As we approach the end of 2021, all of us at K2 Cyber Security want to wish you and your families the best holiday season and new year, especially after the almost two years of living with the COVID-19 pandemic. This last year was especially challenging as we finally developed a vaccine and thought things were getting back to normal, only to have repeated lockdowns and restrictions on travel. On the IT front, organizations that were forced to accelerate their digital transformation in 2020, found they had to continue to rely on their cloud infrastructure as many of their employees continued to adapt and move to a hybrid work model. Many organizations found that the cyber criminals were working from home as diligently as they expected of their own employees. All types of cyber attacks increased during the pandemic.
With that backdrop, as we approach the end of 2021, we’d like to present our predictions for 2022 for the application security community. It would be easy to just predict that cyber attacks will continue to increase, that we’ll find more vulnerabilities in production code (after four record years and probably a fifth), and that ransomware will exact a record-setting payment from an organization in the coming year. Instead, we’ll focus on three predictions that are probably a little less likely, but ones we may still actually see come to pass in the coming year.
Prediction #1: Even as attacks get more sophisticated, some of the worst breaches in 2022 are going to come from simpler, well-known vulnerability attack vectors.
We’ve seen well-known vulnerabilities continue to be exploited by attacks. It’s why in the most recent 2021 revision of the OWASP Top 10 Web Application Risks, common vulnerabilities like SQL Injection, Remote Code Execution, and Cross Site Scripting continue to be part of the list (even if they’ve been lumped into broader categories). It’s the simple vulnerabilities that seem to continue to persist in code writing, and why organizations need to focus both on improving DevSecOps and runtime application security.
Prediction #2: With the rise of popularity of cryptocurrency, the major breach of 2022 will not be of data, but instead involve the loss of cryptocurrency.
With the rise of the popularity of cryptocurrency we’ve seen a number of new trading platforms launched, and the associated applications developed and released to support trading of cryptocurrency, payment by cryptocurrency, and savings accounts for cryptocurrency. This rush to cash in on the fad of cryptocurrency almost guarantees that some corners were cut in application development, meaning there are bound to be some vulnerabilities out there waiting to be exploited. We’ll be bold and predict that one of these applications will get exploited, leading to a major loss of cryptocurrency.
Prediction #3: We’ve seen the move to shift left, in the coming year we’ll see a move to shift right, where there will be an increased spend in securing applications running in production.
Many organizations rushed to “shift left” as that phrase gained popularity, moving security testing and secure coding earlier into application development. Even as money poured into these areas, it was obvious that the focus on security for applications running in production seemed to wane in the past couple of years. As attacks continue to increase, we predict that we’ll see an increase in spend on application security for applications running in production, essentially a shift back to the right.
Looking Forward to 2022
To sum up our predictions, 2022 will be the year that security comes back into focus (since some companies previously switched their IT personnel from security to enabling work-from-home) as a priority for organizations. Protecting the attack surface will regain attention, as attacks continue to increase. With the increase in attacks, the continued need for a hybrid worker, and the ongoing digital transformation of organizations around the world, application security will become a key focus in the coming year.