Software and applications issues are often found to be the root cause of downtime, making testing an essential aspect of resilience. In this article Neil Cameron and Miguel Marques share their software testing and security testing predictions for 2021.
While software and penetration testing sectors were already thriving in 2019, 2020 really threw them into the spotlight as enterprises endeavoured to ensure that apps and software did not collapse under increased load, and their cyber security practices adapted to the increased number of vulnerabilities and potential threats brought by suddenly accelerated remote working trends.
Across 2021 businesses will seek to adapt further to this sudden step technology change by adopting new quality and security practices to deliver and secure IT and employee networks that have morphed beyond recognition.
While in 2019 companies were still reluctant to go all out on off-premise and 100 percent cloud solutions, in 2020 these trends have been wholeheartedly adopted to survive in the new business normal. In 2021 the use of cloud-based systems will advance and consolidate, becoming the new IT normal for most businesses.
Software and penetration testing services will see rising demand as new networks, systems, and processes must be assessed for vulnerabilities, especially before illicit actors seek to take advantage of these quickly constructed solutions that enable remote working and social distancing.
The emergence of the COVID-19 pandemic in 2020 meant that many enterprises implemented their disaster recovery and business continuity plans, some for the first time. Premises and offices were closed for extended durations amidst unprecedented lockdowns. Many businesses quickly needed to add new equipment, software subscriptions, and increased cloud capacity to their working practices.
Some of the hastily put in place, temporary, and potentially risky solutions to enable remote work from the start of lockdown will be replaced with more robust, long term solutions. Further cloud adoption is on the horizon and potentially a lot of firewall or VPN solution upgrades as companies aim to be more flexible. As a result of all this, the scope of testing will most likely change.
Where DevOps was norming for enterprises, its approach will be seen in businesses of every size in 2021 and beyond. Project managers will be accepting more risk and adopting new ways of working. Mass migration to cloud technology with see DevOps methodology utilised to integrate, manage, and improve new cloud-based systems and processes.
IT departments and IT service providers and managers must adapt systems and their management to IT networks that are very different and end-point devices that are more widely distributed. Employees working at home will need greater cyber awareness to protect themselves against attacks that could occur via their home or work equipment.
Additional and IoT devices, a widening security perimeter
Today’s massive and immediate change in working practices has seen, and will continue to see, wider use of mobile devices, laptops, smart home systems used for work advantage, and IoT devices used to enable distancing and replace human interaction.
This change presents a wider and often unique security perimeter that businesses must encompass entirely in the cyber security and security testing efforts. Every element of a business system and each device which accesses business data and creates a network vulnerability must be tested for weakness and protected against illicit actors and accidental breaches.
Home working will continue well into 2021 and probably beyond, forcing security functions to move further away from the traditional perimeter security approach and acknowledge that the user is now the boundary.
Expect to see greater use of encryption technologies, cloud computing and endpoint protection, businesses recognising their responsibilities extend to the security of their worker’s homes. Also, education programs that focus on the risks of working outside of the office.
While traditional risks, such as phishing, will dominate, we will face an increasing new wave of attacks aimed at smart IoT devices, from home lighting, to cameras and security. Against this background, we must ensure that devices are robustly secure prior to being launched into the production environment and vendors can provide proof of compliance with security standards.
Hackers will seek to take advantage, attacks will evolve once again, employees must be ready
Cyber attackers have almost certainly taken 2020 to ramp up their efforts as new business systems and networks (often in their infancy therefore leaving them vulnerable) become more distributed and cloud-based. Increasingly more people are using technology for work and in different ways, presenting new opportunity for hackers. Employers must be aware of the cyber attacks they could be vulnerable to at home. Isolated working practices may make workers more vulnerable to social-engineering attacks or bad practice without colleagues to consult with and with more opportunity to stray from secure on-premise work habits.
Software and security testers have experienced an uptick in new enquiries in 2020, and we predict that businesses who have yet to adopt stringent cyber security practices will certainly be considering the need for expert assistance in 2021.
Sadly, our key respondents to the COVID-19 healthcare crisis – hospitals, public services, government offices – may continue to be at greater risk to ransomware and other cyber attacks. Operations in these industries are critical, meaning they are at risk of paying the ransom to unencrypt their systems. 2020 and the preceding years saw numerous costly attacks to healthcare operations, much like the infamous WannaCry attack in 2017.
Phishing emails are just one attack vector which can lead to significant data breaches and successful ransomware attacks. These phishing attacks are becoming more sophisticated with ‘deepfakes’ using breached data, personal credentials, and even voice recordings and telephone calls to give an impression of credibility to illicit actors.
AI-as-a-Service, changes and benefits to testing
The use of AI-as-a-service will advance in 2021. AI is already being used in customer service, in e-commerce and industries where the analysis of big data can lead to process efficiencies or increased revenues. These AI-enabled systems need appropriate software and cyber security testing.
AI is also now being used in testing. It can monitor all aspects of a network faster than human counterparts. AI can analyse ‘normal’ network data in order to quickly alert to unusual activity in real-time that indicates an attack, hack or breach. AI technology for defect analysis can identify where defects and attacks are more likely to occur.
Quantum Computing will also continue to develop in 2021, though its game changing benefits probably won’t be realised for a number of years yet. Quantum Computing will enable AI on a whole new level, as well as increasing technology use and capacity, and prompting new security practices and even deeper system testing.
With data and its analysis becoming key to business efficiencies, as well as in protecting them, the role of the data scientist in understanding these data flows and utilisation will evolve in demand and maturity.
Testing skills shortage will dominate jobs market
Increased demand for IT services and cyber security will create opportunity for both skilled professionals and entrepreneurs who will create startups to meet the need for new ways of working.
Both startups and established businesses however will continue to experience a shortage of skilled testers, but this will prompt businesses to use software testing businesses to train and build flexible resource that responds to demand.
Due to agile fast-paced development, and moving to DevOps, Software Development Engineer in Test (SDET) roles will also increase in demand because of their hybrid skills that enable them to work effectively in both development and testing roles.
We will see some major changes in the IT landscape, with cloud migration, ongoing digital transformation, and the utilisation of smart and IoT devices and machines being the key drivers for software and security testing in 2021.
The authors
Neil Cameron, Head of Technical Services at Edge Testing and Miguel Marques, Senior Test Consultant at Commissum.
