top 6 technology trends that will affect software security in 2016

19
Top 6 Technology Trends That Will Affect Software Security In 2016 [email protected] @cigital

Upload: cigital

Post on 23-Jan-2018

426 views

Category:

Software


0 download

TRANSCRIPT

Page 1: Top 6 Technology Trends That Will Affect Software Security in 2016

Top 6 Technology Trends That Will

Affect Software Security In 2016

[email protected]

@cigital

Page 2: Top 6 Technology Trends That Will Affect Software Security in 2016

Since technology is intertwined into every

aspect of most people’s lives around the

world, the overall attack surface increases

tremendously year over year.

Page 3: Top 6 Technology Trends That Will Affect Software Security in 2016

With this continually increased risk, we

should place increased importance on

software security.

Page 4: Top 6 Technology Trends That Will Affect Software Security in 2016

What will define 2016 in terms of the

seemingly never-ending cat and mouse

game of software security?

Page 5: Top 6 Technology Trends That Will Affect Software Security in 2016

1. Everything is mobile

• We are in the era of smart devices.

• We use mobile devices extensively to

communicate, shop, and store sensitive

information.

• The storage of payment information on mobile devices

has long been a driving force for cyber criminals.

• As more and more people conduct financial transactions online,

the attack surface grows.

• We also have to worry about mobile malware.

• Apple and Google app stores have both been hit by mobile

malware.

Page 6: Top 6 Technology Trends That Will Affect Software Security in 2016

What can be done?

Because software security for mobile applications is a

growing trend, organizations should have their applications

assessed before releasing them internally and externally to

bolster their security.

Learn more about mobile application security testing.

Page 7: Top 6 Technology Trends That Will Affect Software Security in 2016

2. Smarter automobiles

• Machine learning is quickly becoming a core part of

autonomous technology, including cars.

• We have yet to see complete autonomy of cars, but we

can still expect to see attacks on automobiles in the

future.

• In 2015, we’ve already witnessed attacks on cars and planes.

Page 8: Top 6 Technology Trends That Will Affect Software Security in 2016

What can be done?

To prevent these attacks from taking place, manufacturers

are diligently integrating software security into their

vehicles.

They are recognizing that any automobile part connected to

a network needs to be protected.

Page 9: Top 6 Technology Trends That Will Affect Software Security in 2016

3. Virtualization and cloud environments

• Virtualization is a major part of cloud environments. It

helps a cloud environment provide software, data, or any

computing resources efficiently, and comes in the form of

a software-defined network.

• At a basic level, virtualization partitions a physical layer

(say a server) into different virtual layers (virtual

machines).

• Each layer has to be secured.

• In 2015, with the advancement of virtualization within

cloud environments, we are seeing an increase

in software security defects being reported.

Page 10: Top 6 Technology Trends That Will Affect Software Security in 2016

What can be done?

Organizations are heavily dependent

on virtualization for core functions

because it provides easier deployment

and management, improved disaster

recovery, and reduction in hardware

costs.

Delivering proper security mechanisms for virtualization

and cloud-based functions will be a big trend next year.

Page 11: Top 6 Technology Trends That Will Affect Software Security in 2016

4. Zero-day vulnerabilities

• A zero-day vulnerability is a software security flaw that is not known or not disclosed to the vendor.

• With a zero-day exploit, an attacker could cause serious damage (ranging from planting malware to gaining unauthorized system access).

• With the development of sophisticated tools to detect attacks, attackers are forced to evolve their skillset and tools to sneak through the advanced detection. • Attackers are continually working to find exploits for different

components.

• Infrastructures are building components that are interconnected. This increases the attack-surface and gives attackers more room to exploit.

Page 12: Top 6 Technology Trends That Will Affect Software Security in 2016

What can be done?

Of course we cannot predict what is going to be hit, and

that is why software security needs to be taken seriously

from the very beginning of the SDLC.

Page 13: Top 6 Technology Trends That Will Affect Software Security in 2016

5. Wearable, smart tech, and Internet of Things

• Internet of Things (IoT) is emerging

at a rapid rate.

• We have more devices embedded with

network connectivity that are collecting

and exchanging data.

• Wearable devices, including medical devices, are

vulnerable to being hacked.

• We saw quite a few cases related to ransomware in 2015.

• The trend is sure to continue in 2016 as we connect

more wearable and smart gadgets to the Internet.

Page 14: Top 6 Technology Trends That Will Affect Software Security in 2016

What can be done?

We need to perform rigorous security tests before making

such devices available to the public.

Download the BSIMM6 to see common security activities

currently undertaken in the healthcare industry.

Page 15: Top 6 Technology Trends That Will Affect Software Security in 2016

6. Internal security training

• Organizations are becoming more aware of the overall

security problem.

• There is an increase in the demand for software

developer security training so that they’re able to build

secure software from the beginning.

• This trend will grow exponentially in 2016 as more

organizations identify the need for security training.

Page 16: Top 6 Technology Trends That Will Affect Software Security in 2016

What can be done?

Training sessions are helpful to establish a “secure

development” mindset among developers who don’t

currently care about security unless their system is

compromised.

Page 17: Top 6 Technology Trends That Will Affect Software Security in 2016

With new technology coming into our homes and

our lives every day, it’s important that we stay

focused on building secure software for these

devices.

We may not know how attackers could leverage

these devices until it’s too late.

But, adopting software security measures will

make the exploitation task for attackers much

harder.

Page 18: Top 6 Technology Trends That Will Affect Software Security in 2016

The bottom line

• Security will buy us more time.

• In that extra time, we can move the focus to better

hardening of software.

• Securing software is not a one-time task. It is continually

evolving as the technology around us evolves.

Page 19: Top 6 Technology Trends That Will Affect Software Security in 2016

As 2016 gets underway, let’s tighten our

security measures to create a safer, smarter

year than the bad guys.

How proactive is your organization’s

software security initiative?