How software company security priorities are changing
The cyberthreat landscape continues to change along with technological advancements. Industry thought leaders expect to see changes in software companies’ approach to security and the defenses they put in place to protect their businesses and their users. Here are five of developers’ cybersecurity priorities for 2023 and predictions for how software companies will adapt their processes to address them.
APIs
“Expect developers to take a more active role in ensuring API security in 2023. Devs continue to shift away from REST APIs to GraphQL APIs, drawn by the opportunities to build faster and more stable applications that directly control their own data. But teams adopting GraphQL increasingly recognize the error of leaving security as an afterthought in their rush to harness its benefits — with many, unfortunately, learning the hard way. Developers will shore up GraphQL API security in 2023, implementing security strategies that can achieve holistic protection with tight access controls.” Shahar Binyamin, CEO and co-founder, Inigo.
Containers
“Security will be a big issue in 2023 as more and more organizations move to containers and Kubernetes. We’ll see an increased emphasis on verification and supply chain security — making sure that the code running in production is the code developers committed. There’s already been innovation in that space, but the need will grow as both developers and C-suite focus more on protecting their products and customers.” Fernando Freire, principal engineer and engineering manager, Armory
Open source
“Last summer’s Logj4 vulnerability, which may have impacted one in ten companies, was a wake-up call for companies. Call it a ‘silver lining’ effect, but I believe Logj4 will lead to more secure open-source innovation in 2023 by encouraging businesses to support open-source software monetarily by hiring experienced developers to perform vulnerability checks and for better software integration. There will also be actions on a federal level, such as the requirement to establish software bills of materials (SBOMs) to ensure more secure software projects going forward, which will benefit companies using, and committed to, open source, and confirms its rightful place in the future of web development.” Joey Sanford, VP of privacy & security, Platform.sh
Right-sized ransomware protection
“2023 will see more businesses recognize that their security strategies over-prioritize ransomware risks and shift to more balanced security profiles. While having systems and data held hostage by ransomware is undoubtedly frightening, any cool-headed assessment finds that wide-ranging and common threats—from poor employee security hygiene to lost devices to weak encryption and access controls—are equally as dangerous. To impose more balanced and comprehensive security, organizations will pursue automated threat detection and response capabilities, backed by zero trust policies, in the coming year. They’ll increasingly harness fine-grained controls to prepare automatic real-time responses to risk criteria, such as failed login attempts or devices leaving authorized geolocations.” Cam Roberson, VP, Beachhead Solutions
Cyberinsurance
“Cybersecurity awareness has its benefits and drawbacks. One of those drawbacks is higher premiums for cyberinsurance. In Q1 2022 alone, premiums for cyberinsurance rose nearly 28 percent compared with Q4 2021. This is largely due to heightened awareness of the financial and reputational risks of cyber incidents such as ransomware attacks, data breaches, vulnerability exploitation, and more.
On the flip side, we will likely also see an increase in demand stemming from the rising incidence of supply chain issues. Because of these issues, companies will likely start requiring more and more that any vendor or third party they work with must-have cyberinsurance, as we’re already starting to see with geopolitical issues spilling out across borders, in addition to the cyber threats companies are constantly facing, companies are going to prioritize protecting their most critical assets (including their reputation).
In 2023, demand for cyberinsurance will continue to increase, as will prices and requirements for obtaining these policies.” Jon France, CISO, (ISC)²
“2023 will likely bring the further maturation of the cybersecurity insurance market as well as stricter compliance requirements, which in turn will drive organizations to tighten their cybersecurity measures particularly through MDR services, multi-factor authentication technologies, and disaster recovery services. Insurance carriers are becoming savvier about which technologies reduce risk and which services bring true value to the end user. Insurance carriers will continue to increase their due diligence efforts to ensure these technologies are properly installed and managed and may refuse coverages when policies are not followed. Many legacy or improperly patched systems could lose their coverage under some insurance policies because of the increased risk. As a result, companies will want to modernize the legacy systems or accept the risk without insurance backing.” James Morrison, national security specialist, Intelisys, a ScanSource Company.
Article originally published by Joey Stanford and Jay McCall on Dev Pro Journal.
Learn more about the Platform.sh approach to security, privacy, and compliance in our dedicated Trust Center.