The Asia Pacific region can weather new realities and norms well in 2022, if some key drivers of change can be reined in.

When talking about the changes wrought by the COVID-19 pandemic, the term “new normal” is often mentioned, but the sad truth is that we can only guess if things will ever truly return to any kind of normalcy in 2022.

Two changes have had a massive impact on how normality in all downstream aspects of life will be evolved: one involves travel restrictions; the other involves hybrid and remote-working arrangements now already becoming a permanent fixture.

According to a number of experts from Synopsys Software Integrity Group, these two changes have caused budgets in organizations to be shifted elsewhere. One consultant noted: “The shift to remote-working in 2020 has meant that associated security tools such as VPNs, DLPs and endpoint protection are already in place allowing budgets to be used elsewhere.”

Another commentator observed: “Travel continues to remain at a fraction of the level of where it was previously in places such as Australia, China and South-east Asia. With that in mind, I find it difficult to believe that many organizations are budgeting much into travel and what that might mean is the ability to re-allocate spending to other areas.”

A new normal in cybersecurity

When it comes to this hot button topic, the firm’s Head of Client Services (APAC), Ian Hall, brought to mind the hacks within the Asia Pacific which often state-sponsored actors.

“For instance, in May 2021, North Korean hackers were credited with a cyberattack on South Korea’s state-run Korea Atomic Energy Research Institute (KAERI). This was a supply chain attack with the North Korean hackers leveraging a vulnerability in a VPN vendor’s software. Additionally, in August 2021, Symantec reported various groups traced back to China were responsible for hacks at five major South-east Asian telecommunication providers over several years. These hacks were again enabled by commercial software—in this case, MS Exchange vulnerabilities,” Hall said.

Putting two and two together, Hall said: “I see there being an expansion of multi-lateral cooperation around cybersecurity. There have been two high-level meetings of US Government officials (Secretary of Defense Lloyd J Austin III and Vice President Kamala Harris’) visiting the region where cybersecurity was discussed. A quick internet search of hacks or breaches in APAC brings up a common theme: the involvement of nation-state malicious actors. This is something that governments in the region are keen to get ahead of by cooperating to share information.”

The firm’s general manager Jason Schmitt, on the other hand, brought up the issue of cryptocurrency being a probable target for “malicious forces looking to extract ransom from data heists, as well as attempting to profit from [manipulation and theft].” He also predicted that that AI-driven systems will become more of a focus for development and security teams in 2022.

The AppSec neonormal

Being AppSec experts, the team naturally had their take on how the application development security scene is being molded with a new normal. Senior Security Strategist Jonathan Knudsen asserted that 2022 will see AppSec tools being run automatically and will result in fewer software vulnerabilities, fewer support cases, fewer emergency updates, higher productivity, and happier customers.

He believed there will be no more need for developers to read 1000-page reports from security teams because the security testing will be integrated into the development process automatically. 

His colleague, Security Engineer Amit Sharma, predicted that more cloud solutions and cybersecurity awareness training will be adopted and conducted. In addition, he opined that organizations should invest more in API security activities.

While the Synopsys team’s views and predictions have overlaps and differences, one common theme that threads through many of their comments was clear: supply chain risk management.

With the likes of the SolarWinds, Kaseya and Colonial pipeline attacks still fresh in their collective memory, they believe that supply chain-related attacks have opened the eyes of CISOs to the need for security measures to be put in place and for testing results to be consolidated using common platforms.