• Second, the amount of money that can be made from online fraud and theft at relatively little risk compared to operations in the physical world inevitably makes such undertakings attractive. This means that both individuals on the make and organised crime are now becoming involved.
And a very sophisticated industry is also developing around the pursuit. Consider how the opponent has mobilized:
• In recent years, a growing number of hacker match-making sites have sprung up. These act in a similar fashion to a brokerage firm and bring people with a range of different skills together to target organisations more effectively.
• There are also various web sites that publish software vulnerabilities and make the hackers job all the easier.
• Hackers develop and sell automated hacking tools.
Business Software Assurance
The Achilles heel that has allowed this evolution is that applications are only as good as the software developers that wrote them. And most of those developers are not responsible for security.
So what can organisations do to protect themselves from the hacking threat more effectively?
The first thing is to adopt a Business Software Assurance approach for information security. BSA offers a good foundation to understand what threats and vulnerabilities could impact the business and what the likelihood is of problems occurring.
BSA involves introducing a formal methodology to help to determine what the real risks are. This enables businesses to focus on their true needs by formally documenting processes in order to ensure that issues do not end up falling through the cracks.
As part of the BSA process, it is crucial to gain an understanding of just how exposed the organisations systems are. The aim is to remove any flaws from the code in order to make it impenetrable to attack. More importantly, it is about adopting an inside out strategy that tackles root causes as opposed to simply employing outside in tactics that involve putting a protective wall around the problem.
As the world has moved online, it have brought all of its vices with it. An entire economy has sprung up online to support and feed a cycle of fraud and theft that leeches untold strategic and monetary value from supposedly safe data warehouses, and costs further billions to defend against with limited effect. The only path out of this reckless cycle is a strategy that focuses not only on the criminals that are after your data, but the vulnerabilities in your software infrastructure that they turn against you.
The author is director of product marketing at Fortify Software (www.fortify.com)
Sign up for Computerworld eNewsletters.