Regardless of the state of digital transformation at an organisation, cybersecurity must always remain a corporate priority. But adding to the complexity of the ever-widening attack surface is the increasing reliance on cloud computing and the Internet of Things (IoT), and the associated impact both these have on DevOps.
With the annual costs associated with cyberattacks expected to reach more than $6 trillion by 2021, it is one of the most significant challenges facing decision-makers. Safeguarding data is not only a compliance concern but a financial one as well. If this most valuable business asset is compromised, significant fines, the loss of shareholder trust, and brand damage can combine to see less resilient businesses being forced to shut down.
As reliance on data increases, so too will the attacks. Threat actors are using more innovative ways of trying to compromise data with the ultimate payload being infecting the business with ransomware. And without access to its data, most companies are ‘dead in the water’. This results in many choosing to pay and hoping that will be the end of their worries. Unfortunately, this only opens the business up to further attacks.
Evolving threat landscape
Beyond these more traditional corporate attacks, next year will see more threats emerging targeting online banking services. Fraudsters in West Africa will intensify their scam campaigns and become more nuanced around social engineering and phishing attacks to compromise financial credentials.
Unfortunately, relying on updating security patches alone will no longer be good enough. In the rush to keep the increasing number of digital holes plugged, patches are being rushed out compromising their quality. It will also inevitably lead to patch gaps occurring that will cause significant weak points in the organisational defences. Yes, patches must be implemented but they are no longer the only cybersecurity measures an organisation must implement.
Next year, crime-as-a-service will become commonplace. This sees blockchain environments used to pay cybercriminals in underground markets providing them with an easy (and ironically enough more secure way) to monetise cybercrime. It also means companies can more easily commit corporate espionage and even governments can target foreign entities to compromise their infrastructure by simply paying top dollar to the best hackers in the market.
Protecting things
The growth of IoT and the increasing availability of connected devices to the corporate back-end will present a significant threat to corporates in the year to come. Coupled with this is the start of the 5G rollout which will start happening in 2020 creating new risks that will challenge how IoT security is approached.
Given the newness of 5G technology, several vulnerabilities are likely to be introduced that can be exploited. But despite this, many IoT attacks will still likely take advantage of older, more rudimentary weaknesses in default passwords and setups as well as communication protocol technology that is not effectively safeguarded.
Developing for security
As IoT, 5G, and cloud continue to drive business to a digitally connected world, the way DevOps approach security must change. The pressure to move to a cloud environment is raising concerns around the security of its different layers. For example, vulnerabilities in container runtimes, orchestrators, and build environments must now become a focal point while not neglecting the data access points into the organisation.
Furthermore, misconfigurations when it comes to cloud storage can have the unintended consequences of compromising security. This will become even more prevalent as more multi-national data centres open in the country and businesses flock to the cloud.
All told, the rapidly evolving cybersecurity environment means larger investments must be made to protect company data and systems. User education will be vital to ensure data protection policies remain top of mind.