concepts and proper compliance implementations, a real train wreck could be on the cards. Although you won't hear this from cloud providers, we think it's high time for a forecast based on our own experience: In 2020, there will be further massive security incidents related to Azure, AWS and other major and minor public cloud services.

In this context, it is interesting to note that one manufacturer sees a threat to the homogeneity of the internet within the coming year. Large hyperscalers such as Azure, Google and Amazon already use their own network infrastructures for their connections between data centers. Entire countries are working to create a local Internet that they can turn on and off or disconnect from the rest of the world at will. Similar measures are planned in Turkey, Turkmenistan and Saudi Arabia. This will not be without consequences and collateral damage, as one manufacturer suspects. They predict that the Great Firewall of China will become a critical issue when the impact of Chinese government censorship of the Internet by a Chinese ISP will be demonstrated even beyond China's borders in 2020. Hundreds of locations and services worldwide are likely to be taken offline, even though the routing policy should only apply to users in China.

5G is also included in almost every forecast this year, even though it is hardly clear what new threat the mobile phone standard will pose in concrete terms. IP addresses have long been available on mobile devices, and since the most important productivity apps run on Android and iOS, IT departments are struggling against an opponent that easily overcomes firewalls and other perimeter protection measures. But perhaps infrastructural risks are more relevant for 5G. The fact that China is viewed critically as an equipment supplier is a well-known public issue. But what about other countries? Thanks to Edward Snowden, the USA has a public record for equipping infrastructure components with back doors. The USA is still considered a champion of the western world, but the changes Trump introduced during his term in office are causing unease among many.

It looks like another exciting year in terms of the security situation. Old threats have remained, new ones are emerging. In the next eleven months, we will see what trends have actually made the headlines.