2018 is right around the corner, and with the changing of the calendar people naturally gravitate to looking ahead and thinking about everything that will happen in 2018. Security is no different and we often are asked, what’s going to happen in 2018?
Last year on December 13th, 2016, I posted up my prediction. Here’s a little quote that I think summed it all up. “Nothing will change. Companies will continue to get breached because of simple vulnerabilities.” Unfortunately, my prediction was correct, but that’s no surprise. I could have made that prediction every year for the past decade and I would have been correct. In 2017, we saw some of the biggest breaches to date. The Equifax breach, which affected hundreds of millions of Americans, contained some of the most sensitive information we have. In 2018, we’ll continue to see breaches occur at a massive scale. So why is that?
Put simply, organizations on the whole still aren’t investing enough time and energy into security; certainly, not as much as they need to. The web application layer is the single highest point of entry when it comes to breaches, yet we continue to focus more on firewalls and antivirus software. In addition, to keep up with consumer demand, we also want to release code as fast as we can. The faster we release code, the faster we release vulnerabilities as well, which means attackers have ample opportunities to pull off a big breach.
But there is light on the horizon! My prediction (besides the bleak, “we’ll continue to get breached” one) is that more and more companies will start adopting the DevSecOps process and bring the Development, Security and Operations teams together. We’ve seen this work with companies and we know it reduces both the number of vulnerabilities introduced, and also the time to fix those vulnerabilities. By making one team with the mission of fast, secure, and stable code we ensure that these teams no longer have competing priorities which hinder secure releases. I predict we’ll see many more cutting-edge companies go this direction, with the slower moving organizations to follow in the coming years.