Is your software an open goal for cyber attacks?

12 June 2014
By Andy Lipinski, Secure Information Systems Director, MASS
Share |
Cyber-security is a major and growing concern for data-driven and digitally-reliant businesses.

Cyber-security is a major and growing concern for data-driven and digitally-reliant businesses.

Cyber-security is a major and growing concern for data-driven and digitally-reliant businesses.

Cyber-security is a major and growing concern for data-driven and digitally-reliant businesses.

For our increasingly data-driven and digitally-reliant businesses, cyber security is a major and growing threat. From Heartbleed to eBay, every week appears to bring a new story about cyber threats and the risks to online security.

In the past year alone, 93 per cent of large corporations and 87 per cent of small businesses reported a cyber breach, according to government figures, with each breach estimated to cost up to £850,000, not to mention damage to the organisation’s reputation. Organisations are beginning to take steps to protect themselves and improve their resilience to cyber attacks, but many are building flawed or incomplete defences.

Sir Iain Lobban, Director of GCHQ, stated that a staggering 80 per cent of cyber attacks could be stopped through basic information risk management, but experience suggests that few organisations get it right. IT systems that are not locked down, hardened or patched will be particularly vulnerable to an easily preventable attack. Employees’ use of ICT also brings risks to business, so it is critical for all staff to be aware of their personal security responsibilities.  

Security training and awareness can increase levels of expertise and knowledge and foster a security-conscious culture. These actions, however, will not eliminate cyber risks. They are a physical and reactive approach to security but companies also need to look at more proactive measures such as securing applications at the software code level.

With the rise of open-source software, code-level security is becoming an increasingly important issue. More and more companies are choosing to write their own code in-house, utilising open-source software, and while this can bring cost savings and greater application flexibility, it can also introduce significant security risks. Building security considerations into application design at the outset – by reducing the potential attack surface, creating trust zones and restricting data access, for instance – can all minimise the application’s vulnerability to cyber threats. These built-in defences can be more effective than later bolt-ons.

To achieve this, development teams need to understand potential security threats and how to create applications that are resilient to attack. However, expert software developers are not necessarily experts in software security. Training can bridge the gap and teach developers the key principles of secure-by-design coding. MASS works closely with organisations to assess their online security and advise IT teams on security threats and practices, ranging from social hacking and spearphishing, to Zero Day vulnerabilities, malware and Trojans as well as employees’ own devices and behaviours. Training programmes like ThreadStrong, offered exclusively by MASS in the UK, provide advanced security-focused e-learning for professional developers, to help them create applications that are inherently more resilient to attack.

Effective cyber security depends on holistic defences. While many organisations are rapidly improving their physical infrastructure and security policies, code-level security is often overlooked, creating a potentially costly vulnerability.

Further information

MASS online security assessments

ThreadStrong training programme

Andy Lipinski is Secure Information Systems Director at MASS, a specialist IT security provider and part of the Cohort Group. MASS offers free online health checks to help companies benchmark their cyber security capabilities and provides advisory and training services to improve resilience.
Share |
Related forum discussions
forum comment To start a discussion topic about this article, please log in or register.    

Latest Issue

E&T cover image 1605

"We visit Barcelona, one of the smartest cities in the world, to find out what makes it so special. What does it look like and what is the future?"

E&T jobs

  • Senior Development Engineer, Electronics

    Premium job

    Helmet Integrated Systems / Gentex Corporation
    • Letchworth Garden City, Hertfordshire
    • Competitive

    We are innovative, robust and fast growing business, whose main focus is to deliver continues improvement to existing products and offer new soluti...

    • Recruiter: Helmet Integrated Systems / Gentex Corporation

    Apply for this job

  • Smart Grid Research Engineer

    Premium job

    University of Strathclyde
    • Cumbernauld, Glasgow
    • Grade: 6/7* £26,537 - £37,768*

    Work as part of a growing dynamic team on a wide range of technical projects with particular emphasis on experimental validation and testing

    • Recruiter: University of Strathclyde

    Apply for this job

  • Electrical Asset Specialist

    Affinity Water
    • Hatfield, Hertfordshire

    Responsible for updating and writing electrical engineering standards, approved codes of practice and safe systems of work

    • Recruiter: Affinity Water

    Apply for this job

  • Senior Electronics Engineer

    York Instruments
    • York, North Yorkshire

    Senior electronics engineer to work as part of a team developing an MEG imaging system; working with the engineering team and external contractors.

    • Recruiter: York Instruments

    Apply for this job

  • Manufacturing Engineer - Circuit Card Assembly

    • Lostock Junction
    • Competitive Salary & Benefits

    What’s the opportunity?   Manufacturing UK is an integral part of the Operations Directorate whose principal mission is to ensure that MBDA’s deliverable commitments are met...

    • Recruiter: MBDA

    Apply for this job

  • High Voltage Engineer

    Premium job

    Essex X-Ray & Medical Equipment
    • Great Dunmow, Essex

    This High Voltage Engineer will provide design leadership for high voltage cable assemblies up to one megavolt.

    • Recruiter: Essex X-Ray & Medical Equipment

    Apply for this job

  • Team Leader - Flank Arrays

    BAE Systems
    • Barrow-In-Furness, Cumbria, England
    • Negotiable

    Team Leader - Flank Arrays Would you like to work in a unique role within the construction of the Astute Class submarines? We currently have a vacancy for a Team Leader - Flank Arrays at our site in Barrow-in-Furness. As a Team Leader - Flank Arrays, you

    • Recruiter: BAE Systems

    Apply for this job

  • Electronics and Software Engineer

    Copley Scientific Ltd
    • Nottingham
    • circa £35,000 per annum + bonus

    Develop new test equipment for the pharmaceutical industry. Good opportunities to grow and develop. Successful family-owned and managed business.

    • Recruiter: Copley Scientific Ltd

    Apply for this job

  • Bridge Test Facility Manager

    BAE Systems
    • Shropshire, Telford, England
    • Negotiable

    Bridge Test Facility ManagerWe currently have a vacancy for a Bridge Test Facility Manager at our site in Telford with our Land UK business.As the Bridge Test Facility Manager, you will be part of our Test & Trials team, working closely with the Mili

    • Recruiter: BAE Systems

    Apply for this job

  • Maintenance Electrician – Water Utilities

    United Utilities
    • Workington, Cumbria
    • Competitive salary + bonus & great benefits       

    A wide-ranging Maintenance Electrician role with United Utilities, serving millions in the North West.

    • Recruiter: United Utilities

    Apply for this job

More jobs ▶


Choose the way you would like to access the latest news and developments in your field.

Subscribe to E&T