Is your software an open goal for cyber attacks?

12 June 2014
By Andy Lipinski, Secure Information Systems Director, MASS
Share |
Cyber-security is a major and growing concern for data-driven and digitally-reliant businesses.

Cyber-security is a major and growing concern for data-driven and digitally-reliant businesses.

Cyber-security is a major and growing concern for data-driven and digitally-reliant businesses.

Cyber-security is a major and growing concern for data-driven and digitally-reliant businesses.

For our increasingly data-driven and digitally-reliant businesses, cyber security is a major and growing threat. From Heartbleed to eBay, every week appears to bring a new story about cyber threats and the risks to online security.

In the past year alone, 93 per cent of large corporations and 87 per cent of small businesses reported a cyber breach, according to government figures, with each breach estimated to cost up to £850,000, not to mention damage to the organisation’s reputation. Organisations are beginning to take steps to protect themselves and improve their resilience to cyber attacks, but many are building flawed or incomplete defences.

Sir Iain Lobban, Director of GCHQ, stated that a staggering 80 per cent of cyber attacks could be stopped through basic information risk management, but experience suggests that few organisations get it right. IT systems that are not locked down, hardened or patched will be particularly vulnerable to an easily preventable attack. Employees’ use of ICT also brings risks to business, so it is critical for all staff to be aware of their personal security responsibilities.  

Security training and awareness can increase levels of expertise and knowledge and foster a security-conscious culture. These actions, however, will not eliminate cyber risks. They are a physical and reactive approach to security but companies also need to look at more proactive measures such as securing applications at the software code level.

With the rise of open-source software, code-level security is becoming an increasingly important issue. More and more companies are choosing to write their own code in-house, utilising open-source software, and while this can bring cost savings and greater application flexibility, it can also introduce significant security risks. Building security considerations into application design at the outset – by reducing the potential attack surface, creating trust zones and restricting data access, for instance – can all minimise the application’s vulnerability to cyber threats. These built-in defences can be more effective than later bolt-ons.

To achieve this, development teams need to understand potential security threats and how to create applications that are resilient to attack. However, expert software developers are not necessarily experts in software security. Training can bridge the gap and teach developers the key principles of secure-by-design coding. MASS works closely with organisations to assess their online security and advise IT teams on security threats and practices, ranging from social hacking and spearphishing, to Zero Day vulnerabilities, malware and Trojans as well as employees’ own devices and behaviours. Training programmes like ThreadStrong, offered exclusively by MASS in the UK, provide advanced security-focused e-learning for professional developers, to help them create applications that are inherently more resilient to attack.

Effective cyber security depends on holistic defences. While many organisations are rapidly improving their physical infrastructure and security policies, code-level security is often overlooked, creating a potentially costly vulnerability.

Further information

MASS online security assessments

ThreadStrong training programme

Andy Lipinski is Secure Information Systems Director at MASS, a specialist IT security provider and part of the Cohort Group. MASS offers free online health checks to help companies benchmark their cyber security capabilities and provides advisory and training services to improve resilience.
Share |
Related forum discussions
forum comment To start a discussion topic about this article, please log in or register.    

Latest Issue

E&T cover image 1607

"As the dust settles after the referendum result, we consider what happens next. We also look forward to an international summer of sport."

E&T jobs

  • Design Delivery Leader, Palace of Westminster Restoration & Renewal (R&R) - Engineering Lead

    House of Commons
    • City of Westminster, London (Greater)
    • Circa £65,000 (There may be more for an exceptional candidate)

    You will lead on a number of engineering infrastructure and associated workstreams under direction from the Deputy Director

    • Recruiter: House of Commons

    Apply for this job

  • Senior Engineer, Network Equipment

    Energy Networks Association
    • Westminster
    • £49-58k per annum, dependent on experience

    Manage issues and working groups relating to all types of equipment and assets used on the UK Transmission and Distribution Networks.

    • Recruiter: Energy Networks Association

    Apply for this job

  • Programme Manager, Network Resilience

    Energy Networks Association
    • Westminster
    • Competitive salary, dependent on experience

    Co-ordinate the network resilience, emergency planning and the Single Electricity Number (SEN) work in the ENA Engineering team.

    • Recruiter: Energy Networks Association

    Apply for this job

  • Assistant Professor (Tenure Track) of Smart Building Solutions

    Premium job

    ETH Zurich
    • Zurich, Canton of Zürich (CH)

    The successful candidate is expected to develop a strong and visible research programme in the area of control and diagnostics of building systems

    • Recruiter: ETH Zurich

    Apply for this job

  • Process Controls Leader

    Premium job

    Phillips 66
    • Humber Refinery, South Killingholme, North Lincolnshire DN40 3DW
    • £60k - 75k plus extensive Compensation and benefits package, dependent upon experience

    Experienced Process Control Leader providing leadership and technical support for Oil Refinery. Extensive Compensation and benefits package.

    • Recruiter: Phillips 66

    Apply for this job

  • Regional Technical Support Manager

    Premium job

    Siemens
    • Warwick, Warwickshire

    You will be required to lead the regional Customer Services strategy and resources to maximise Customer satisfaction.

    • Recruiter: Siemens

    Apply for this job

  • Communications Engineer

    BAE Systems
    • England, Hampshire, Portsmouth
    • Negotiable

    Communications Engineer Would you like to play a key role supporting the UK's Maritime Communications Infrastructure? We currently have a vacancy for a Communications Engineer at our site in Portsmouth. As a Communications Engineer, you will be carrying o

    • Recruiter: BAE Systems

    Apply for this job

  • MetOp-SG Receiver Project Manager

    Science and Technology Facilities Council (STFC)
    • STFC Rutherford Appleton Laboratory, Harwell, Oxfordshire
    • £37,213 - £50,926 (depending on experience)

    Project Manager to oversee the development, production and test of spaceflight components and integrated receiver systems

    • Recruiter: Science and Technology Facilities Council (STFC)

    Apply for this job

  • Financial Controller

    MBDA
    • Stevenage
    • Competitive Salary & Benefits

    An opportunity has arisen to manage a diverse range of financial controlling activities within the Equipment Team (ET) and newly Centres of Excellence (CofEx) function...

    • Recruiter: MBDA

    Apply for this job

  • Weapon System Product Support Manager

    MBDA
    • Stevenage
    • Competitive Salary & Benefits

    The Opportunity An opportunity has arisen within MBDA?s Customer Support & Services organisation for a strong competent leader to deliver a key Weapon capability primarily...

    • Recruiter: MBDA

    Apply for this job

More jobs ▶

Subscribe

Choose the way you would like to access the latest news and developments in your field.

Subscribe to E&T