Cybersecurity in 2018: Three predictions and one hope

Effective cybersecurity means keeping a close eye on the threats you currently face, and an even closer eye on the threats to come. As you consider your security strategy and investments for the coming year, here are three key trends that will define the threat landscape in 2018, and one hope for a more effective approach to protection.

 Risk will continue to shift from infrastructure to the application layer

As web apps have evolved from basic information and ecommerce functionality to full-fledged online services, their code and customer data have made them an increasingly appealing target for hackers. Not only are they accessible via the open Internet—they’re also woefully underprotected, with the application layer drawing only 3 percent of the typical security budget at a time when it accounts for 30 percent of successful breaches, according to Verizon.

While an incident of the magnitude of the Equifax breach can hardly be said to have a silver lining, at the very least it will make it harder for CIOs, CTOs, and CISOs to overlook its lesson: your security resources should reflect the threats you face. In 2018, that’s the application layer, not the legacy idea of a network perimeter.

 Containers and serverless computing will transform attack methodologies

As part of the larger trend toward application-layer risk, the increasing adoption of ephemeral infrastructure will have important implications for security. Traditional static infrastructure allows hackers to persist on a compromised host without fear that the host is going to disappear any time soon.

With the shift to containers and serverless, the infrastructure can be entirely refreshed rapidly, as often as every hour or even every few minutes. If the box you’re attacking is about to disappear, you’ll shift your attack to the app instead, since it’s not going anywhere.

As the concept of persistence transforms, hackers will adapt along with it: with the most common approach being to target the application instead of the infrastructure.

 Application attacks expand far beyond classic injection flaws

In the past, the main worry for web applications and APIs were the classic OWASP injection attacks such as SQL Injection, Cross-Site Scripting, Directory Traversal, and others. While these are still valid attack techniques that can be successful for attackers, more often than not, it’s easier for attackers to simply abuse the existing business logic of the applications.

Ask anyone defending an application or an API service and you’ll hear that the things that keep them up at night aren’t a random Cross-Site Scripting flaw, but rather a large scale account takeover attack, misuse of an API, or abusing business logic to disclose PII or perform financial fraud. Often the technical knowledge needed to perform these sort of attacks is far less than exploiting a more technical injection flaw, and as such, we’ll continue to see attackers shift their focus to these styles of attacks.

What we can hope for in 2018

While the trends above do represent changes in the threat landscape, many threats have remained unchanged – and unaddressed – for far too long. Even when a technical solution for a security issue is available, some combination of business or political factors within the organization can stand in the way of its implementation.

Now, with the broad move to DevOps and cloud, we face a generational opportunity to change the way we do security and get it right. Security groups should seize on the shift to new architectures and models as the perfect time to modernize and adapt their strategy. That means moving resources to match risk.

It’s my hope that we’ll see a significant shift in investment and focus from traditional network perimeter based security to defending where the risk for enterprises is today: the web layer of web applications and APIs, and phishing/attacks on the endpoint It’s an ambitious hope, but it could mean a more secure 2018 for us all. Let’s make it happen.