Sami Laine, director of technology strategy, Okta
Look out for contextual access spending to spike in 2020. In the coming decade, organizations will shake up their security budgets to account for a Zero Trust strategy. Spend on perimeter will move instead towards access points that are more dynamic; we’ll see a decrease in firewall and perimeter investment and in 2020, expect an increase in spend on tech like context-based access management. With 97 percent of organizations using cloud services, the network perimeter can no longer serve as a barometer for trust – companies are starting to operate through the lens of least privilege, analyzing each authentication and authorization deeply. And as machine learning technology continues to evolve and move past heuristics towards true individualized pattern recognition, we’ll see that increasingly baked into security budgets as well.

Humberto Gauna, information security advisor, BTB Security.
The increasing frequency of ransomware attacks shows no sign of slowing down, but companies have found success in quickly recovering from these attacks without paying by investing in recovery operations. Next year, CISOs and security teams will continue to invest in the tools and processes needed to recover backups seamlessly and ensure business continuity. Every organization should have the ability to recover from data loss, no matter the cause, but we have strayed away from data backup and recovery due to resiliency in RAID configurations as well as equipment availability. I expect more CISOs to invest in recovery operations as the threat of ransomware continues to grow.

Nilesh Dherange, CTO, Gurucul
Organizations will significantly increase spending on cyber security. The big challenge is to ensure that the spending is focused in the right areas. For the most part it won’t be, and we can expect an uptick in data breaches in 2020 despite the record amount of money spent on cyber defense worldwide. Part of the problem will be an inability of many organizations to keep up with basic cybersecurity hygiene tactics such as patching, frequently changing privileged credentials and utilizing multi factor authentication. Expect the bad guys to continue penetrating environments due to these basic oversights.

Another part of the problem is many organizations continued use of yesterday’s security technology to fight tomorrow’s security battles. Rules based security solutions like SIEMs are great for detecting known vulnerabilities. But they are ineffective defending against new, unknown threats. So even as companies continue to invest ever larger sums of money in such products, we can expect data breaches to keep occurring on a regular basis.