As we approach the end of 2021, all of us at K2 Cyber Security wish you and your families the best holidays and the best year, especially after the almost two years of living with the pandemic of COVID-19. This past year has been particularly difficult as we eventually developed a vaccine and thought things were getting back to normal, only to have repeated blockages and travel restrictions. On the IT side, organizations that were forced to accelerate their digital transformation in 2020 found that they needed to continue to rely on their cloud infrastructure as many of their employees continued to adapt and transition to a hybrid working model. Many organizations have found that cybercriminals work from home as diligently as they expect from their own employees. All types of cyber attacks have increased during the pandemic.
In this context, as the end of 2021 approaches, we would like to present our 2022 forecast for the application security community. It would be easy to simply predict that cyber attacks will continue to increase, that we will find more vulnerabilities in production code (after four record years and probably a fifth), and that ransomware will demand a record payment from an organization in the process. coming year. Instead, we’ll focus on three predictions that are probably a little less likely, but the ones we might still see come true over the coming year.
Prediction # 1: Even as attacks get more sophisticated, some of the worst breaches in 2022 will come from simpler, well-known vulnerability attack vectors.
We have seen that well-known vulnerabilities continue to be exploited by attacks. This is why in the latest 2021 revision of the OWASP Web Application Risk Top 10, common vulnerabilities such as SQL injection, remote code execution, and cross-site scripting continue to be part of the problem. list (even if they have been grouped into larger categories). . It’s the simple vulnerabilities that seem to linger in writing code, and that’s why organizations need to focus on both improving DevSecOps and securing runtime applications.
Prediction # 2: With the rise in popularity of cryptocurrency, the major breach of 2022 will not be about data, but will instead involve the loss of the cryptocurrency.
With the rise in popularity of cryptocurrency, we have seen a number of new trading platforms launched and related applications developed and released to support cryptocurrency trading, cryptocurrency payment and accounts. savings for cryptocurrency. This rush to take advantage of the cryptocurrency fad almost guarantees that some corners have been cut in app development, meaning there are bound to be vulnerabilities waiting to be exploited. We will be bold and predict that one of these apps will be exploited, resulting in a major loss of cryptocurrency.
Prediction # 3: We have seen movement to the left, over the coming year we will see movement to the right, where there will be an increase in spending to secure applications running in production.
Many organizations rushed to “veer to the left” as the phrase grew in popularity, shifting security testing and secure coding earlier into application development. Even as money poured into these areas, it was evident that the focus on the security of applications running in production seemed to wane over the past couple of years. As attacks continue to increase, we expect spending on application security to increase for applications running in production, essentially a shift to the right.
To sum up our forecast, 2022 will be the year security returns to the forefront (as some companies have previously shifted their IT staff from home work security) as a top priority for organizations. Protecting the attack surface will regain attention as attacks continue to increase. With the increase in attacks, the continued need for a hybrid worker, and the on-going digital transformation of organizations around the world, application security will become a key focus over the coming year.
To learn more about how to secure your organization’s apps for the coming year, request a demo or contact us for a meeting