One Article Review
| Source |  Veracode |
|---|---|
| Identifiant | 3121889 |
| Date de publication | 2021-07-23 15:50:53 (vue: 2021-07-23 20:05:26) |
| Titre | What Will Cybersecurity Look Like Over the Next Five Years? |
| Texte | As a result of the Covid-19 pandemic, organizations in all industries ramped up their digital transformation efforts to make online operations easier for their employees and customers. But with more and more organizations online, the digital attack surface is growing at a record pace. The more applications with vulnerable code, the more opportunities for a cyberattack. In fact, our research found that 76 percent of applications have at least one security vulnerability. So how will this shape the future of cybersecurity, and software security? There are three key technology trends that we believe will impact cybersecurity, and software security, the most over the next several years. The first trend is ubiquitous connectivity. Think about how quickly the world – and everyone and everything in it – is becoming interconnected. Did you ever think you'd see a day where you can search the Internet from your refrigerator or turn on your television with a simple voice command? By the end of 2019, there were already 7.6 billion active IoT devices – and this number is expected to climb to 24.1 billion by 2030. And on top of the growing number of IoT devices, businesses are increasingly shifting their applications to the cloud. But IoT devices and cloud-connected software bring increased risk. According to the Verizon 2021 Data Breach Investigations Report (DBIR), web applications were the source of over 39 percent of breaches, which is double the amount in 2019. Executive vice president and CEO of Verizon Business, Tami Erwin, cites the pandemic and the sudden shift to the cloud as the cause of increased web application risk. Additionally, wireless and 5G add to the connectivity. Think of the number of people with smartphones checking their emails or shopping online without a firewall. These interfaces rely on APIs. But without the right security, APIs are a prime target for cybercriminals. These trends point to an increased focus on API security, zero-trust models, and a shared responsibility model where organizations focus on application security, while the cloud provider focuses on infrastructure and physical security. The second trend to keep an eye on is abstraction and componentization. Think about how fast companies release new software or technology. It feels like every time you turn around Apple has a new software update. But the speed of software deployments is no longer shocking … it's expected. Companies need to release software rapidly in order to be competitive. To move faster, many development teams are turning not only to the cloud but to microservices. With microservices, development teams can break down comprehensive applications into the smallest possible reusable blocks of logic in order to stitch them together into business processes or workflows. APIs are used to integrate the components, which drives an API-first development approach. In fact, in SmartBear's 2019 State of API Survey, 75 percent of respondents answered that adoption of microservice architecture will drive the biggest growth in API adoption in the next two years. Open source libraries are also used as a way to speed up development. In fact, our State of Software Security report found that 97 percent of the typical Java application is made up of open source libraries. And 46.6 percent of insecure open source libraries in applications are transitive, meaning the library is pulled in indirectly by another library in use. This means that the attack surface doesn't just include the open source libraries that your developer added, it also includes indirect libraries that your open source code is pulling. Going forward, we envision a trusted third-party review authority that manages all public APIs and third-party code in order to make software publishers accountable for independent audits. There's an awareness component here as well. Developers need to be aware of the risk in both the libraries they are pulling in directly and the transitive dependencies of those libraries. Finally, automation will play a big role. For inst |
| Notes | |
| Envoyé | Oui |
| Condensat | 2019 2021 2030 about abstraction according accountable active add added additional additionally adopted adoption all already also amount another answered api apis apple application applications approach architecture are around attack auditing audits authority auto automate automated automating automation aware awareness become becoming being believe biden big biggest billion blocks both breach breaches break bring bringing business businesses but calling can cause ceo chapter charge check checking cites climb cloud code code: comes command companies competitive compliance component componentization components comprehensive connected connectivity continue covid critical customers cyber cyberattack cybercriminals cybersecurity cybersecurity: data day dbir delivery dependencies deployments design developer developers development devices devops devsecops did digital directly doesn double down drive drives easier efforts emails employees end envision erwin eventually ever every everyone everything evolve executive existing expect expectations expected eye fact factor fast faster federal feels final finally firewall first five focus focuses forward found from future given goals going government growing growth has have here how hyperautomation identifying impact incidents include includes increased increasingly independent indirect indirectly industries infrastructure insecure insight instance integrate interact interconnected interfaces internet investigations iot java just keep key learning least less libraries library like logic longer look machine made major make manages many market mean meaning means measures microservice microservices model modeling models more most move moving need new next not number offer one online only open operational operations opportunities order organizations out over pace pandemic party people percent physical pipeline play point possible president prime processes provider public publishers pulled pulling quickly ramped rapidly recent record refrigerator regulating regulations release released rely remediation report research respondents responsibility result reusable review right risk role roles scans search second sector security see seeing serve several shape shared shift shifting shocking shopping simple smallest smartbear smartphones software source speed start state stitch sudden suppliers surface survey taking talked tami target tasks team teams technology television testing them there these they think third those threat three time together tools top toward transformation transitive transparency trend trends trust trusted turn turning two typical ubiquitous update use used vendors veratalk verizon vice voice vulnerabilities vulnerability vulnerable way web well what when where which will wireless without workflows world years you your zero “hypercompetitiveness” |
| Tags | Data Breach Threat |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.