2019 application security trends and predictions
Cybersecurity is a constantly growing and developing field. The intensity and potential risk of malicious online activity and breach attempts to expose sensitive data keeps cybersecurity experts on perpetual alert.
The results can be mixed. Not everything works as well as it should. Fortunately, no one is letting that slide. For every negative trend, there is a positive one and, overall, we’re staying ahead of the rising tide of cyberattacks and improving application security every day.
Good: Mobile devices may not be as vulnerable as once thought
While it’s still good practice for businesses and employees to treat mobile device security as a priority, some of the vulnerabilities often attributed to mobile devices may not lead to major breaches. The general conclusion is that so long as simple and standard precautions are taken when using mobile devices (such as sensible password authentication and caution around public Wi-Fi), the threat of serious cyberattacks via mobile devices is fairly rare.
Software developers are keenly aware of how security holes in their product can erode public confidence, so they’re incentivized to make sure their applications cover as many potential security gaps as possible.
Bad: Internet of Things (IoT) devices are often at risk
Whether it’s remote lighting, climate controls or appliances that manage your entertainment, devices working on the Internet of Things trend remain vulnerable because of web interface applications and administrative panels. In some cases, it’s an issue of old or obsolete software. In others, it’s the hard-wired and unmodifiable control credentials.
People are finding that it is difficult or even impossible to update these servers with new security protocols such as improved encryption or other security measures. The vulnerabilities that lie in many IoT devices will continue to present potential liabilities.
Good: Bug hunts root out problems before they happen
Many companies are now offering bounties for bugs and other security flaws in their system and software packages. By enticing ethical hackers around the world with prize money for every security hole found or bug discovered, companies can take advantage of outsider perspectives and approaches to online security.
Companies from Netflix to Microsoft, and even entities such as the US Pentagon, have had great success with these bounty programs, where cyber bounty hunters can earn up to $250,000 in some cases.
While the seemingly endless volume of bugs to hunt can be discouraging, it is encouraging that so many companies are taking the threat seriously and attempting outside-the-box approaches to improving security.
Bad: The greatest vulnerability in DevSecOps strategies turns out to be humans
It’s a wonderful idea on paper that security should be part of an application or tech development strategy from the very beginning. Where security was once the purview of one specific team within the larger project, DevSecOps made security everyone’s business and concern.
Unfortunately, approximately two-thirds of companies employing DevSecOps strategies still discovered vulnerabilities traced back to human error. The larger the organization or project, the more difficult it was to control security issues as shifting decisions and policies changed more quickly than internal processes allowed.
Good: Tougher regulations will lead to better responses to security breaches
Regulations applied in the European Union and similar legislation under review in various US states are demanding greater compliance in protecting customer data and greater security against cyberattacks.
Just as the heavy fines for HIPAA non-compliance violations have led to greater security measures in the healthcare sector, now more demanding regulations for corporate protection against cyberattack are expected to lead to better protections and improved responses from breached businesses.
Bad: Web server security isn’t where we want it to be yet
Barely 3% of global web servers fully implement enough security to protect against the full range of cyberattacks. Some of the problems come from insecure direct object references and faulty server configuration. Other problems stem from bad authentication processes and cross-site scripting (XSS) vulnerabilities.
As businesses deal with more cyberthreats, the need to bolster web server security becomes essential in protecting customer data and confidence.
Good: AI is supporting and replacing manual fraud monitoring tasks
We don’t want to wrap up our list on a negative note. So it’s encouraging to see that developments in artificial intelligence (AI) are being used to help bolster and even replace manual fraud monitoring. The amount of online fraud can be overwhelming, and human error is a factor we can’t ignore. With assistance from AI technology, fraud monitoring can become more efficient and effective – reducing the overall number of instances of fraud committed.
The future of cybersecurity
Overall, the good news is that the cybersecurity community is working hard to stay a step ahead and maintain your confidence in their ability to protect your sensitive data from malicious intent.