Digital security concept

Changing threat landscape for app security

Pro
(Source: Stockfresh)

22 February 2017

The threat landscape in information security is changing.

New vectors, attack surfaces and motivations of threat actors are creating a different scenario for both vendors and organisations in providing protection. But new technologies too, are complicating the task faced by security professionals.

There has been a focus recently on the user, with targeted attacks focusing on individuals to try to gain access to an organisation’s systems. But other methods are emerging too.

“Up to 80% of cyberattacks are now focused on applications, over more tradition means of ingress”

Various analysts, experts and commentators have predicted that automation coupled with artificial intelligence (AI) will see a whole new breed of cyberattacks in the near future.

Another prediction is that the data itself may not be the sole target, as it has been heretofore. Now, instead of trying to steal data, hackers may try to manipulate it instead for gain. No longer will personally identifiable data (PID) be the main prize, manipulating the likes of financial reports, pricing, studies or trials could all be a means of achieving more nefarious ends, experts have said.

Increasingly, hackers are looking to attack applications too. One study suggests that up to 80% of cyberattacks are now focused on applications, over more tradition means of ingress such as people or infrastructure.

The applications themselves are also a source for concern. A study by one code analysis firm found that a confluence of developments, from the increasing speed of development, the DevOps phenomenon and the proliferation of open source, means that many applications emerge with known vulnerabilities included.

The most recent State of Software Security (SoSS) report found that a staggering 97% of all Java applications scanned for the report used a component that had a known vulnerability.

However, the report also found that from late 2015 into 2016 fix rates for application vulnerabilities are improving with 54% of vulnerabilities being fixed within time period, up from 51% for a similar period the previous year, but this contrasts with an 80% fix rate in manufacturing, indicating that there is some way to go.

Another complication in the application security landscape is the fact that organisations are increasingly leveraging hybrid infrastructures that can encompass on-premises systems, Software as a Service, Platform as a Service and Infrastructure as a Service, as well as hybrid cloud, and the picture becomes even more complex.

Traditional solutions in the area often favour either the more traditional application infrastructures or are more cloud focused and may not extend well back to the premises.

Understanding the nature of your applications, their supporting services and your risk profile and appetite is critical to ensuring your organisation’s applications remain secure, resilient and available.

To address these issues, TechFire, in association with F5 Networks, will look at the complexities of today’s applications, how they are hosted and the threats they face. With expert speakers for both a global and local perspective, and an end-user experience from David Cahill, security strategy and architecture manager, AIB, TechFire will provide insights on what needs to be done to meet today’s challenges.

This free event takes place on Wednesday 1 March at the Gibson Hotel in Dublin. For more information and to register see techfire.ie

 

TechCentral Reporters

Read More:


Comments are closed.

Back to Top ↑