Chief information security officers (CISOs) face no shortage of challenges. Expanding attack surfaces and complex cloud security environments have given rise to new advanced threats. Compliance regulations have become more rigorous and punitive. And while digital transformation accelerates the pace of doing business, its impact is often limited by budget restrictions and security talent gaps. At Splunk we talk to hundreds of CISOs every year. Here's what they told us they care about in 2020.

On Wednesday, March 25th, we launched our Splunk for CMMC Solution with a webinar presentation to a diverse set of defense industrial base (DIB) participants and partners. As I discussed during the launch event, the Splunk for CMMC Solution provides significant out-of-the-box capabilities to accelerate organizations’ journeys to meet, monitor, track, and mature the cybersecurity practices required by the Cybersecurity Maturity Model Certification (CMMC).

Welcome to the new world, my friends. Now that working from home is our new reality, we've found that many of our customers are taking a much closer look at the technology that binds us all together and allows us to access corporate resources: the humble VPN. In the spirit of enablement, I’ve put together a quick list of dashboards that can help add that extra bit of visibility for our faithful Splunk Enterprise Security customers.

These days, cybercriminals are ambitious and innovative, with no shortage of tools and resources at their disposal to go after high-stakes targets and execute malicious code — all while flying completely under the radar. To prepare you for what’s ahead, below are five of the top cybersecurity threats you might encounter in 2020.

In 2019 multiple cities, hospitals and educational institutions in the U.S. were crippled by ransomware, including Baltimore, Atlanta, New York City, Regis University in Denver and Monroe University in New York. In the the last 12 months, the infosec community has seen these ransomware operators seriously upping their game (see Ryuk ransomware).

If you're a cybersecurity leader with decades of experience in the industry, I am sure you've helped your organization navigate major security issues related to remote working. Technology has evolved drastically across the decades, with new attack surfaces emerging with each shift.

With more and more endpoints accessing your network remotely, you should expect rapid increases in VPN connections and usage, as well as exponential usage of cloud-based services. There are numerous Splunk apps that can help you increase the monitoring of remote endpoints but let’s showcase Splunk Security Essentials (SSE).

Right, so now the vast majority of your workforce works remotely. Clearly managing all these inbound VPN connections is on top of mind, but what about other vulnerabilities you should be monitoring for? In addition to the ever increasing number of inbound VPN connections, organizations can expect an increase in the use of SaaS-based collaborative software such as Slack, Dropbox, G Suite, and Trello.

Phishing attacks aren’t going away anytime soon. The numbers from Verizon’s 2019 DBIR Report and SANS Institute prove only one thing: When you’ve done all you can to protect against phishing attacks, that means it’s time to do more.

As new technologies emerge, end-to-end application stacks continue to grow, and connected devices become more omnipresent in everyday lives, our society will only become more intrinsically connected across multiple touchpoints. It’s even estimated that in the US alone, there will be roughly 200 billion IoT devices by the end of 2020.