Cybercriminals are gearing up for a busy and disruptive 2021. Jarrod Overson, Director of Engineering, Shape Security, F5, looks at his crystal ball to issue this cautionary—Editor.
Fraud will skyrocket, straining existing defenses
Fraudsters’ toolsets have evolved over the past five years, while the current generations of defenses are starting show their age. Attackers have found that by imitating their victims, down to their home environment, they can bypass hurdles like multi-factor authentication and risk-based rate limiting.
The tools that take advantage of this type of vulnerability are still in their infancy but, when they mature, it will force companies to reevaluate their defenses.
3D printers will test biometric security
3D printers went from niche machines costing thousands of dollars to being sold less than a Nintendo. 3D-printed fingerprints and faces that can pass biometric authenticators is not a sci-fi future. It’s right around the corner. It won’t require a high-quality scan of a victim, either.
Biometric authentication boils down to probability scoring, and a printable ‘master key’ may look more like a keychain of composable parts than a replica of a person’s face or fingerprint.
Bolt-on security will move to the edge
Routing a packet all the way through the internet just to say “no, this one’s rotten, reject it” is a waste of resources. Both the internet and budgets are finite.
Moving products like bot protection and data validation to the edge is the obvious solution and will save both processing time and bandwidth cost.
Rust and Wasm will change application security
WebAssembly, Wasm for short, is a bytecode that started as an alternative runtime for web browsers, complementing JavaScript. Wasm is turning into an ultra-lightweight, ultra-portable way to execute binaries on the server, edge, browser, wherever.
Meanwhile, the Rust language has already made waves with its focus on memory safety, the cause of most severe security issues and has the best first-class support for Wasm. The combination of the two promises to fundamentally change application development.
A surge of data breaches will be announced late 2021
The office landscape changed radically in 2020. Millions of workers went remote in a matter of weeks and systems scaled quickly. The problem isn’t remote working, it’s that traffic and activity data started looking different all at once Trends changed.
Just like when someone shines a flashlight in your eyes at night, it takes time to readjust and see clearly again. Once companies recognize what new breaches look like we’ll see a cascade of announcements in a short time frame.
