Cyber Defense eMagazine February 2021 Edition

More documents

Recommendations

Info

2021 Predictions: Securing the API Economy, Identity and Rigorous Consent Controls By Nathanael Coffing, CSO, Cloudentity It goes without saying that 2020 was an unprecedented year and the security landscape was completely transformed for cybersecurity professionals. Due to COVID-19 and the U.S. presidential election, the tumultuous year was a perfect storm for hackers to take advantage of. The sudden shift to a remote workforce in March 2020 meant that security perimeters were greatly extended and sometimes nonexistent, enabling millions of employees to maintain productivity during the pandemic. This led to a neverseen-before spike in cyberattacks across all sectors; the FBI and other federal agencies issued a warning for all U.S. businesses, particularly hospitals and the public health sector, to be weary of ransomware attacks. Cyber Defense eMagazine – February 2021 Edition 24 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
Additionally, we saw explosive growth in the API economy as consumers shifted toward primarily using online apps for managing finances, healthcare and other important transactions on mobile devices. Consumers also became more aware of how companies are collecting and storing their data when using these types of apps. Given the major shift from in-person to digital in 2020, below are a few cybersecurity and enterprise tech trends that we can expect to emerge in 2021. 1) In 2021, Identity Access and Management is no Longer Separate from Cybersecurity Identity Access and Management (IAM) and security are no longer separate facets of an organization and must be treated holistically. According to 2019 data from the OWASP Foundation, seven out of the top 10 security vulnerabilities for APIs are related to identity. This shows that for the technology industry at large, the era of managing identity outside of cybersecurity is over. API security is a foundational element in today’s app-driven world and all of them need stronger more granular methods of transactional authorization. The risk is palpable as we’ve seen from the dozens of API breaches this, if an API is poorly written, Object or function level authorization issues provide programmatic data leakage to an attacker. An example of this going wrong is Cambridge Analytica, where Facebook’s API exposed raw data from more than 87 million Facebook users which was then exploited by the political consulting firm. If organizations don't take control of their API security, we will see more large-scale data breaches in 2021. 2) 2021 Will Mark Huge Growth in the API Economy In the last few years, APIs have been elevated from a development technique to a business model driver and boardroom consideration. Essentially, APIs enable companies to more easily build products and exchange data with internal, partner and customer services. According to recent statistics, Salesforce generates half of its revenue through its APIs, while Expedia reportedly derives a staggering 90% of revenue from APIs. In 2020, the API economy boomed and in 2021, we will see an explosion of new applications as a result. Enterprises thrive on data and APIs provide a key enabler for reusing, sharing and monetizing those APIs, extending the reach of existing services or providing new revenue streams. Therefore, a growing number of large enterprises are building new services that expose legacy data stores allowing developers to use this data to create new APIs to drive new business initiatives. However, along with the rapid growth of API-centric services, there are more risks of APIs having vulnerabilities in their code. APIs should be treated as products and potential security flaws must be addressed at the API-level, ideally in the development stages. 3) To Lean on API-centric Services to Share Data, Consent Control Must Be More Rigorous As we’ve seen with popular cloud document-sharing services like Google Docs and Box, API-centric services are relied on every day for seamlessly sharing data and being able to control who can view and edit certain files. Privacy is at the core of these open-data platforms, and authorization and consent are what ensures privacy is maintained. With modern API-centric services, consent has shifted the consumer mindset from “what data can I know about this app” to “what data can this app know about me,” and “what Cyber Defense eMagazine – February 2021 Edition 25 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2: The 2021 Perspective - Challenges a
Page 3 and 4: Does Sunburst Have Your Confidentia
Page 5 and 6: @CYBERDEFENSEMAG InfoSec Knowledge
Page 7 and 8: Cyber Defense eMagazine - February
Page 21 and 22: The 2021 Perspective - Challenges a
Page 23: A slice of the anti-virus pie? We s
Page 27 and 28: 2021 Predictions: Addressing the Ch
Page 29 and 30: About the Author Ankur is the found
Page 31 and 32: An independent study conducted by P
Page 35 and 36: The Boomers’ lack of trust in Fac
Page 37 and 38: While it’s unclear if historical
Page 39 and 40: Cyberattacks On K-12 Education Care
Page 41 and 42: About the Author Saryu Nayyar is th
Page 43 and 44: Third-party vendor risk management
Page 45 and 46: Cyber Resiliency Will Become the Ne
Page 47 and 48: About the Author Drew Daniels is th
Page 49 and 50: Phishing Threat actors are taking a
Page 51 and 52: Vulnerability Patching: Why Does It
Page 53 and 54: with any degree of efficiency is to
Page 55 and 56: the nature and its technological ou
Page 57 and 58: kind of the communication streaming
Page 59 and 60: it’s logical to realize that the
Page 61 and 62: eason they will be that hidden part
Page 63 and 64: channeling hotspots are diverse and
Page 65 and 66: Ransomware is Evolving - Agencies M
Page 67 and 68: About the Author Nick Psaki is the
Page 69 and 70: 3GPP Release 15 defines the 5G secu
Page 71 and 72: • Suppliers must prioritize cyber
Page 73 and 74: Does Sunburst Have Your Confidentia
Page 75 and 76:
About the Author Randy Reiter is th
Page 77 and 78:
Global Reach and Accessibility Plan
Page 79 and 80:
About the Author Trevor Daughney is
Page 81 and 82:
typical work environment. Public Wi
Page 83 and 84:
increasingly interested in implemen
Page 85 and 86:
Approach cybersecurity as an org-wi
Page 87 and 88:
Are Encrypted Communication Apps us
Page 89 and 90:
How SaltDNA’s platform prevents c
Page 91 and 92:
are turning to new technologies lik
Page 93 and 94:
The Best Network Protection: Go Dee
Page 95 and 96:
Top Tips For Securing Your DevOps E
Page 97 and 98:
Continual Learning Is Necessary The
Page 99 and 100:
a prime target for cyber attacks. I
Page 101 and 102:
Cyber Defense eMagazine - February
Page 103 and 104:
Page 105 and 106:
FREE MONTHLY CYBER DEFENSE EMAGAZIN
Page 107 and 108:
show all

Cyber Defense eMagazine February 2021 Edition

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?