Reasons Pentest is inevitable for invisible security
Technology and hacking trends, Martin Jartelius, CSO Outpost24
- As GDPR continues to gain momentum, we will see a perceived rise in the number of reported breaches. However, we will be uncertain if this should be attributed to an increase breach disclosure or an increase in actual breaches, or that breaches against personal data have become financially attractive.
- Everyone will need a security expert. Everyone will need a team of application security specialists. But they can’t have them, because “the market” is drained and companies will continue to struggle with finding skilled security staff. This gives rise to the proliferation of MSSPs and consultancies, but also a shift to focus on usability and decision support in security technology, enabling non-security experts to make educated decisions based on advice by their support systems.
- Organizations will keep talking about defense in depth but keep building a wall around their perimeter and leaving a very soft network inside.
- As technical security measures continue to make it harder to breach organisations, phishing will continue to rise, and organizations will keep claiming user responsibility for insecurity and gullibility as the problem, however it will still be down to not hardening workstations and internal networks.
- We will see an increased focus on supply chain breaches in web applications due to the substantial success of those attacks in the last year. These attacks differ from normal supply chain attacks as instead of targeting code in the manufacturing line, as components are loaded cross domain and across organizations, the website security or large organizations will be broken based on their dependency on small organization.