As you read this, hackers are working diligently to uncover avenues, inroads and byroads to get into your confidential corporate data. I know what you’re thinking. You’ve heard this all before, your company isn’t vulnerable and you already took care of it. Are you sure?
Time for a reality check. Even if you figured out how to plug holes in your networks, the hackers may be gaining access through applications and solutions. Sure, many organizations have significant network security in place but it’s not enough as 84% of all cyber-attacks are happening on the application layer.
This final security frontier, the application layer, was a hot topic during a recent SAP Radio broadcast where three security experts weighed in on the threat of cyber-attacks and offered ideas on how to prevent them.
Identifying the weak spots
While software is enabling really exciting and cool things, like connected cars and robotic vacuums, this pervasiveness also enables security threats, according to Jason Schmitt, vice president and general manager of fortified business for HP Enterprise Security Products.
“Hackers are really smart,” said Schmitt. “They understand where the most lucrative and easiest access to data and sensitive information is and that’s by targeting the soft underbelly, which is the software that we push out and give to everyone without really thinking about how we’re securing it from the inside.”
Organizations spend somewhere between 45 and 50 billion dollars on security but very small percentage is focused on applications. “Clearly, this spend is not speaking towards a real awareness of the problem,” said Schmitt.
Big breaches, big business
Rik Turner, senior analyst on Ovum’s Infrastructure Solutions Team said the motivation for cyber-attacks has changed dramatically from the days of what we sometimes called the “script kiddies”, who were idolized in Hollywood movies like “Hackers.” U.S. health insurer Anthem, for instance, has indicated that millions of its customers had their data stolen, a massive breach which constitutes more than just child’s play.
“It’s big business and it’s so easy to do,” said Turner. “You can go online, find a little piece of software that’s been used many times before, make a couple of little tweaks in it so that it performs differently making it very difficult to detect when it’s doing its mischief, and away you go.”
Andreas Gloege, director of quality assurance solutions at SAP, agrees that cyber-attacks mean big business (hackers fetch up to $45 for a single credit card’s info) and believes it’s critical to make security and everyday practice that won’t slow the business down.
“Cyber security is something we should think about and practice on a daily basis but it should not stop us or slow us down,” said Gloege. “It’s really about providing the confidence to go live with applications without having additional hurdles and stepping stones.”
Running safe in the cloud
Consumer package goods companies often create applications for promotions like the Superbowl and other events, but they’re really producing software applications as an extension of their business which they have little control over, according to Gloege.
“They might’ve paid a vendor to build it for them. It’s running in a cloud somewhere, so their ability to control that is really reduced compared to five or ten years ago where they had some assurance that it was behind billions of dollars spent on perimeter defenses,” said Gloege. “They have to secure that application before it launches into the cloud – and that’s really the only way to be sure that it’s secure.”
Gloege said cyber threats aren’t going away any time soon and that awareness and prevention is the best medicine.
“Companies, government regulations, the users – we all need to be up on our toes, stay up to date and learn how to protect our own data and keep the security across these technologies updated and in place to protect ourselves moving forward. I think we’re getting better but it’s still a way to go.”
To learn more about how you can protect your business from cyber-attacks, listen to “Final Security Frontier: Application Layer” in its entirety here.