As 2023 comes to a close, the leadership team at StackHawk wanted to share some predictions about what’s on the horizon for the cybersecurity space in 2024. Please see below for predictions from Joni Klippert, CEO and Founder of StackHawk, Scott Gerlach, CSO and Co-Founder of StackHawk, and Dan Hopkins, VP of Engineering at StackHawk. Shift left security, compliance, and automation are among the top trends that Joni, Scott and Dan are expecting to shake up the threat landscape next year.
Joni Klippert, CEO and co-founder at StackHawk
Increased Compliance and Accountability
2024 will be marked by increased compliance requirements, driven in part by initiatives like President Biden’s National Cybersecurity Plan and new SEC regulations. These regulations will place a greater emphasis on how organizations prioritize cybersecurity. Executives, all the way up to the board level, will be required to assume more responsibility and accountability for developing and implementing cybersecurity plans.
Security will no longer be a mere box to check; instead, clear, effective plans and progress reporting on cybersecurity strategies will become a top priority for organizations. C-suite executives and board members will face mounting pressure and accountability for the security of their digital assets, making cybersecurity a fundamental concern for all stakeholders.
Automation’s Dual Impact: Efficiency and Vulnerabilities
Automation will continue to be a driving force in the business world, with organizations seeking efficiency gains wherever possible. In software development, enterprises will place increasing pressure on speeding up the code-writing and shipping processes. This push for speed is expected to result in a greater use of AI-generated code in the next generation of software.
However, the rapid release of code with the aid of automation may have unintended consequences. Organizations using legacy application testing tools may find themselves producing APIs faster than they can effectively test them, leading to security teams falling behind. This growing disparity between the speed of development and security testing will expose organizations to an increasing number of API-related vulnerabilities.
In conclusion, 2024 is poised to be a transformative year in the realm of enterprise application security. The shift-left approach, coupled with improved collaboration between security teams and software engineers, will lay the foundation for more secure and efficient software development processes. Increased compliance requirements will drive accountability, while automation will present both opportunities and challenges for organizations as they navigate the ever-evolving landscape of application security. To thrive in this environment, organizations must adapt and embrace the changing paradigms of application security.
Scott Gerlach, CSO and co-founder at StackHawk
In 2024, we will begin to see more engineering buy into and/or provide some amount of budget approval to be spent on AppSec tooling. Why? Because it ultimately affects them. For smaller organizations, this responsibility will fall on engineering teams until they reach a point of growth where they have a security team where they will then take over and be the driver of security solution purchases. However, while security teams have the budget, they don’t have the resources to do any of the fixing, so this falls back to engineering teams anyway. This needs to be more efficient, make the feedback cycle tighter and having the ability to make safer software faster is super important for engineering teams.
Dan Hopkins, VP of Engineering at StackHawk
Engineering and security teams must be more collaborative
A trend expected to continue in 2024 is more need and willingness for collaboration between security and engineering teams. Time and time again, many security risks and vulnerabilities can be traced back to security teams being unaware of what engineering teams are doing and which applications are being created and deployed. Most organizations still haven’t built a cultural connection between these two important teams. Over the next 12 months, it is pivotal that organizations place more onus on forming collaborative relationships with software engineering and security teams. The two teams must not be viewed as separate but rather one group working cohesively. Better partnerships will ensure security teams are aware what applications and code exists within their environment and will also lead to security practices being better understood by those creating the software. To facilitate this bond, organizations must ensure that any security solutions purchased helps the software engineering and the security teams work in parallel.
As engineers are accustomed to working with solutions that have easy to use, efficient and well-appointed user interfaces (UIs), as they become more involved in the security process, they require the same level of efficiency within security tooling.
Faster development life cycles will continue
In 2024, the march towards faster development lifecycles to keep pace with demand will continue. As developers and organizations push new applications into production faster, organizations must ensure that security practices happen in real time in the CI/CD pipeline as software engineers are developing source code. In the new year, organizations must also devise and implement strategies that facilitate connection between runtime and testing. Currently, the way that we protect our systems is very disconnected from the way that we test and prevent vulnerabilities from getting out the door. There needs to be more cross talk between the two.