As ransomware continues to plague organizations across industries, remote work continues and innovation brings with it new threat vectors for bad actors to exploit, 2022 is poised to be another messy year in cybersecurity.
In July 2021 alone, organizations lost $45 million to ransomware. What’s more, ransomware costs are projected to reach $265 billion by 2031. The firm Cybersecurity Ventures predicted that “there will be a new attack every two seconds as ransomware perpetrators progressively refine their malware payloads and related extortion activities.” But ransomware isn’t the only cybersecurity concern business leaders should be thinking about heading into the new year.
As businesses increasingly turn to digital channels like applications and websites to drive everyday business and customer interactions, those endpoints present new threat vectors for bad actors to potentially exploit. According to Okta’s 2021 Businesses @ Work report, large organizations (think AWS, Zoom, Box) deploy an average of 175 consumer and developer-facing applications, with smaller companies averaging slightly less at 73.
What’s more, upticks in malicious activities like application cloning, credential harvesting and app spoofing will continue to cause headaches. In 2021, organizations and consumers across all sectors were forced to confront new and emerging bad actors in cyberspace. One example: The Android banking Trojan SharkBot (first discovered in October 2021), could implement overlay attacks to steal login credentials and credit card information and could intercept banking communications sent via SMS. To date, the botnet is thought to have targeted banking applications and cryptocurrency exchanges across the UK, U.S. and in Italy.
But there is a way that organizations can bolster their cybersecurity wherewithal today to future-proof their business against the cybersecurity threats and concerns that will proliferate in the new year: It starts with “shifting left” and embracing DevSecOps within your organization.
Bracing for Impact
One of the ways organizations can better prepare and defend their organizations against the rise of cyberattacks to come is by adopting a developer security philosophy known as shifting left. In other words, building security into your DevOps strategy from the start. In industry circles, this practice is also known as embracing DevSecOps.
DevSecOps involves cultivating a flexible partnership between engineers, operations and security teams to build security into all DevOps processes. Essentially, aiming to mitigate the bottlenecks of older security models on the CI/CD pipeline. DevSecOps also requires increased communication and collaboration between development, IT and security teams to ensure that security practices like testing are done in iterations throughout the code development life cycle. According to Gartner, by 2022, 90% of software development projects are projected to leverage DevSecOps practices—a 50% increase from 2019.
But to be sustainable, cybersecurity needs to be embedded into all facets of the DevOps process—from production to testing to deployment. But even then, it’s important to remember that DevSecOps alone isn’t a security silver bullet. It’s a starting point. And as cybersecurity becomes all the more essential to bolstering business success and resiliency, it’s the least your organization should be doing in 2022.
DevSecOps Alone Won’t Cut It
While DevSecOps serves as a mission-critical foundation for scaling business resiliency, it won’t equip your organization to withstand the ongoing onslaught of attacks in cyberspace alone. Since most of the time, businesses are fighting nations in cyberspace—and far too often, that’s a losing battle.
In 2022, as threat vectors widen and worsen, it will be essential for organizations to innovate with cybersecurity top-of-mind, across all facets of the development, deployment and production pipeline. Adopting DevSecOps practices across your organization, or shifting left, is one way organizations can bolster business resiliency as we head into yet another unpredictable year in cyberspace.