5 predictions to help you focus your web app security resources in 2022
This is the year business leaders will learn just how innovative online criminals have become, and it’ll take rethinking how we perceive account security to fight it, says PerimeterX CTO Ido Safruti.
The past year in web app cybersecurity was anything but calm, and if predictions on the coming year from PerimeterX CTO Ido Safruti are accurate, it’s going to be another year of struggles to protect web apps.
Safruti predicts a 2022 in which custom-tailored malware, bot attacks and post-login fraud spike, causing leaders to finally confront the reality of online fraud: It varies greatly, is becoming more selective in its targets and is present everywhere from before login to well after a username and password are entered. “Because of this, we believe 2022 will be the year of comprehensive account protection,” Safruti said.
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
By “comprehensive account protection,” Safruti means security that goes beyond old-fashioned perimeter or castle-and-moat identity verification. “It means approaching security from a perspective of the user’s account integrity and providing multiple tiers of protection throughout the application journey and the account lifecycle,” Safruti said. Think zero trust and other forms of identity verification that track behavior and log actions to look for suspicious behavior.
In case you’re curious as to whether or not these predictions are reliable, Safruti points to his report card for last year’s predictions. Three of the five, that cybercrime communities would get stronger, GraphQL would become a security risk and that flash sales would be dominated by bots, were scored as correct. DevSecOps going mainstream was rated as “hard to call,” and the idea that buy-online-pickup-in-store would be a large new type of fraud was labeled false.
Expect supply chain attack prevention to become more important
Nobelium, the group behind the SolarWinds attack, has already resurfaced to attack additional targets using similar methods, themselves supply chain attacks leveraging weaknesses in third-party software. Combined with ever-tightening data protection regulations, Safruti predicts a year in which businesses start to treat weaknesses in down-chain suppliers as a serious liability issue instead of just a cost of doing business.
“92% of website decision makers lack complete visibility into their software supply chains. Getting this visibility will be a top priority for companies aiming to prevent a major data breach and avoid massive regulatory fines in 2022 and beyond,” Safruti said.
Custom malware will hit more than 50% of the 100 largest marketplaces