The last quarter of the year traditionally kicks off in October with the European Cybersecurity Maand. This is the EU's annual campaign aimed at raising awareness about cyber security. The goal? To ensure that everyone - from citizens to organizations - becomes more resilient to cyber threats.
Naturally, as a cybersecurity organization, we are happy to contribute. This is the time to reflect on the 7 key trends and developments in cybersecurity. And we’re also eager to show you how we respond to these trends, because sharing is caring!
1. Innovations in authentication
Authentication is one of the pillars of good security. In recent years, we’ve seen many innovations in this area. New methods such as multi-factor authentication, single sign-on, and passwordless solutions like passkeys significantly improve security. However… new technologies also bring new challenges.
At Computest Security, we always investigate vulnerabilities in these new authentication techniques. Recently, we published a study on implementation vulnerabilities in passkeys.
Sneak preview: WebAuthn, the protocol on which passkeys are based, is inherently very secure. However, it must be correctly implemented by the application that supports it. The protocol is complex and contains many checks that need to be executed properly. If this is not done correctly, it can lead to attacks where unsuspecting users’ accounts are compromised.
2. Infrastructure-as-code
Infrastructure-as-Code (IaC) is on the rise. What’s happening? In this trend, servers are no longer manually installed and configured; instead, code defines how a server should be set up. Based on this code, the server is deployed. Tools used for this include Kubernetes and Ansible. This offers several benefits, such as the reproducibility of server setups and simplifying secure server configurations.
Do you have questions about securing these products? You’re not the only one. We get this question frequently! That’s why at Computest Security, we’ve developed an effective method to thoroughly test Kubernetes configurations.
3. Advances in networking
Several developments are happening in the world of networking, and we’d like to share them with you. Whereas office networks were previously limited to one physical location, we now increasingly see (virtual) networks across multiple locations. As a result, the location of workstations or servers is becoming less relevant.
The trend of zero-trust networks is also continuing. In this model, devices on the internal network are no longer automatically trusted just because they are within the network.
Finally, we’re seeing increased use of cloud services as part of internal networks. A good example of this is the use of Azure AD, where an organization no longer needs its own local domain controller but uses a domain controller in the Microsoft Cloud.
A lot of developments, but don’t worry, we’ve got you covered! Our smart technicians have updated our IT infrastructure assessment. We have extensive experience testing cloud environments and have developed a specific approach for testing Azure AD.
4. Security pipelines
In software development, we see that deployment cycles are becoming shorter. What does this mean? New versions are deployed to production more frequently. The result? Manual (security) tests for each deployment become unfeasible. Is that a problem? Not necessarily. To prevent as many security issues as possible, we see more organizations deploying security pipelines. These pipelines, which can be set up in Azure DevOps, for example, contain various security checks. All software released must pass through these pipelines first. If the checks fail, the software cannot be deployed to production, preventing a lot of headaches. Examples of checks that can be included are Static Application Security Testing (SAST) and Dependency Checking.
The effectiveness of a security pipeline depends on how well it’s set up. To provide the best advice on setting up security pipelines, we’ve developed the Secure Development Consult. During this consult, we can analyze existing pipelines and check whether they are effectively configured. We also help clients set up new pipelines. Super practical and effective.
5. Artificial Intelligence (AI) brings new risks
The advancement of Artificial Intelligence (AI) is moving at lightning speed and is in the spotlight. So naturally, we are paying attention to it as well.
Much experimentation is happening with AI, and large organizations are leading the way. Think of Microsoft Copilot and the integration of large language models (LLMs) in search engines like Bing and Google. These rapid developments pose challenges for IT administrators. Think of risks such as data leaks via Microsoft Copilot and vulnerabilities like prompt injection in LLMs. We are closely monitoring these developments and keep everyone updated on the latest trends and risks through our channels.
6. OT security
Interest in security services is growing. In addition to traditional IT departments within companies, departments responsible for operational technology (OT) are increasingly focusing on security. This concerns the security of hardware and software that controls industrial equipment. Due to increased demand, we are working on a specific approach for customers dealing with OT, using the international standard IEC 62443.
7. Growing attention for logging and monitoring
The days when organizations only focused on detecting and patching vulnerabilities are over. No organization is entirely immune to vulnerabilities, unfortunately. So the question is not if you’ll be attacked, but when. The speed of detecting an attack is therefore crucial. As a result, we see a growing demand for advanced logging and monitoring.
At Computest Security, we offer Managed Detection & Response (MDR) services. With our own Security Operations Center (SOC), we can monitor all computer and network activities of our customers 24/7. If an alarm goes off, we detect it immediately and take action.
As you can see, the world of cybersecurity never stands still. That’s why European Cybersecurity Month continues to be important. Do you have any questions or want to learn more about the trends? Contact us at info@computest.nl.