2020 Reflections and 2021 Predictions for Application Security
If we ask anyone about the top global stories of 2020, they will likely begin with the Covid-19 outbreak. For most businesses, the biggest earthquake was the forced adoption of new technologies and emergency rush to remote work.
This forced organizations to recheck and evolve their security practices, tools, and people faster than ever before. Although many businesses have invested in effective application security solutions, there are still some lagging behind. Each unaddressed vulnerability in an application adds to your organization’s risk exposure. This section talks about what has the security of the year 2020 taught us as well as the predictions for application security in 2021.
2020 Reflections in Application Security
The cyber pandemic was another top summary story for 2020 that include data breaches, ransomware, healthcare attacks, and many more. Most attacks had been delivered through email – witnessing mass spam campaigns, including covid themed campaigns. The report revealed by the FortiGuard Labs team backed the fact – the team saw a 131-percent increase in viruses, which came from the emails with malicious content attachments.
Some of the attacks fall under the DDoS category. The massive volume of remote work played a prominent role in the successful execution of these attacks.
A few App Security Reflections of 2020
1. Different Approaches to Application Security
Industries including retail and financial services took different approaches to application security, and they also scaled their app security investment in key areas like DAST (dynamic application security testing) and WAF (Web Application Firewalls).
These industries must require concentrating on tools, which enable security automation.
2. Accelerated Cloud Security
The distributed working environment proved the benefits of leveraging cloud technology, which facilitated rapid touchless deployments without the dependencies that conventional on-premise solutions brought. Some enterprises moved forward with choosing cloud security solutions while others focused only on cloud-first strategy.
As remote working becomes the norm, cloud application security becomes the growth enabler.
3. Hackers took advantage of COVID-19 Anxiety
Even during normal conditions, hackers target panic and vulnerabilities, hence it is no wonder that they benefit from the emotional distress and panic of COVID-19. Social engineering attacks remained the fastest way to attack a victim. Many of Covid themed phishing campaigns over the last year have targeted health insurance, hospitals, and medical equipment manufacturers. By sending malicious content that appears to be coming from WHO (World Health Organization) and CDC (Centers for Disease Control), attackers are aware that targets are more likely to click the message and download the attachments.
Businesses also spotted more dangerous ransomware attacks. While ransomware figured significantly in most security alerts, BEC (Business Email Compromise) also remained top in business threats across the world- according to the Kroll report.
Image source: Kroll
This proves that the persistent problem with security, irrespective of how many defensive measures you take, humans remain the weakest link and they can become a target for threat actors easily.
4. Botnet Activity
Threat actors are changing their strategies and adopting new media to exploit an attack. When the COVID outbreak was in full force, they immediately deployed phishing, malware, and other types of attacks encouraged by out-break, then they shifted to Botnet attack – ZeroAccess botnet was responsible for most of the security incident in Q2 of 2020.
Another spark for change was the remote work. Cybercriminals were shifted to comprise the penetrated networks. The outdated software, unpatched routers and poor security of home networks made them a perfect target. Exploits like Shellshock and DoublePulsar lead the pack.
The best mitigations for these issues are proper user training, maintaining up-to-date software, and implementing a security solution which can deal with threats stemming from both inside and outside of the network.
2021 Prediction for Application Security
While the exceptional changes and challenges impacted the information security industry, we all tried to keep standing on this uneven ground. Now here we are – 2021.
App security experts predict that 2021 will be more focused on re-imaging business workflow under this new normal condition. Cybersecurity will be crucial in this environment. You can use the following application security predictions to make an effective cybersecurity strategy, which can withstand disruption and unprecedented change.
1. Shifting to Cloud Security Strategy
One of the cyber security trends that will carry over into this new year. As the business gains more experience in cloud solutions and planning to enable the workforce to work remotely permanently, they must develop security policies in terms of cloud security. This will be the key to safeguard your data, apps, and other assets against cyber-attacks in the cloud environment.
2. Ransomware Will Remain the Biggest Threat
Ransomware is the biggest cybersecurity challenge and enterprises should be concerned about it. They must focus on security solutions, which help to eliminate the risks and they must plan for a proper incident response plan to make sure their businesses are resilient to this kind of high-risk attack.
3. Open source Attacks Will Accelerate
Targeting open source is an easy way to attack an organization and this trend will continue to accelerate in 2021. Of course, businesses understand the importance of securing their open-source components and implementing solutions to remove packages, which are vulnerable to attack. However, still there is a gap in understanding where hackers maliciously push infected code into open source packages. This is believed to be changed in 2021.
It is always best to use well-known and matured open-source components for your critical projects.
4. Vulnerable API Will Cause More Breaches
While understanding of API security has enhanced over the last year, we can still expect that API vulnerabilities will remain the top vector for hackers in 2021. Eliminating these vulnerabilities with few available easy solutions is a difficult task for developers. Adversaries, on the other hand, continue to advance their API-targeted exploits.
Organizations should increase their awareness of how these vulnerabilities are exploited and identify ways to secure API authorization processes.
5. Security as a Platform
With the increased use of cloud technology, consumer devices and remote workers, there are hundreds of entry points for hackers. Security must be applied at the perimeter, in the campus, data center, cloud, and anywhere else the organization might have people or assets. This need for security initiates the evolution in application security called a one-stop-shop for security platform.
Hence, there will be increased use of security platforms rather than disjointed security solutions to ensure top-notch security.
6. Increase in Multifactor Authentication Bypass
While multi-factor authentication (MFA) is widely considered as the best solution to protect enterprise systems’ access. However, attackers now are crafting mechanisms to bypass MFA. We can expect this trend to increase through 2021, especially with the more advanced adversaries.
7. Demand for More Automation in the Security Assessment
One efficient way to address the shortage of security talent is by automating major parts of their tasks like firewall admin, account administration, DLP investigations, vulnerability monitoring, and more. Currently, the business is implementing automation functionality by bolting on additional tools.
In 2021, we can expect that automation will become more of a standard inbuilt feature for security tools.
8. Covid-19 Consequences
Covid-19 will still be influencing our businesses and societies. Hopefully, this impact will reduce as the year progresses. However, we must be prepared for securing the next normal by responding to those changes. Attackers will continue targeting remote works and online learning activities. We can expect a double extortion increase in ransomware attacks. The botnet army will remain to expand. There will be increased chances for cyber warfare where the nation shall attack other nations.
The Closure
Unquestionably software vulnerabilities and application weaknesses continue to be the common attack method. Now, it is time to focus more on your application security measures. Speed of digitization is no longer just for productivity enhancement and business growth, but the speed at which digitization is embraced has become a must have for the very survival of the business. With this, the security risks are increased and hence it is an important business partner with the best to make it an integral part of their digitization initiative without compromising the speed of innovation
Indusface’s AppTrana, the fully managed risk-based protection is positioned to support enterprises address all these security trends as it monitors their security stance for 2021 and beyond.
Stay tuned for more relevant and interesting security updates. Follow Indusface on Facebook, Twitter, and LinkedIn