Hackers are Getting Smarter; are You?

by

hacker data securitySony, Sega, RSA, the International Monetary Fund, the Arizona Department of Public Safety, even the CIA. It seems no organization – private or public – is immune to hackers these days.

And while the LulzSec group, which is responsible for the Arizona DPS and Sony security breaches among others, has chosen to disband because it is “getting bored of us,” most hacking targets are not so fortunate. Hackers generally don’t get bored that easily. More often than not the thrill-seeking compels them to go for bigger and better targets…and it seems they’ve been up to the task.

In fact, in the wake of the CitiGroup data breach, Time Magazine’s Martha C. White openly questioned in her June 6 headline, “Are Hackers Getting Smarter?”

Based on the events of this year alone, Ms. White, the resounding response would have to be, “YES!!!”

Bullish Breach

The breach at Citigroup’s North American cards division saw hackers finagle access to names and information of more than 200,000 customers. White points out that, while it pales in comparison to the 16 million accounts that were illegally accessed by hackers in 2010, a direct hack on a bank is as significant as it is rare.

She goes on to note, however, that a modern-day Bonnie and Clyde are more likely to wield keyboards than guns, so there needs to be greater attention to securing customer data.

OK, locks are nice, but they have to lock something that is, first and foremost, structurally sound.

The House of Straw

Historically, security systems have been fine if you want to know when someone or something has infiltrated your perimeter. However, every defensive force since the beginning of time has known that if you want to keep the infiltration from happening, you first need to establish a solid perimeter.

Recently MITRE and the SANS Institute released a report on the 25 Most Dangerous Programming Flaws and, at the top of the list, was the one that has been behind many of the highest profile hacks in recent memory – SQL Injection. And because so much of today’s software is being built upon pre-existing code, many of these instances of flaws have lied dormant for generations of application software only to be exploited as hackers become more aware of their existence.

secure software qualityThe House of Brick

While businesses can ill afford to take the time to rewrite new code every time they need to create a new application, let alone when they customize one, there needs to be some due diligence applied to ensure that the code upon which new software is build meets with the latest standards and norms of the industry.

If organizations want to keep hackers out of their data, they need to get smarter and build an impenetrable house for that data. The only way to do that is to perform a complete assessment of the structural quality and overall health of not only newly written code, but also any pre-existing code an application is built upon to ensure it meets up with current standards and hacker intelligence.

Locating and addressing the vulnerabilities will keep organizations just a bit smarter than hackers and prevent them from huffing, puffing and blowing the data house down.

Filed in: Software Quality
Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper
This study by CAST reveals potential reasons for poor software quality that  puts businesses at risk, including clashes with management and little  understanding of system architecture. What Motivates Today’s Top Performing  Developers Survey
Jonathan Bloom Writer, Blogger & PR Consultant
Jonathan is an experienced writer with over 20 years writing about the Technology industry. Jon has written more than 750 journal and magazine articles, blogs and other materials that have been published throughout the U.S. and Canada. He has expertise in a wide range of subjects within the IT industry including software development, enterprise software, mobile, database, security, BI, SaaS/Cloud, Health Care IT and Sustainable Technology. In his free time, Jon enjoys attending sporting events, cooking, studying American history and listening to Bruce Springsteen music.
Load more reviews
Thank you for the review! Your review must be approved first
Rating
New code

You've already submitted a review for this item

|