Software competition opens door for cybercrime

2014-06-04 08:31 - Duncan Alfreds
Post a comment 0

Spam is the primary method of delivering malware. (Duncan Alfreds, News24)


Cape Town - Competitive pressure may be a contributing factor to the spread of malware, even as advances are made in software security, an expert has said.

"With the competitive capabilities right now to try and be the first, biggest and baddest, the development houses that are internal to the organisation are under severe pressure to deliver on certain things," Andrew Kirkland, Trustwave regional director for Africa told News24.

Software professionals have been shocked by the number and scale of recent security lapses.

Online retail giant eBay admitted that more than 140 million site users were exposed when hackers stole usernames and passwords, though the company denied that credit card numbers were compromised.

Adobe has been hit with a number of vulnerabilities in its popular Flash software that has seen the company scrambling to release patches with mixed success as it was forced to cope with cybercriminals who may potentially steal personal information.

Competitive pressure

"What happens is that all leads to vulnerabilities being built into the application itself and obviously with the US being as big as they are and starting in this process many years ago… security wasn't an issue then," said Kirkland.

In Trustwave's recently released security report, it emerged that the US hosts the majority of global malware and criminals could potentially use this malware to compromise system security.

The 2014 Trustwave Global Security Report found that the US hosts 42% of malware, followed by Russia at 13% and Germany (9%).

Kirkland said that as competitive pressure forced fast turnaround times for software development, engineers may overlook flawed infrastructure.

"So you have a lot of legacy mainframe, Microsoft servers, legacy applications still residing in many organisations' back-ends.

"A lot of guys tend to forget that those particular servers still exist especially if it's in archives. In the archives there's usually a lot of sensitive information."

Spam is the primary method of delivering malware. (Duncan Alfreds, News24)

In addition to malware placed on servers, employees are often responsible for downloading harmful software - knowing or not - on to company servers.

Information risk

A Check Point Software Technologies2014 Security Report found that users were mainly responsible for the downloading of malware.

"In fact, 14% of organisations experienced a user downloading malware every two hours or less in 2012. This year, that number increased by over three-fold to 58% of organisations," the company said.

Kirkland said that it was critical that companies became aware that sensitive information could be at risk because of the flaws in security.

"If a company hasn't woken up to the fact that they've got this sensitive information sitting in the back end like this they generally overlook it when they do their security assessments."

- Follow Duncan on Twitter
Read more about: trustwave  |  cybercrime

Read Fin24’s Comments Policy publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
Comments have been closed for this article.