Five top trends shaping software security in 2022 – Business Leader

May 17, 2022
Apr 13, 2022
Apr 09, 2022
Apr 08, 2022
Apr 07, 2022
Apr 06, 2022
May 18, 2022
May 17, 2022
May 17, 2022
May 17, 2022
May 17, 2022
May 17, 2022
May 18, 2022
May 17, 2022
May 17, 2022
May 17, 2022
May 17, 2022
May 16, 2022
Issue 35

Business Group
19th May 2022 6:30 pm
24th May 2022 10:00 am
16th June 2022 10:00 am
15th September 2022 6:30 pm
3rd November 2022 6:30 pm
The Business Leader print magazine has a qualified audience of high-net-worth individuals and business leaders.
The Business Leader website posts breaking news stories each day from around the UK.
Business Leader runs the UK’s leading regional and national Business Awards – which celebrate the best that British business has to offer.
Our wide variety of virtual events cover a variety of business-critical topics, from business resilience to inspirational talks.
Our wide variety of in-person events cover a variety of business-critical topics, round table debates and inspirational talks from our network of business leaders and VIPs.
Email Newsletters from Business Leader feature a mix of breaking news, thought leadership, and inspirational interviews.
Story by
James Cook
May 16, 2022
In this exclusive guest article, John Smith, EMEA Chief Technology Officer at Veracode, explores the five top trends shaping software security in 2022.
The significant disruption we have faced over the last 20 months has forced businesses in all industries to scale up their digital transformation efforts and make online operations easier for both employees and customers. Businesses have had to develop new applications and software at pace to enable remote work to continue. In fact, developers have really felt the pain here with 83% of people working reporting burnout.
Plus, the digital attack surface is growing at a record speed, leaving businesses more exposed to the risk of a cyber attack. In this context, there are a number of key trends of which business leaders should be aware of.
The world is more interconnected than ever and IoT devices are an ever more prevalent part of our lives. From searching the Internet via our refrigerators to turning on our televisions with a simple voice command, there is no doubt that these devices and cloud-connected software can increase convenience. But what about cyber risk? According to the Verizon 2021 Data Breach Investigations Report (DBIR), web applications were the source of over 39% of breaches – double the amount seen in 2019.
Speed of deployment will continue to be a major factor over the next several years, bringing a ‘hypercompetitiveness’ to businesses. In fact, recent research from Citrix found many firms anticipate a period of post-pandemic ‘hyperinnovation’.
Businesses will need to automate as many processes as possible to become more efficient and retain talent. Eventually, DevOps and pipeline automation will not just be goals; they’ll be expectations. And everything that can be code will be code; security as code, compliance as code, and infrastructure as code.
While many organisations are already embracing DevSecOps, we see an opportunity for security to shift even further left into the design phase to become ‘SecDevOps’. Security teams will be less operational, taking on more of an auditing role, while developers will oversee application security testing, automating scans into their existing workflows.
Over the next few years, we can also expect to see developers turning to AI and machine learning for tasks like vulnerability identification, threat modelling, and flaw remediation.
To speed up software deployment, developers are increasingly breaking down applications into the smallest possible components, reusable blocks of logic — known as microservices — so they can be used in more ways. Application Programming Interfaces (APIs) are becoming more critical than ever as the means to integrate these microservices.
However, without the right security, APIs are a prime target for cybercriminals. A recent report from Akamai highlights numerous vulnerabilities, such as broken authentication, injection flaws, and misconfigurations. APIs leave businesses more exposed to cyberattacks and the threat is growing. In fact, according to Gartner, API abuses will be the most frequent attack vector in 2022.
It’s no surprise that open-source libraries also speed up development. In fact, our State of Software Security report found that 97% of a typical Java application is made up of open-source libraries. However, major cybersecurity incidents such as SolarWinds and Kaseya were the result of vulnerable open-source code. They are a stark reminder to re-examine every component of software development and deployment.
Since open-source libraries continue to evolve over time, failing to review and update the third-party code used in software is a significant cause for concern. And this happens with alarming frequency; 79% of the time developers do not update third-party libraries after first including them in software, according to our State of Software Security: Open-Source Edition. Moreover, almost one-third of applications now have more security flaws in their third-party code than in their first-party code.
Developers need to prioritise third-party library updates and regular code scanning to reduce the level of risk.
To reduce systemic risk in the software supply chain, we expect to see a greater emphasis on governance and policy around cybersecurity. In the U.S., the White House has already released an Executive Order that outlines security requirements for any organisation supplying software to the federal government. It is likely that these regulations will also make their way into the public sector since much of the software sold to the government is also sold to enterprises. Similarly, in the UK, the new National Cyber Strategy 2022 demonstrates the government’s commitment to ensuring cybersecurity tools and practices are embedded into software development and maintenance.
John Smith
Business leaders, not just in technology, should take these trends seriously. But with several trends to consider, what should businesses focus on first?
It’s important to understand the growing cyber risks out there and, therefore, why future-proofing their software needs to be a priority for 2022.
Click for more articles from Cyber Security Month by Dragos
Share This Article
May 16, 2022 |Technology
May 16, 2022 |Interviews
May 16, 2022 |Mergers & Acquisitions
May 16, 2022 |Surveys
May 13, 2022 |Financial Services
May 13, 2022 |Covid-19
© Copyright 2022 Business Leader Ltd | Terms & Conditions | Cookie Policy | Privacy Policy

By signing up to receive the Business Leader newsletter you will receive breaking business news, exclusive interviews and original content three times a week to your inbox. You may also receive invitations to our events and please do get in touch with us to let us know what type of content you like best.

By submitting your details you confirm that you agree to the storing and processing of your personal data by Business Leader Ltd as described in the privacy statement.

Thank you for subscribing to the Newsletter.

An email confirmation will be sent to you shortly.

Already have an account? Sign in here
By registering with Business Leader you confirm that you agree to our terms & conditions and our privacy statement.
Your account has successfully been created.
Please login to your account to set your preferences.
Don’t have an account? Register here
Lost your password?
Fill out the form below to get emailed a password reset link.
Your password reset link has been sent, please check your email.


Enable Exclusive OK No thanks