The future of cyber security: What happened, what is expected?

Due to the Covid-19 pandemic, organizations in almost all industries have stepped up their digital transformation efforts to make online transactions easier for employees and customers. But the digital attack surface is growing at a record pace as organizations that conduct online transactions increase. In fact, research says that 76 percent of web applications have at least one vulnerability.

There are 3 key technology trends that are believed to impact cybersecurity in the next few years.

The first one is “ubiquitous connectivity”. We all know how quickly almost everyone and everything in the world has become interconnected. Which of our ancestors could have predicted that the day would come when we would turn on your coffee machine with a simple voice command? Not many, 50–60 years ago, these developments, which could be considered fantastic for the people at that time, have now become reality. At the end of 2019, the number of active IoT devices was around 7.6 billion, this number is expected to increase to 24.1 billion by 2030. Well, with these, businesses are also shifting their apps to the cloud.

However, IoT devices and cloud-based software also invite attack risks. According to Verizon 2021 DBIR, web apps are a 39% source of breaches, which is double the amount in 2019. The reason for this is the increased web application surface and the sudden transition to cloud-based operations due to the pandemic.

Wireless and 5G connectivity also contribute to the proliferation of attacks. Think of online shoppers, have smartphones and check their e-mail WITHOUT a firewall. The interfaces where all these operations are performed are based on APIs. When the right security steps don’t be followed, APIs become one of the most attractive targets for cybercriminals.

The second trend is “abstraction and componentization”. How fast do companies roll out new software and technologies, right? It’s almost like you’re seeing a new software update every time you look at your iPhone. But the speed of software deployments is no longer surprising or unexpected. The faster companies launch in competition with each other, the higher they move.

Many development teams are not using only cloud to move faster, they are also turning to microservices. Through microservices, development teams break up large applications into smaller, reusable logic blocks that are much easier to work on.

Open source libraries are also used to speed up development. According to the State Of Software Security report, 97% of Java applications are written with open source libraries. And 46 percent of unsafe open source libraries in applications are transitive, meaning that the library is indirectly linked to other open source libraries. This means that the attack surface is not only limited to the library your developer adds, but also includes other libraries that are implicitly pulled by your library.

In the future, it is envisaged that there will be a trusted third party review authority that manages all public APIs to make software publishers responsible for audits independent of controls. There is also an “awareness component” here. Developers need to be aware of the risk both in the libraries they use and in the libraries they indirectly touch.

Finally, we should mention the big role automation will play. For example, automating open source remediation in the future will be critical.

The latest trend we know will affect cybersecurity is “hyperautomation of software delivery”. As we mentioned in the abstraction and componentization trend, delivery speed is crucial when it comes to getting ahead of competitors in the market. Speed will become even more important in a few years and will teach businesses “hypercompetitiveness”.

It is something we look forward to in the future for businesses to automate as many processes as possible. Automating not only development processes, but also processes that interact with software delivery is in demand. Eventually, DevOps and pipeline automation will no longer be targets, they will be in the expectations list. And at the end of all these, everything that can be coded, will be coded. Security will be coded, compliance will be coded and infrastructure will be coded… This means that cyber security will become more and more automated every day. We will begin to see more and more organizations turning to DevSecOps. The security team will become less operational and take on more supervisory roles. Developers will be responsible for application security testing and automating scans for existing processes.

We know that vendors are turning to AI and machine learning for tasks like identifying design vulnerabilities, threat modeling and remediation, but this behavior will only increase in the coming years. We also expect more and more vendors to offer automatic fix for third-party code.

Finally, considering these three trends and the attack surface that has reached a more frightening size than before, we can observe an increase in cyber security regulations. Even government officials are now calling for increased security and more transparency against cyber incidents. We hope and expect the regulations to affect not only vendors interacting with the federal government, but also vendors serving the public.

For now, we can only predict the future of cyber security with such inferences. What time will show and teach us, we will see together.