A survey by Infosecurity Europe of 757 organisations has found that 75pc think their applications contain security holes that can be exploited by criminals.
Further, interviews conducted by Infosecurity Europe with a panel of 20 Chief Security Officers (CSOs) of large enterprises on the topic revealed that they are very concerned about the security of application code. They were especially concerned about the work carried out by developers working on mission critical web applications outsourced to third parties. Many of them said that they would welcome an initiative to raise awareness of security amongst the developer community and change their behaviour to make secure software applications a priority.
What they say
According to Professor Howard A. Schmidt, Director, Fortify Software and former Cyber Security Adviser to the White House, "this figure of three quarters of organisations having security holes based on application vulnerabilities, while dramatic, is unfortunately not that surprising. When organisations develop applications, quality is one of the highest priorities but security vulnerabilities are seldom recognized or fixed. Priority is often given to delivering application features and business benefits without the understanding of fundamental coding errors that lead to security issues. Cybercriminals are targeting applications to steal money and information, and they know all too well how to exploit vulnerabilities not only in commercial software but are also very adept in finding security holes in applications that are developed "in house". Business leaders need to set in place business software assurance processes including development practices designed to ensure that their applications are secure to protect the data of citizens, customers and shareholders from the new wave of threats from cybercriminals."
At the show
At Infosecurity Europe 2008 the subject of cybercrime and application security will be covered in a number of keynotes and seminars. In the interactive theatre, Fortify Software will present their new documentary, “The New Face of Cybercrime”. Visitors can be among the first to watch this groundbreaking feature. Directed by Academy Award®-nominated filmmaker Frederic Golding, it highlights the impact cybercrime has on consumers and businesses, and is tipped to win awards at independent film festivals this year. The film will be followed by an interactive panel debate led by Professor Schmidt, who also sits on Fortify Software’s Board of Directors.
The main focus of the film is to emphasis that the criminal, as well as the crime, has evolved. Where hackers were once young nerds who did it for fun or experimentation, now e-crime is the domain of organised gangs, often from Eastern Europe or China, who simply want to make money. Gone is any desire to embarrass website owners or just cause mindless e-vandalism. It’s no longer an ego boost or a method of earning bragging rights. It’s just about the cash. Their main targets are ecommerce web sites and the customer databases behind them. Databases that hold credit card numbers, expiry dates, PINs, addresses, and everything else that’s needed to empty a victim’s bank account. In many cases, the data isn’t used directly by the hackers, but is sold to other gangs.
Criminals sophisticated
“Today’s cybercriminals are highly sophisticated”, says Richard Kirk, VP EMEA for Fortify. “Their technical expertise is extremely good, as is their knowledge of the systems they’re trying to break into. They know the thresholds at which an online ordering system will seek additional verification of a customer’s identity, and take care to stay below it when placing fake orders. They also have at their disposal the resources of large organised crime gangs who are fully aware that the world’s police forces are woefully under-resourced for tracking down internet fraudsters. In the panel debate we will discuss the solutions to the problem of cyber-crime and application security.” And Claire Sellick, Event Director, Infosecurity Europe said, “The internet is here to stay, as is internet crime. With the relentless move online by all sorts of business and government agencies, e-crime will continue to evolve. As more coffee shops and libraries offer free, anonymous WiFi access, tracking down cybercriminals will get harder. So as hackers evolve, so must your efforts to defeat them.”
About Infosecurity Europe
Dedicated to information security, with 300 exhibitors, a showcase for products and services. Over 11,000 visitors are expected to attend this year’s event with many travelling from overseas to participate in the free education programme that addresses strategic and technical issues. Infosecurity Europe takes place at the Grand Hall, Olympia, London from April 24 to 26. To register to attend or for more information visit:
