3 top trends that will drive a new era of cybersecurity
The 21st century has been defined by a technological revolution as digital transformation sweeps across industries and businesses leaving no stone left unturned. Over the past decade, we have seen every organization come to rely on software for nearly every aspect of their respective business operations.
The world of today runs on software, and while the advent of this new paradigm has brought along new opportunities and advancements, an abundance of challenges, particularly involving software security, have also become apparent.
With global IT spending projected to reach a total of $3.74 trillion in 2019, it is clear that the pace of technological advancement and software proliferation is increasing every day. As a result, we can expect that 2020, the start of a new decade, will yield even more transformation as this trend continues. And there are few areas where the effects of these transformations will be more pronounced than cybersecurity.
As artificial intelligence (AI), machine learning and automation continue to increase in sophistication, we can expect the face of cybersecurity to evolve as well. This evolution is driven not only by how the technologies will alter security on a technical level, but also through the changes in understanding, approach, and philosophy that security teams will need to adopt in order to meet the demands of the future.
Having worked in cybersecurity for more than 20 years, I have witnessed and participated in many changes to the industry. Equipped with this expertise, I have outlined three key trends that will have a significant impact on the future of cybersecurity in 2020 and beyond.
In 2020, we’ll see an increasing number of cybercriminals use AI to scale their attacks. Not long ago, it took days or weeks for an adversary to carry out a single, basic whaling or spear-phishing attack. Today, we’re starting to see glimpses – which will only become more common – of AI being used in an array of attacks, whereby malicious actors use AI for social network recon, making their efforts substantially more targeted and effective.
AI will also open the door to mutating malware based on attackers using genetic algorithms that are capable of learning, therefore increasing their chances of success. What’s particularly concerning is that these mutations often bypass traditional anti-virus solutions by altering their signature or structure along the way, meaning the malicious payload is free to wreak havoc on systems.
Infrastructure as Code
Until recently, organizations’ security budgets primarily focused on protecting traditional IT infrastructure. Today, that infrastructure is now flexible, with organizations scaling up and down as needed thanks in-part to infrastructure as code. This shift has created immense benefits for IT teams, but in 2020, we can expect to see attackers abusing developers’ missteps in these flexible environments.
With the introduction of infrastructure as code, network and security architectures are being defined with software, which impacts traditional IT security spend. Infrastructure as code will lead to more dollars being allocated toward software and application security, which previously only accounted for a very minimal portion of IT security budgets, drastically shifting traditional security spend.
With organizations increasingly leveraging open source software in applications, next year, we’ll see an uptick in cybercriminals infiltrating open source projects. Expect to see attackers “contributing” to open source communities more frequently by injecting malicious payloads directly into open source packages, with the goal of developers mistakenly inputting this tainted code in their applications.
As we see this scenario unfold, there will be a growing need for processes like developer and open source contributor background checks. Currently, open source environments are based entirely on trust - organizations typically don’t vet developers’ past projects or reputations. However, as attackers take advantage of open source projects, this trust will begin to erode, forcing organizations to take proactive mitigation steps by thoroughly vetting the open source code within their applications, as well as those providing it.
The Road Ahead
Cybersecurity has reached new levels of prominence and awareness over the past decade. Leaders across industries are now realizing how integral security is to the success of any organization and taking the necessary steps to ensure that they are protected against what has become a rapidly evolving and diverse threat landscape. As a result, the industry is poised to continue to grow and evolve as we enter the new decade.
Maintaining a balanced and robust software security posture in shifting cybersecurity landscape will require business and IT leaders to keep a close pulse on the trends in the space. Staying ahead of increasingly sophisticated hackers, rather than trying to play catchup, will make all the difference in terms of staying secure.
By understanding the implications of the three coming changes I’ve outlined above, business leaders will be better equipped to face the cybersecurity and software risk challenges of the next decade.