Software Security Predictions: What To Watch In 2019Algoworks
In 2018 Newspapers were full of daily cyber-attacks, Data theft, Account hackings, and online payment frauds. Even big names like Facebook, Quora, TicketMaster, and PumpUp could not save their data. Now when the New Year has started, let’s see what happens in 2019.
It’s that time of the year when everyone is talking about predictions, trends, and forecasts while trying to guess what’s going to happen in the next 12 month. So what are they saying about cyber security threats?
Some of them are obvious, like more data loss, consumer outrage, consumer apathy, and technology breaches.
So let’s not go there and talk about common security threats, let’s talk about software security trends in the top software categories.
1. Interactive Application Security Testing
“Automated, integrated dynamic testing will gain momentum as more companies recognize and prioritize mobile appsec.” — Brian Lawrence, NowSecure Solutions Engineering Manager.
Interactive Application Security Testing is going to grow rapidly in 2019 and it’s not just a mere guess. By the rate DevOps and other automated software methodologies are becoming popular; enterprises are surely going to need better ways of security testing. IAST helps to detect a certain type of security issues by applying a software agent to add instrumentation to the code and then applying test cases to attempt to force failures.
According to Nir Valtman, the head of application security, business-technology maker, NCR, - “IAST makes it possible to bake more security into the software development process. One important aspect of the technology: It only flags vulnerabilities that have an impact on the system. If you try to integrate security scanning that is part of the continuous integration process, and there are too many false positives, then you are blocking the engineering team.”
2. Artificial Intelligence and Machine Learning
Artificial Intelligence and Machine Learning is not a dream anymore, they are now the face of technology future, and machine learning can be proved magically beneficial in the cyber security domain. A well-known online payment medium PayPal is already using Machine Learning to detect frauds, the company uses machine learning tools to scan millions of money transaction to fight against money laundering.
For another example - According to Kaspersky Lab, every day they detected 325,000 new malware files. And Deep Instinct an institutional intelligence company claims that every new malware file tends to have 90-98% same code as the previous malware. Machine learning software can easily scan these files and predict which file is malware.
When there is a positive side of these technologies, so follows the negative side too. Hackers will use Artificial intelligence and Machine Learning more frequently to create security threats.
We saw a great hike in DevOps adoption recently. DevOps travelled the journey from being a buzzword to becoming the top trend quite fast. Integrating DevOps has become essential for every enterprise wishing for development automation. With increasing demand, security risks were going high too. Then DevSecOps came into the picture. DevSecOps is basically integrated security option with DevOps. Companies will now accept DevOps with open hands without the fear of security issues. DevOps development will be a huge success in 2019.
According to Mark Curphey, VP of Strategy, Veracode
Analysis of Veracode scan data this year has revealed the most active DevSecOps programs fix flaws more than 11.5 times faster than the typical organization, due to ongoing security checks during continuous delivery of software builds from increased scanning.
DevOps Development will be a huge success in 2019.
4. Internet of Things
2018 can be contributed to tech-modification; we opened our doors for voice assistants, came a bit closer to self-driven cars and need not remind of smart-watches and fitness gadgets.
According to IT Pro, in 2018, around 3.6 billion devices that are connected to the Internet are used for daily tasks.
WWW may be called the World Wide Web but the Internet of Things has truly connected the world together. Can you imagine the power of IoT when every smart device is interconnected? This power reminds me of some sci-fi movies where machines attack humans. Don’t panic, that day is far away. Machines attacking humans is not the only fear we have for the Internet of Things. IoT enabled devices are open playgrounds for hackers.
We wish to see growth in IoT security more than IoT enabled devices.
Mikko Hypponen, chief research officer for F-Secure, says- “In the future, devices without IoT capabilities may be more expensive because they'll lack data that can be harvested by manufacturers.”
Other Software security trends to follow in 2019 are- Increase in open source analysis, Micro services Delivery with evolving API Security, and security issues around cloud adoption.