Industry executives and experts share their predictions for 2020. Read them in this 12th annual VMblog.com series exclusive.
By Matthew Rose, Global Director of
Application Security Strategy, Checkmarx
Software is Everywhere. Security Concerns Are Too.
2019 proved to be a hectic year in
the cybersecurity landscape. With over 3,800 data breaches occurring in the first six months alone, (exposing over 4.1 billion
records,) and more than 12,100 new vulnerabilities discovered in commercial and open source software, this year has
certainly been one for the memory books.
With all signs pointing to 2020
being equally active, I gave thought to what we can expect to see next year in
terms of emerging threats, shifts in software development processes, and more.
These predictions were all derived through observed trends, professional
insight, and intimate knowledge of our industry.
Microservices
In 2020, we'll see the proliferation
of microservices in software architecture with development teams placing an
equal emphasis on speed and security. The utilization of these small code
blocks is becoming essential to maintaining agility in the CI/CD pipeline, and
a modernized, secure microservices approach will become the new normal for
software development next year and beyond.
Software Scanning Automation
One of the greatest challenges
currently facing security and development teams revolves around
security-related data overload, which hinders software delivery speeds and
security integrity. Application security testing tools that leverage automation
to produce high-quality results will continue to evolve in 2020, helping
organizations shift to a true DevSecOps model by automating vulnerability
detection and triage, thereby reducing software time-to-market overall.
In order to understand their threat
landscape better, and what should be automated in their SDLC, next year,
organizations must stop solely looking at the top industry threats to shape
their defense strategies, and instead look at the top threats relevant to their
own infrastructures and business models. Automated security tools will support
this effort, streamlining triage processes and helping teams focus on their
most pressing vulnerabilities first.
Election Security
Voting infrastructure is no longer a
physical crank arm and corresponding button. The vast majority of voting and
vote-counting now takes place on machines, which run on commercial and open
source software, essentially making them just as vulnerable as any other
browser-enabled, network-connected resource.
I expect attackers that are looking
to interfere with the 2020 elections to find ways to manipulate the data going
into or coming out of these machines. With this, common techniques such as SQL
injection can be expected to appear, where adversaries will attempt to
manipulate a query string and augment - or even outright delete - voting data.
The effects of such hacks are clear, as voting data could be skewed, or worse,
votes could be erased entirely.
##
About the Author
Matt has over 18 years of
software development, sales engineering management and consulting experience.
During this time, Matt has helped some of the largest organizations in the
world in a variety of industries, regions, and technical environments implement
secure software development life cycles utilizing static analysis. Matt's
extensive background in application security, object-oriented programming,
multi-tier architecture design/implementation, and internet/intranet
development has been key to many speaking engagements for organizations like
OWASP, ISSA, and ISACA.