Chris Leffel, WhiteHat Security: More Urgency on Data Protection in 2021
This is part of an ongoing 2021 predictions series. We’ve asked top cyber experts to contribute their insights and expertise to provide a look ahead at what the new year may bring to cybersecurity.
Chris Leffel, Vice President, Product Managementat WhiteHat Security, a San Jose, Calif.-based provider of application security:
"The events of this year have opened the door for revolutionizing the industry. Even before 2020, the attack surfaces for cybercrime and cyber mischief had expanded exponentially. Because we are in the business of keeping our customers secure, our ecosystem was able to generate firsthand insights and lessons learned to help others better prepare for the future.
As experts look to the new year, three core themes emerge that businesses of any size or industry will want to consider through 2021 and beyond: the need to prioritize digital transformation, employee empowerment, and seamless security testing.
Security will be a Priority on the Road to Digital Transformation This year, the cybersecurity industry has been stretched to support the mass influx of businesses evolving amidst a global digital transformation. With the pandemic forcing many businesses to switch processes to an online, remote model, the need to integrate security at the core will increase tenfold. On the top of that list should be web and mobile application security due to the growing threat landscape. Application teams will increasingly adopt and develop a culture of continuous improvement and rethink software security approaches. Through 2022, the DevSecOps community will grow faster than ever in its history.
More Urgency on Data Protection through Tools, Training, and Employee Empowerment This year, pharmaceutical companies were relentlessly targeted by hackers. The realization has dawned that just compliance isn't enough, and there's an urgent need to take robust steps to secure their data. We will see more AI-based automation centered around privacy and data security to proactively mitigate risks from cyberattacks, with the goal to protect their highly sensitive information and intellectual property.
Other major factors contributing to overall risk are the shadow IT devices that often come with remote employees and diverse working environments. Unless properly trained, many individuals may not fathom their potential exposure when accessing a corporate network from any device in their arsenal. It is critical to empower employees to understand the unique needs of your network, which will better prevent and defend against a future breach.
Application Security will be Paramount in the App-driven Economy The pandemic has upended how we go about our daily lives, including the way consumers shop. From purchasing the simplest necessities online to mobile order ahead, more shoppers are using their mobile devices to complete their purchases. According to the U.S. Department of Commerce, "e-commerce sales in the third quarter of 2020 accounted for 14.3 percent of total sales." This represents a 36.7 percent increase from the third quarter of 2019. As a result, online retailers must devote time and resources to ensuring security protocols are in place to safeguard customer information from hackers – application security testing plays a pivotal role in this. With businesses rushing to release online storefronts, the risk to consumers' personal and financial information is significant unless the proper protocols are followed at the onset. For the U.S. to get back to operating businesses confidently, apps need to be regularly put to the test in an environment that matches the ingenuity of today's hackers."