Iflexion
How Website and App Security is Progressing and What it Means For You

How Website and App Security is Progressing and What it Means For You

“Cybersecurity” is a broad term that encompasses all the technologies geared towards protecting networks and computers, along with the software and data kept on them. In recent years, people have started to talk about “website” and “app” security as a self-contained topic, different in several ways from other areas of cybersecurity

This article takes a look at some of those “unique” aspects. One of the biggest issues with website and app security is that risks are constantly and quickly evolving. As the internet continues to grow – with an extra 1 billion users and 10 billion connected devices by 2020 – these problems are likely to become more complex, particularly in the business sphere.

It’s also demoralizing for smaller businesses whenever it becomes apparent that even the big players are not immune. Throughout 2016, it was virtually impossible to get through one day without hearing about some security breach or hacking scandal.

Latest Yahoo Hack is the Largest Data Breach to Date

Research conducted by Securi suggests that around 1% of websites online (that’s about 9 million) are compromised. With all this in mind, it’s understandable that companies want to protect their websites and web apps.

So what do you need to know to safeguard your business? Understanding these five trends will help keep you on the right track.

  1. Industry leaders and governments are driving changes

We can see a concrete example of this point in a fairly recent event. Whilst there are a number of factors that have contributed to the widespread adoption of SSL certificates (also knowns as HTTPS encryption), the announcement from Google that they would use HTTPS as a ranking signal was one of the biggest incentives for webmasters.

The key point here isn’t so much HTTPS encryption, as it is the ability of big companies like Google to set industry standards. Search engines, on which most online businesses are dependent in some way, are the obvious example but legislation is another key area to consider.

Governments are increasingly adopting clear positions in regards to online security, and passing laws and regulations accordingly. It will be vital in the future that developers are aware of the demands of both big companies like Google and legislators, and that they tailor their security measures and software and web development processes accordingly.

  1. A scarcity of security skills is prompting the uptake of third-party tools

One of the biggest areas of growth in cybersecurity over the last few years has been the development of third-party software aimed at developers. There’s often an assumption on the part of businesses that developers have sufficient knowledge to adequately protect websites and apps from attack. Yet this isn’t always the case.

Automation is another key part of the picture in regards to the use of third-party software. Tools that allow developers to automate important aspects of the security testing process are vital for allowing the proper allocation of resources and for ensuring consistent and up-to-date testing in the long-term. The widespread implementation of automated processes is also allowing developers to focus their attention on app vulnerabilities that are difficult to detect with non-human technologies.

  1. Mobile and IoT device hacking has increased

Because the focus of security developers has largely been on desktop browser-based apps, software for mobiles and other connected devices has been left somewhat vulnerable. And hackers are increasingly taking advantage of these opportunities.

The fast-growing ecosystem of devices that make up “the internet-of-things” also presents another prime hacking opportunity, one with potentially far more serious consequences than traditional website breaches. Neil Thacker of Websense says, “Once you connect 30 billion devices to the internet you are opening yourself up to a much bigger attack surface.”

How Prevalent is Smart Technology in US Homes

Connected devices are now used for everything from tracking a user’s location to managing and monitoring hospital equipment. Think of the havoc hackers could wreak if they are able to disrupt these systems.

  1. Customers’ responsibilities are being highlighted

In any discussion about web security, it’s always important to highlight the issue of human weakness. The fact that most consumers are unaware of security threats, particularly in regards to B2C, but also within the B2B sphere as well, is a cause of mounting concern.

Companies are addressing this problem in two ways. First, the integration of mandatory two-step authentication into apps is becoming increasingly common. This is especially true in areas where security is of vital importance, such as banking. Examples include messaging a pin number to users after they have entered their password or requiring further security details when a login attempt is made from a new location.

Secondly, users are actively being encouraged and advised to adopt safer browsing habits, particularly in the way that they use and store passwords and share data online. A host of consumer-facing software providers, like Lastpass, are making it easier to automate certain aspects of a secure approach to internet use.

  1. Increased demand for website and app development is fuelling innovation and increasing risk

The huge increase in the demand for web apps and complex site architecture is something of a double-edged sword. Whilst it has pushed app-related security issues into the limelight and resulted, as mentioned, in the creation of a host of third-party apps, it has also prompted development companies to streamline and speed up their processes to meet the increased demand. In many cases, security has suffered as a result.

Attempts to address problems arising from this phenomenon have taken a number of forms. In particular, organizations are structuring their processes around a DevOps approach. This allows for speedy completion of projects whilst taking advantage of expertise from a number of key people and departments within the organization.

Conclusion

Whilst the online security space is changing at a rapid pace, the problems are largely of application. The goals of developers – the protection of online data and software – remain the same. It’s the methods used to counter threats that are evolving.

More devices and more users mean greater risk. It’s vital that companies of all shapes and sizes work from an understanding of the nature of these risks when shaping their approach to website and app development. Not only will they be providing a safer experience for their customers, but it’s very likely that they will save both time and resources in the process.

If you’re interested in learning more about web app development and security then please get in touch. We have a host of services tailored to meet the specific needs of your business.

John Barnett

  • Masha Marinina

    Keeping our connected devices secure, whether we are looking at a smartphone, a beacon in an airport or an island of corporate servers at a secure site, is becoming harder and harder to manage. This article was written before the Wannacry ransomware attackin May -that created chaos at places that maintain trusted and secret data, such as Britain’s National Health service (NHS).The threat was rapidly halted by a young English employee at an anti-hacking company, who was hailed as a hero. A couple of monthslater, the FBI arrested him for hacking activities related to Kronos, the notorious banking malware. It has been pointed out that the good guys are very hard to distinguish from the bad guys, because they have to go “undercover” to get access to the malware and the players behind it, so this young Mr Cummings could indeed be innocent.

    The problem is that most “civilians” do not have the first clue how to protect themselves from cyberattacks and do not recognise it. It happened to me last month: I received an invite via Facebook Messenger to view a video of her young daughter. This was not an unusual or unexpected request. I even went so far as to click the link -but as soon as I saw the site, I knew this was not a place I wanted to be. Fortunately, you had to click on the site before you could get compromised. Facebook was quick to intercept the virus and had a disinfection procedure for anyone who was compromised, but the fact that this was happening via a secure site like FB Messenger was scary.

    These cyberwars are going to escalate; there are countries and terrorist organizations out there, looking to exploit the Internet to their advantage. Perhaps the third world war will be started by pressing a download button on the Web, rather than a missile button on a desk. We are all still too complacent about cybersecurity -it’s not for sissies, or your in-house developers -call in the experts if you want to protect yourself.