The time is ripe for high-profile website attacks. Indeed, in recent weeks we’ve heard tales of a wide variety of such activities. This growing trend has drawn the attention of the Obama administration, which has been emphasizing its cyber security initiatives. On that front, the Homeland Security Department, Mitre Corp. and the SANS Institute (News - Alert) have launched a website that provides a list of the top 25 technical software issues hackers exploit and offers guidance on how to gauge where their software is on the security continuum.
Although hacks of federal agencies and multinational companies draw most of the attention in the news, this particular effort was designed for small companies and non-profit organizations. In an Associated Press (News - Alert) story on this effort sources, Alan Paller, director of research at computer security organization SANS Institute, said that it can be difficult for these smaller entities to know whether the firms they hire to build their websites or provide their software are delivering adequately secure solutions.
Here’s an excerpt from the site: “CWE-89 - SQL injection - delivers the knockout punch of security weaknesses in 2011. For data-rich software applications, SQL injection is the means to steal the keys to the kingdom. CWE-78, OS command injection, is where the application interacts with the operating system. The classic buffer overflow (CWE-120) comes in third, still pernicious after all these decades. Cross-site scripting (CWE-79) is the bane of web applications everywhere. Rounding out the top 5 is Missing Authentication (CWE-306) for critical functionality.”
CompTIA's (News - Alert) 8th Annual Trends in Information Security study notes that information security is a top concern of senior IT professionals, with 49 percent rating it an upper half organization priority, compared to 35 percent two years ago. And nearly seven in 10 respondents say the severity of security threats their organizations face is on the rise.
“Like many IT investments, executives often wrestle with the return on investment of security expenditures,” according to CompTIA. “Quantifying the number of security breaches thwarted due to a particular hardware or software investment or staff training is not always possible. The data suggests expenditures on security software and IT staff training yields the highest perceived ROI among IT executives.”
Of course, no solution is ever completely secure, but understanding that security is important and educating organizations on what to look for relative to security are meaningful steps in the right direction. And the recent high-profile hacks should certainly awaken organizations to the importance of all of the above.
In recent weeks we’ve seen reports about hacks on the CIA’s website, the U.S. Senate’s website, and the Sony website, among others. Of course, in light of the federal government website hacks, it’s somewhat ironic that the federal government is offering guidance on how to secure websites. On the other hand, it has partnered with experts in the field, and addressing such significant concerns is probably better than ignoring them.
Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO West 2011, taking place Sept. 13-15, 2011, in Austin, Texas. ITEXPO (News - Alert) offers an educational program to help corporate decision makers select the right IP-based voice, video, fax and unified communications solutions to improve their operations. It's also where service providers learn how to profitably roll out the services their subscribers are clamoring for – and where resellers can learn about new growth opportunities. To register, click here.
Edited by Jennifer Russell