Industry executives and experts share their predictions for 2018. Read them in this 10th annual VMblog.com series exclusive.
Contributed by Guy Peer, VP of R&D and co-founder of Dyadic Security
How Public Privacy Will Highlight a Need for Security in App Development
This past year has been plagued by data breaches and scams that stole the headlines - Equifax, Uber and PayPal, for example. Although 2018 will see its fair share of breaches, the most newsworthy stories will be the security concerns that touch the daily lives of the general public. Privacy legislation and IoT devices topped the charts in 2017 and will continue to do so in 2018 making it even more important to readdress how we deal with security from the start.
IoT Security will be more problematic
The IoT market has boomed in recent years and will keep growing at a rapid pace - in fact, it is projected to exceed $1.4 trillion by 2021. With this continuous spread of smart devices including watches, cars, refrigerators and home security systems, IoT devices will be a prime target for cyberattacks in 2018. However, the attack surface has grown so large that it is nearly impossible to protect and cybercriminals are finding new and unsuspected ways to use the IoT against itself - from self-attacking devices, to devices that target other resources (such as DDoS attacks), to devices that maliciously collect and reveal data from cloud data centers.
As the IoT industry develops, there is an inherent vulnerability that comes with this emerging technology. In this case, it's putting the general public's homes at risk by opening our most personal information up to cybercriminals.
In 2018, we'll see major breaches continue to affect large numbers of 'non-technical' people and with that, companies will have to take it upon themselves to explain to the general public why and how it impacted their privacy. We're already seeing this issue come to light through the GDPR regulations in the EU - requiring companies to comply with rigorous security standards to protect the general public. The larger realization of security breaches has moved beyond the enterprise into an emotional state for the average joe - which will be addressed in 2018.
Privacy legislation will be the next mega-breach
In 2017 the US Senate introduced a law that would criminalize failures to report data breaches, highlighting a trend towards stringent privacy legislation that is tailored to the digital age. The public outcry around security will force the US congress and the tech industry to face the issue head-on. Next year, new US laws will be implemented that help protect the privacy of the general public and their devices - reflecting the global trend we're already seeing in Europe with GDPR.
The polarization of this legal dispute will also create high levels of tension between the political and tech spheres. For example, we're likely to see far more outrage around the rights of protection agencies to access phone records during investigations. With conflicting perspectives on how to create a secure society, industry leaders will need to find common ground to regulate digital privacy.
The year of developer support
However, with these issues in mind forecasted for 2018, developers, who typically get the brunt of the breach backlash, will finally be given the support they need. We should not expect the developer to be a security expert, nor should we slow down the development process to allow review and inspection. Instead in 2018, tools will be created that allow developers to work efficiently without jeopardizing application security.
For example, companies need to focus on changes in the infrastructure, security operations, underline development tools, etc., which will minimize the risk of damaging application security - allowing better application security without changing the development process or slowing down time to market. Signs of this approach can already be seen in the cloud native security area, which is becoming increasingly prevalent.
The numerous security breaches in 2017 intensified the general public's stance on cybersecurity. Companies and politicians must not only handle these issues with emotional awareness and empathy, but take real steps to address the concerns. Supporting app developers, for example, will help create a landscape that is better prepared to defend against emotionally taxing breaches.
##
About the Author
Guy is the VP of R&D and co-founder of Dyadic Security. He has 20
years of experience in a variety of technologies and areas and
management of development groups. For the last ten years he has been
focused on security.