We May Not Be Facing a Full-Scale Cyber War, But The Battle Rages On

Many industry and government leaders have been discussing how the U.S. is now facing a full-scale cyber war and potential repercussions – from U.S. transportation, energy and communications systems being brought to a standstill, by hackers to ultimately creating enough chaos so that no one is untouched. These apocalyptic views of a cyber “Day After” are actually pretty far from reality, according to a recent study by the Organization for Economic Cooperation and Development. The report argues that these claims are exaggerated by the media and the chances that cyber attacks could create major problems are extremely unlikely.

Even if it’s true that U.S. interests have little to fear from a full-scale cyber war, it should noted that there are still – and will continue to be – battles raging in the field and trenches every day. The reality is that financial services companies, major corporations, nonprofits and governments are constantly under siege by hackers who are very innovative, nimble and think well ahead of the curve.

The most simple of battle strategies is to safeguard all web-based applications – an organization’s frontline for dealing with customers, while also serving as the “door front lines” for hackers to attack. As highlighted by Aberdeen Group, application security needs to be done right the first time, right at the source, prior to deployment. This contrasts with the philosophy of some who think that they don’t need to focus on these applications, but instead throw up an application firewall, or do a quick penetration test to see if their Internet presence is secure.

Moving away from the “find and fix” approach to application security can be detrimental. Most experts agree that applications should be “bullet proofed” prior to deployment, and the best method for determining the total pre-deployment risk is to assess Internet and intranet applications using a blend of manual and automated analyses.

As I have highlighted before, this combination of approaches will give a much more comprehensive view of an application’s risk to a company. This approach provides a deep analysis that is comprehensive and highly reliable. While automated tools are effective at finding some issues, there is not substitute for software security experts looking at source code. As Microsoft says – “An experienced human reviewer is still capable of identifying issues that would be missed by tools. As long as a human can be the cause of security problems, a human should also be a part of the solution.”

When going into battle, companies and organizations need to protect themselves with the right armor for defending their most important assets. Complacency is not an option. An application breach can cause untold bottom-line and reputational damage.

About the Author:

Greg Reber is the founder and CEO of AsTech Consulting. Since 1997, AsTech has helped Fortune 1000 companies meet the challenge of securing their information assets. In 2001, AsTech was among the first to see the emerging threat posed by customer-facing Internet applications and developed an application vulnerability assessment solution which has continuously evolved to meet today’s threat environment head-on..