New York, NY, May 18, 2012 --(PR.com
)-- Web, mobile and cloud application vulnerabilities are exposing US cyber assets to serious security risks, and the threat is growing by the day. But sometimes it takes more than just common sense to push people into action, even to protect themselves. Sometimes it takes the illuminating shock provided by cold, hard numbers, and if your realm of responsibility even remotely involves securing Electronically Stored Information (ESI) for a business, an agency, a corporation, a bank, a university, a hospital, or any other type of entity plugged into the digital world, the numbers revealed in technology studies conducted by Gartner and the Ponemon Institute should amply suffice. And let’s hope they do, because the next rung on the motivation ladder is the too-little-too-late reaction that always comes after actually being victimized. The latter option also comes with prohibitive costs, not only in dollars, but to reputation, and perceived integrity. Involving cyber security experts like Global Digital Forensics early, before it becomes an act of desperation, can substantially reduce the odds of things ever getting that far.
Are your applications safe?
In the Ponemon study, a whopping 72% of those surveyed said they test less than 10% of their applications. This may not be as eye opening if not for the fact that in the very same study 73% confessed to having been hacked at least once in the last two years. Coincidence? Maybe. But then you throw in the revelation by Gartner that 97% of tested web applications have vulnerabilities which could be exploited by a hacker, and you don’t need a Mensa club card to start drawing some fairly obvious conclusions. Add to the mix cloud and mobile applications that are being rushed into the marked every day at breakneck pace, and it’s fairly safe to say it is a potential catastrophe-in-waiting that could have devastating consequences if left unchecked and uncontrolled.
Joe Caruso, CEO/CTO of Global Digital Forensics has done testing for many Fortune 500 companies and has served in an advisory capacity on national cyber security for two US Presidents. He had this to say when asked about the studies, "You could say the road a hacker takes to their next victim is littered with good intentions and ill placed trust. I mean let’s face it; nobody wants to have a non-secure environment holding crucial data about their company, or their clients. Today we find at least the basics are being looked at; virus scanners are often in place, perimeter security is at least on the radar, and many organizations have finally taken the bull by the horns and implemented at least some form of an IT staff that has cyber security as part of their daily responsibilities. But the task can be daunting, especially when it comes to application security. Some organizations have thousands of applications, either on the web, incorporated into a cloud service, or even for mobile devices, and it’s so tough to really get a handle on it all because the battlefield changes every day. But the good intentions are there. So what logically happens next? Just to find some kind of breathing room, blind trust is placed into the hands of the application vendors. And looking at the 97% number from the Gartner study regarding application vulnerabilities, I’d say that blind trust is certainly misplaced, because they won’t be the ones on the hook when disaster strikes, you will, just read the liability agreement."
How can application security be improved?
The most effective application security measures are about prioritizing threats, both from a cause and effect standpoint. Full in-depth testing of every single application is normally not an option. It may be for a small organization with a very limited amount of apps, but for larger organization with thousands on the books and new ones getting implemented all the time, the man hours and costs associated with that kind of testing would be prohibitive to say the least. But all apps are not created equal. Some pose an insignificant threat, they don’t relate to critical company information or client data, or don’t provide the means to provide a gateway to an intruder, these would be a very low priority, but others may be a medium or high risk and should be looked at accordingly, but that still leaves a lot of room open for interpretation and still requires specialized tools, methods and expertise to approach the problem with any real hope for success. If you have five high priority threats identified where do you start? Experts like Global Digital Forensics that specialize in testing, identifying, prioritizing, and remediating threats are key. Or as Caruso put it, “There are not many places out there that have the resources, professional affiliations, personnel, tools and knowledge base that we have at our disposal. We live and breathe this stuff, we stay on top of the newest trends and threats. And when we’re done with our application security testing, our clients can breathe a lot easier.”
If you are interested in significantly improving you application security as well as other areas of your cyber security posture, contact Global Digital Forensic at 1-800-868-8189 for a free consultation, or visit www.globaldigitalforensics.co
for more information.
Global Digital Forensics is a recognized leader providing cutting edge solutions in the fields of computer forensics, eDiscovery, cyber security and 24/7 emergency intrusion incident response services. With offices in 16 US states and 30 offices spanning the continents, GDF's global reach is supremely positioned to react quickly and efficiently with a staff of highly qualified and experienced specialists virtually anywhere needed, nationally, as well as worldwide.