“Cybersecurity” is a broad term that encompasses all the technologies geared towards protecting networks and computers, along with the software and data kept on them. In recent years, people have started to talk about “website” and “app” security as a self-contained topic, different in several ways from other areas of cybersecurity
This article takes a look at some of those “unique” aspects. One of the biggest issues with website and app security is that risks are constantly and quickly evolving. As the internet continues to grow – with an extra 1 billion users and 10 billion connected devices by 2020 – these problems are likely to become more complex, particularly in the business sphere.
It’s also demoralizing for smaller businesses whenever it becomes apparent that even the big players are not immune. Throughout 2016, it was virtually impossible to get through one day without hearing about some security breach or hacking scandal.
Research conducted by Securi suggests that around 1% of websites online (that’s about 9 million) are compromised. With all this in mind, it’s understandable that companies want to protect their websites and web apps.
So what do you need to know to safeguard your business? Understanding these five trends will help keep you on the right track.
Industry leaders and governments are driving changes
We can see a concrete example of this point in a fairly recent event. Whilst there are a number of factors that have contributed to the widespread adoption of SSL certificates (also knowns as HTTPS encryption), the announcement from Google that they would use HTTPS as a ranking signal was one of the biggest incentives for webmasters.
The key point here isn’t so much HTTPS encryption, as it is the ability of big companies like Google to set industry standards. Search engines, on which most online businesses are dependent in some way, are the obvious example but legislation is another key area to consider.
Governments are increasingly adopting clear positions in regards to online security, and passing laws and regulations accordingly. It will be vital in the future that developers are aware of the demands of both big companies like Google and legislators, and that they tailor their security measures and software and web development processes accordingly.
A scarcity of security skills is prompting the uptake of third-party tools
One of the biggest areas of growth in cybersecurity over the last few years has been the development of third-party software aimed at developers. There’s often an assumption on the part of businesses that developers have sufficient knowledge to adequately protect websites and apps from attack. Yet this isn’t always the case.
Automation is another key part of the picture in regards to the use of third-party software. Tools that allow developers to automate important aspects of the security testing process are vital for allowing the proper allocation of resources and for ensuring consistent and up-to-date testing in the long-term. The widespread implementation of automated processes is also allowing developers to focus their attention on app vulnerabilities that are difficult to detect with non-human technologies.
Mobile and IoT device hacking has increased
Because the focus of security developers has largely been on desktop browser-based apps, software for mobiles and other connected devices has been left somewhat vulnerable. And hackers are increasingly taking advantage of these opportunities.
The fast-growing ecosystem of devices that make up “the internet-of-things” also presents another prime hacking opportunity, one with potentially far more serious consequences than traditional website breaches. Neil Thacker of Websense says, “Once you connect 30 billion devices to the internet you are opening yourself up to a much bigger attack surface.”
Connected devices are now used for everything from tracking a user’s location to managing and monitoring hospital equipment. Think of the havoc hackers could wreak if they are able to disrupt these systems.
Customers’ responsibilities are being highlighted
In any discussion about web security, it’s always important to highlight the issue of human weakness. The fact that most consumers are unaware of security threats, particularly in regards to B2C, but also within the B2B sphere as well, is a cause of mounting concern.
Companies are addressing this problem in two ways. First, the integration of mandatory two-step authentication into apps is becoming increasingly common. This is especially true in areas where security is of vital importance, such as banking. Examples include messaging a pin number to users after they have entered their password or requiring further security details when a login attempt is made from a new location.
Secondly, users are actively being encouraged and advised to adopt safer browsing habits, particularly in the way that they use and store passwords and share data online. A host of consumer-facing software providers, like Lastpass, are making it easier to automate certain aspects of a secure approach to internet use.
Increased demand for website and app development is fuelling innovation and increasing risk
The huge increase in the demand for web apps and complex site architecture is something of a double-edged sword. Whilst it has pushed app-related security issues into the limelight and resulted, as mentioned, in the creation of a host of third-party apps, it has also prompted development companies to streamline and speed up their processes to meet the increased demand. In many cases, security has suffered as a result.
Attempts to address problems arising from this phenomenon have taken a number of forms. In particular, organizations are structuring their processes around a DevOps approach. This allows for speedy completion of projects whilst taking advantage of expertise from a number of key people and departments within the organization.
Whilst the online security space is changing at a rapid pace, the problems are largely of application. The goals of developers – the protection of online data and software – remain the same. It’s the methods used to counter threats that are evolving.
More devices and more users mean greater risk. It’s vital that companies of all shapes and sizes work from an understanding of the nature of these risks when shaping their approach to website and app development. Not only will they be providing a safer experience for their customers, but it’s very likely that they will save both time and resources in the process.