Application Security Assurance
Author:CSC Global Cybersecurity
When the discovery of the malware application named Stuxnet was announced, the real surprise, at least for the general public, was that software could reach out and harm something in the real world — in that case, reportedly damaging nuclear centrifuges. Since then, applications —whether used by criminals to enter an organization’s systems and launch far reaching threats or by public and private sectors to help drive their organizations’ value — have exploded in number, and so have risks.
Download the complete whitepaper (PDF, 1 MB)
Today’s cybercriminals agree. Whether funded by nations or organized crime, they have placed applications front and center as key targets of attack as they seek access to anything of value, ranging from military and financial data to critical infrastructure, intellectual property, and consumer and patient information. A recent example of criminals targeting an organization’s applications is the onetwo punch that Target disclosed in December 2013, involving 40 million payment card accounts, and in January 2014, involving 70 million consumers’ data.
Data isn’t the only target of choice for criminals, as the Stuxnet attack showed. Sophisticated malware also can attack the software that controls high-precision manufacturing, time-sensitive logistics delivery systems, as well as control systems for critical infrastructure. Security approaches that focus solely on IT infrastructure and ignore the operating technology that runs today’s industrial control systems cannot contain these types of threats.
“Organizations can no longer depend on traditional approaches to application security,” says Gordon Archibald, CSC Global Cybersecurity portfolio executive.
“Application vulnerabilities were the top-rated threat to the security of enterprise data (72 percent of executives rated it as a chief concern),” according to the 2013 Global Information Security Workforce Study CXO report from (ISC)2. One reason for applications gaining this top-rated vulnerability ranking is their increasing use of next-gen platforms and new programming languages, such as PEARL and Ruby on Rails, as they link to expanded supply chains, industrial control systems and mobile staff, customers and devices.
Download the complete whitepaper here (PDF, 1 MB)