It’s time for the cybersecurity industry’s annual predictions, online threat forecasts and cybersecurity trend reports. Here’s your roundup of top insights from the leading security companies and cyber experts for 2019 and into the 2020s.
What will happen in the future?
We constantly seek answers to that question in areas ranging from weather forecasts to stock market corrections to sports scores to election results. In our individual lives, we ponder potential career opportunities and personal relationships — new and old.
Alexander Graham Bell once said, “Before anything else, preparation is the key to success.”
And, “When one door closes, another door opens; but we so often look so long and so regretfully upon the closed door, that we do not see the ones which open for us.”
Technology is opening many new doors as we head into 2019. Using artificial intelligence, robots and big data, we are curing diseases, finding new galaxies and feeding more people. The world is radically transforming before our eyes.
In cyberspace, new 5G networks, unprecedented data collection and cloud computing resources delivered via amazing mobile devices keep changing lifestyles as never before. The Internet of Things (IoT), autonomous vehicles and microchip implants are redefining the definition of “connected.”
Meanwhile, at the center of all this innovative, cybersecurity has become the chief broker. For some, cyber is the accelerator which speeds up trusted interactions that are repeated with confidentiality, integrity and availability. For others, cybersecurity acts as the brakes that slows developers down when confronting dangerous turns.
Either way, the future of cybersecurity is paramount to the future of innovation. Will the people, processes and technologies come together for good or evil purposes in 2019? The stakes have never been higher.
Ready or not, we are on the cusp of a new decade. What will that future bring?
Here’s what the best and brightest have prepared for you to consider — and act upon regarding security, hacking and all things cyber.
2019 Prediction Highlights
There are a few cracks of sunlight through the (still) dark cyberstorms this year.
The overall tone of most security predictions for 2019 is not quite as treacherous as last year’s forecasts, with very few apocalyptic cyberscenarios presented. Nevertheless, most experts still think the bad guys remain ahead of the good guys. (The tone of the global FireEye analysis from CEO Kevin Mandia reveals this sentiment.)
Still, there will be an abundance of hacking that causes cyberdisruptions as well as many more major data breaches coming in 2019, if these predictions come true. I think Beyond Trust made the biggest jump this year, in the quality and thoughtfulness in their predictions.
Specifically, several experts predict economic espionage will reawaken because of a US-China trade war. More targeted malware hitting more devices than ever from smart home devices to more business functions at work. The cybersecurity skills talent gap gets worse, while cybercriminals compete for dominance like the mob gangs in 1930s Chicago.
Meanwhile, more countries than ever develop offensive cybercapabilities. Cyberattacks continue to take advantage of known vulnerabilities and exploits that organizations fail to fix.
Major Differences of Opinion Between Thought Leaders
One big change this year includes a divergence regarding predictions on a variety of security topics, specifically regarding what technologies are helpful and what areas will be hardest hit. For example:
Will artificial intelligence (AI) be helpful in 2019 or not? Some say yes (like IBM), while several others (like Forcepoint) are proclaiming that AI is not really helping very much. Forcepoint predicted: “There is no real AI in cybersecurity, nor any likelihood for it to develop in 2019 ...”
Sophos predicted fewer, better adversaries. “We expect we’ll eventually be left with fewer, but smarter and stronger, adversaries.” While others predict the rise (or return) of more small guy hackers and more hacktivists rising out of obscurity. (I’m with the second group.)
Some say more mobile threats and some say threats are mostly moving to the cloud.
Some say more privacy regulation are coming in the U.S., others say no.
Also, the privacy advocates versus a backlash from too much regulation is another major theme playing out.
Twelve months ago, I published the top 18 security predictions for 2018, and the prognosticators did pretty well. As predicted, we saw more big data breaches, more ransomware, critical infrastructures hacked, and many more nation state attacks and IoT vulnerabilities. Those details can be found here, with the headline that 2018 will be remembered as the year that privacy took center stage.
And yes, many of these 2019 predictions are repeats, with some very similar to the top 17 security predictions for 2017. Nevertheless, I continue to see huge benefits for everyone who reviews these prediction reports annually. The exercise provides you a pulse of the cybersecurity and technology industries, and also helps prepare project lists, since the thought-leaders often offer action steps to help.
Best of all, these cybertrends, research analysis and cyberthreat information is free — unlike many costly cybersecurity trend reports for sale. My advice: Use the links to study the free reports from security industry leaders and followers.
Top 19 Security Industry Predictions by Security Industry Company
1) Trend Micro once again delivers a top-notch, comprehensive security prediction report that is easy to access and based upon “our experts’ analysis of progress of current and emerging technologies, user behavior, and market trends, and their impact on the threat landscape.”
Trend Micro’s report is titled Mapping the Future: Dealing With Pervasive and Persistent Threats and is available in Web and PDF formats. They do a creative job of categorizing their predictions into items for Consumers, Enterprises, Governments, Security Industry, Industrial Control Systems, Cloud Infrastructures and Smart Homes — with pragmatic action items for all.
Here are a few top-line prediction examples (with many more details available in the report linked above)
2) FireEye once again offers an extensive, intriguing predictions report, which is excellent and definitely worth reading. But for the first time in a few years, they do not require registration to access their prediction details. However, once you read for a few minutes, a box will pop up requiring your contact details to continue, so if you don’t want to register — save the PDF quickly offline. And yes — the report is impressive and thought-provoking.
FireEye’s report is titled: Facing Forward: Cyber Security in 2019 and Beyond. (You can also watch a video overview discussion below from FireEye.) Their leadership took a different approach this year, offering words of wisdom on cybertrends from executives on a variety of topics. It starts with this strong endorsement of prediction reports from Kevin Mandia their CEO: “In the cyber security industry, we’re so frequently working around-the-clock for days at a time that we often forget when one year ends and another begins. It’s a shame, too, because the end of the year is a very important time. It provides a moment to reflect on what we observed and experienced over the past 12 months, and to consider how best to address the challenges we have been facing. Perhaps more critical to our line of work, it offers an opportunity to note what developed into a trend, and what might develop into a trend as we move into the next year and beyond.”
Here are some of the high-level topics covered by FireEye:
3) McAfee Labs 2019 Threats Prediction Report led with these words: “Greater collaboration among cybercriminals exploiting the underground market, which has allowed them to develop efficiencies in their products. Cybercriminals have been partnering in this way for years; in 2019 this market economy will only expand. The game of cat and mouse the security industry plays with ransomware developers will escalate, and the industry will need to respond more quickly and effectively than ever before. …”
Ever heard of “synergistic threats?” You’ll need to read their report to understand where that trend is going. Here are their top 7 predictions — with details at the links on each item:
4) WatchGuard Technologies kept pace with the top-tier cybersecurity rivals in their 2019 prediction report that breaks some new ground. “This year the team at the WatchGuard Threat Lab imagined a string of attacks that could lead to a cybersecurity apocalypse. Our security predictions for 2019 span from likely to audacious, but in all cases there’s hope for preventing them with layered security defenses that meet them head-on!”
My favorite Watchguard Predictions:
5) Forcepoint stepped-up their game with an impressive cybersecurity prediction report this year with a 23-page quality presentation in multiple formats including PDF. They went out on a few limbs and countered the masses on areas ranging from AI to the cloud.
Their content is also fresh and not “warmed over from last year” like many other 2019 reports.
6) Beyond Trust — Once again offers a solid list of security predictions that have hyperlinks to plenty of supporting details and reasons why (for those who like to dig deeper.) I like the opening by Morey Haber their CTO: “There are three jobs in this world where you can be completely wrong all the time and still not have to worry about being fired. One is a parent. Another is a weatherperson. And the last one is a technology trends forecaster.”
Their top predictions include:
7) Symantec — In a featured blog, Symantec leaders Steve Trilling and Dr. Hugh Thompson offer their list of Cyber Security Predictions: 2019 and Beyond. Their predictions were fairly mainstream. Here are a few:
8) Kaspersky’s 2019 Predictions were harder to find than last year, but they still offer some very good insights, such as these:
9) Verizon — I give Verizon a lot of credit for going back every year and looking at how they did at predicting trends from the year before. Verizon offers this list of 7 trends driving enterprise IT transformation in 2019. Most of these are customer focused (and not security-focused) like: “Businesses will invest for performance.” And yet, almost every one of these has a security component that shows up regarding trust and delivery guarantees.
Consider these Verizon predictions:
10) AT&T — offers these 5 cybersecurity trends to expect in 2019. Starting the list is cybersecurity automation: “As it relates to staffing, we may see a rise in the automation of security and data privacy. …”
Also, after many predictions from 1993 came true, AT&T recently asked their staff to think more long-term about where the world is heading over the next decade or two. You may wonder, what do any of these have to do with security? Quite a bit, if they are going to come true.
Here are some of those AT&T future predictions:
11) RSA Security (A division of Dell) — Back in October, RSA offered these trends for 2019 in the Middle East, which quite frankly read like more of the same as in 2018. However, this updated December list of 7 trends to watch out for seems more cutting edge — but no big surprises.
Here are a few new RSA security predictions:
12) Forbes — Most readers know that Forbes magazine online offers a wealth of different perspectives and experts on a variety of topics, but they also carefully select who speaks for them. This list of 60 cybersecurity predictions for 2019 by Gill Press is worth reading through, mainly because it covers the thoughts of some of excellent leaders in smaller companies that are breaking ground on new ideas and cybersolutions in areas like AI.
Here are few of my favorites on the Forbes list:
13) Bitdefender cracks the top list for the first time, with this well-thought-out list from Liviu Arsene, who is a Global Cybersecurity Researcher.
Some of their top predictions:
14) Sophos Labs offers an excellent 2019 Threat Report that highlights cybertrends for the coming year, some pontification about 2018 as well as conclusions like “ransomware is not going away.” Here are a few of the Sophos cyberthreat trend topics covered as we head into 2019:
15) IBM’s predictions could not be more different than Forcepoint. In a sentence, Big Blue is going “all-in” on AI and throwing a bit of quantum computing in the mix for 2019 to help solve our growing problems.
IBM’s X-Force Labs also put out their own predictions this week which can be found here.
16) Forrester — The resources of Forrester, Gartner and a few similar companies are extensive in the prediction space, but finding their content can be difficult, given their business models to ask you to pay for details behind their materials. Most of their reports are not free.
Still, there are many ways to get Forrester prediction overviews (with details often hidden unless you pay) in both technology and security.
For technology, here are 14 quick tech predictions for 2019 — leading with “Customer experience (CX) remains under fire.”
For security, this blog lays out Forrester’s 2019 themes, such as “Economic espionage will reawaken because of the US-China trade war.” And, “women CISOs will increase as companies look for different perspectives.”
17) Gartner offers these 2019 “Top Strategic Predictions for 2019 and Beyond.” Here are some interesting samples — that go into the 2020s:
18) Nuvias Group — Ian Kilpatrick, EVP Cyber Security, Nuvias Group, offers a simple, straightforward list that seems pragmatic, with few surprises.
Top 3 Predictions:
19) Barracuda MSP — offers this list of 2019 predictions via ChannelFutures.com — Here are a few:
Bonus cyber prediction to round off to an even 20 — heading into 2020:
Zscaler offers this excellent list of predictions that starts with these three items:
Honorable Mention Predictions — These are not in my top 19, but offer good predictions. If you don’t see your organization’s predictions on the list, let me know, and I will consider adding after review. (Note: The prediction must be available online to reference details via a link):
Dan Lohrmann Prediction Awards:
Most Creative — Beyond Trust – “Millennials Ruin Everything” — (Based on a privacy prediction on the evolving prediction of privacy and how young people don’t care and share.)
Newest & Specific — “Bring your own security (to work) takes off” — (MalwareBytes)
Most Scary (yet practical) — Cybercriminals Will Compete for Dominance in an Emerging IoT ‘Worm War’ (TREND MICRO)
Most Common and Likely — More large-scale security breaches — (almost everyone)
Most Disagreement Among Security Companies — The Role and Value of AI in 2019 (Many predictions highlight how AI value is way overblown).
Best Overall Advice in Predictions — Well-known Vulnerabilities Will Continue to Dominate Cyber Attack Reports (Beyond Trust and others)
What’s Missing From These Predictions?
Very little mentioned about cyberattacks trying to take advantage of or disrupt global events, from sports events like March Madness betting to the Rugby World Cup scheduled in Japan in 2019 to G8 and other potential gatherings.
It's hard to say how financial markets could be impacted in 2019, but the recent big drop in stocks in the USA is certain to cause change and probably some hacker pain somewhere. With Fed testimony on 12/19/18, the market swung over 500 points on the words spoken by the Fed Chairman. Could false online rumors in 2019 cause a major stock market move? Or, could hackers somehow manipulate stocks?
After everyone seemed to have a prediction on bitcoin in 2018, the huge drop in price has quieted talk about cryptocurrencies, but expect more hacking and other shenanigans with digital currencies.
Also, hacktivism is rarely mentioned for 2019, but a comeback of the small guys making headlines is sure to erupt at some point regarding global hacktivist activity. Indeed, I think a lot of that happened in 2018, but was below the radar. Could the “yellow vests” in France or others around the world do more online disruption? I think so. See this piece for more on this trend.
Finally, cyberinsurance will evolve in some of the ways outlined in this UK article.
Here’s one cyberprediction from yours truly (Dan Lohrmann) for 2019 — more organizations and media outlets than ever will be making cyberpredictions for 2020 next October through December about the 20s decade in cyber to come. Expect many more trends and forecast lists with titles similar to “top 20 security predictions for the 2020s.”
And as we head into 2019, I want to thank you for continuing to fight the cyberfight — despite the challenges and moving threat landscape that makes data protection so difficult.
Peter Drucker once said that “trying to predict the future is like trying to drive down a country road at night with no lights while looking out the back window.”
But Alexander Graham Bell once said: “The day will come when the man at the telephone will be able to see the distant person to whom he is speaking.”
How did he know that?