Cyberattacks are the third most likely risk—after extreme weather and natural disasters—to international business, according to World Economic Forum’s “The Global Report 2018.”
- Businesses have seen cyberattacks double over the past five years.
- Critical infrastructure has come under increased attacks in magnitude and frequency.
The financial or economic consequences of cyberattacks are considerable. For instance, MoneyWatch reported that losses stemming from the WannaCry ransomware reached around $4 billion U.S. in more than 150 countries.
Few software developers follow practices that are optimal in maintaining security. In just one widespread example: the common wisdom about passwords strength and changing passwords frequently is made largely inadequate by the massive computing power that hackers employ to brute-force attack passwords.
No software system can ever be made 100% invulnerable. Yet certain thoughtful approaches can harden application security.
Too often, engineering security is left to the end of the software development process.
“Unless security is a fundamental aspect of system architecture, it is an illusion,” says David Bodnick, president, WebINTENSIVE Software. Bodnick and his team have engineered systems that have undergone successful ISO 27001 and ISO-9001:2008 audits and won the first-ever European Privacy Seal.
Security By Design
In contrast, following a “Security by Design” approach leads to significantly greater hardening. With this approach, thoughtful attention is given to each system’s specific, individualized security needs from the earliest stages of creating the system architecture.
Security by Design includes understanding in detail exactly how each type of user will interact with different parts of the system, identifying the resulting potential vulnerabilities, and the crafting of specialized testing scenarios to help mitigate the risks.
Any effective security strategy entails a multifaceted approach, individually tailored to the specific system. Some elements might include:
- Using skilled engineering practices to minimize code surface area. This presents less opportunity for a breach or attack. (It also brings the additional benefits of greater speed, quality control, and scalability.)
- Penetration testing.
- Multi-factor authentication.
- A password encryption approach that includes thousands of hash iterations—no matter how complex a password you choose, a strong algorithm that loops thousands of times is needed to avoid brute force attacks.
- Uniquely tailored testing protocols.
- Ongoing maintenance to update libraries and frameworks.
To learn more about, contact us to set a time for a confidential, complimentary discussion with a security specialist.