As the cybersecurity world is left reeling from record breaking hacks and breaches which occurred (or surfaced) in 2017, the importance of organizations ensuring their code’s security is rightfully taking the spotlight as the new year begins.
However, in taking a step beyond code security, it’s critical that organizations of all sizes and those employed within them are paying close attention to the rising trends impacting the cybersecurity world. Continue reading to learn more about our predictions of which cybersecurity trends will dominate in 2018.
The buzz surrounding ransomware is simply everywhere, from international headlines to the midseason-finale of Grey’s Anatomy. We included this familiar yet continuously rising trend as one of our 3 Need-to-Know Security Terms for 2017, and thanks to one of 2017’s biggest cybersecurity incidents, it’s quite clear that the rise of ransomware is as rapid as ever.
We predict the new year to bring attackers new technologies, targets, and objectives. However, today there is a much greater awareness to the dangers of ransomware with defence measures put in place by organizations, user education, and industry regulations and protocols. This will lead to a decline in the effectiveness of traditional ransomware attacks but, sadly, that does not mean that ransomware attacks in general will decline – this will just serve as motivation for attackers to up their game.
Looking at 2017’s NotPetya and WannaCry ransomware serves as proof that the authors of the new wave of ransomware are incredibly sophisticated cybercriminals. That said, there is still space for the cybercriminal noobs to hit the ransomware scene with the introduction of ransomware as a service (RaaS).
RaaS is a type of ransomware made with the user in mind, so that anyone, no matter the technical knowledge, can easily and quickly deploy ransomware to extort money from businesses, hospitals, schools, etc. Throughout the year, there has been a drastic rise in RaaS products available on the Darknet and we expect this to only incline.
Serverless Application Security
Development teams work to produce code faster and faster, yet it never seems to be fast enough. In recent years, serverless computing and applications have become the solution organizations need to help bridge the gap between rapid development and the current demand. By going Serverless, developers can focus on simply building great applications without having to deal with low-level infrastructure and managing operating systems.
Embraced by Lambda by Amazon and in cloud functions by Google and Microsoft Azure, the list of pros is a long one when it comes to Serverless apps and thus we are seeing a sharp rise in organizations leveraging the advantages of Serverless computing and applications. But this rise in popularity comes with brand new security concerns. What about Serverless application security? With no dedicated server, what is the security risk?
In a detailed blog post, blogger and engineer Mike Roberts explains that Serverless naturally has a greater surface for potential attacks. According to Roberts, “Each Serverless vendor that you use increases the number of different security implementations embraced by your ecosystem. This increases your surface area for malicious intent and the likelihood for a successful attack.” In addition, Roberts brings up that by using a BaaS database, you lose the securing barrier typically provided by a server-side application.
As Serverless revolutionizes how applications are operated, we predict to see much more of how this affects the cybersecurity world – and how the cybersecurity world affects Serverless apps. That said, as Serverless is the new cool kid on the block, we have a great opportunity to make sure that strong security practices and protocol are put into place from the start with how Serverless applications are built.
What feels like the most buzzed about term going into the new year, Blockchain will, without question, emerge as a technology aiming to revolutionize cybersecurity – and as a potential disruptor as well. Though a brand new technology, blockchain quickly rose to its fame thanks to its first successful implementation – Bitcoin.
But most of the world is still stuck on the big question – what is blockchain? Well, shortly put, blockchain is all about encryption. It “helps encrypt all the actions performed with a file or object into the code that is inherent in the file.” (source). The encryption can’t be altered or removed making files totally transparent, and this, along with the promises of secure messaging and preventing cyberattacks on websites with centralized servers, makes it very attractive to many industries across the globe.
As organizations shift towards implementing DevOps and CI/CD methodologies, developers face the growing need for quick development-to-production cycles without compromising on security or reliability. A way to bypass the speed vs quality problem is by using Microservices.
Simply put, Microservices break an application down to its many components, with each individual component treated as its own independently deployable service which communicates through a defined mechanism to supply a business goal.
In 2018, we predict to continue seeing the Microservices development method take over and for AST solutions to become a vital part of those using Microservices with independent and incremental scans, rapid and extensive SDLC coverage, and more. For more information on security testing and microservices, click here.
The Evolution of the Internet of Things
- Nano IoT
In recent years, the rapid advancement of IoT technology has paved way for smaller, more compact connected sensors in the nanometer scale – tiny enough to work within living bodies. Such innovation opens doors in the world of smart medicine, can be mixed into building materials and chemicals, and in general, can take the IoT world into a whole new magnitude in various sectors.
Scientists have created nanosensors from non-biological materials (such as carbon nanotubes) which act as sensors and signals acting as tiny wireless nanoantennas. Their tiny size allows them to collect information from many different points simultaneously, and connected external devices can generate detailed maps showing changes in light, electrical currents, magnetic fields, vibrations, and other environmental features.
It’s without question that the transition to nano IoT is in our future, but when it comes to the security and privacy of them, we are left with a big question mark. As we introduce nano IoT technology to our bodies and to the corners of our daily surroundings which we can not even see, we are entering a not-yet discovered cyber-frontier and the threats with it.
Whereas today, surveillance cameras, traffic lights, and even refrigerators are connected to the internet, nano IoT dives deeper and connects us even more to the details of these devices.
- Securing IoT and Its Data
One of the main benefits of using IoT devices in the first place is that IoT devices simplify our already very-digital lives. Furthermore, simplicity and ease of use are major selling points for IoT devices on the market, devices which are designed to be as effortless to use as possible and this greatly encourages customers from purchasing then using and engaging with the product. Unfortunately though, devices which are easy to use notoriously have weak or poorly implemented security features.
Looking to 2018, we predict a rise in security among IoT vendors and devices. And this will be a direct result of the looming GDPR.
Research shows that six in ten IoT devices don’t properly let customers know how their personal information is being collected and used. However, with how GDPR is shaping up the way data controllers use IoT, they must quickly ensure that they are able to identify and handle security breaches and data security in a way that complies with the GDPR’s requirements.
Generally speaking, looking towards 2018, it’s without question that cyber attacks will be bigger and the data breached will be as valuable as ever. However with new technologies and methodologies on our side, we hope to see organizations across the globe embrace them and use them to their advantage. Finally, as organizations prepare for whatever evil cybercriminals have in store for them in the upcoming year, we hope that organizations will continue putting emphasis on raising cybersecurity awareness. It all starts there.