Software competition opens door for cybercrime

accreditation
Cybercrime. (AFP)
Cybercrime. (AFP)
Cape Town - Competitive pressure may be a contributing factor to the spread of malware, even as advances are made in software security, an expert has said.

"With the competitive capabilities right now to try and be the first, biggest and baddest, the development houses that are internal to the organisation are under severe pressure to deliver on certain things," Andrew Kirkland, Trustwave regional director for Africa told News24.

Software professionals have been shocked by the number and scale of recent security lapses.

Online retail giant eBay admitted that more than 140 million site users were exposed when hackers stole usernames and passwords, though the company denied that credit card numbers were compromised.

Adobe has been hit with a number of vulnerabilities in its popular Flash software that has seen the company scrambling to release patches with mixed success as it was forced to cope with cybercriminals who may potentially steal personal information.

Competitive pressure

"What happens is that all leads to vulnerabilities being built into the application itself and obviously with the US being as big as they are and starting in this process many years ago… security wasn't an issue then," said Kirkland.

In Trustwave's recently released security report, it emerged that the US hosts the majority of global malware and criminals could potentially use this malware to compromise system security.

The 2014 Trustwave Global Security Report found that the US hosts 42% of malware, followed by Russia at 13% and Germany (9%).

Kirkland said that as competitive pressure forced fast turnaround times for software development, engineers may overlook flawed infrastructure.

"So you have a lot of legacy mainframe, Microsoft servers, legacy applications still residing in many organisations' back-ends.

"A lot of guys tend to forget that those particular servers still exist especially if it's in archives. In the archives there's usually a lot of sensitive information."

undefined
Spam is the primary method of delivering malware. (Duncan Alfreds, News24)

In addition to malware placed on servers, employees are often responsible for downloading harmful software - knowing or not - on to company servers.

Information risk

A Check Point Software Technologies2014 Security Report found that users were mainly responsible for the downloading of malware.

"In fact, 14% of organisations experienced a user downloading malware every two hours or less in 2012. This year, that number increased by over three-fold to 58% of organisations," the company said.

Kirkland said that it was critical that companies became aware that sensitive information could be at risk because of the flaws in security.

"If a company hasn't woken up to the fact that they've got this sensitive information sitting in the back end like this they generally overlook it when they do their security assessments."


- Follow Duncan on Twitter
We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For only R75 per month, you have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today.
Subscribe to News24
Rand - Dollar
15.13
+0.8%
Rand - Pound
20.50
-0.2%
Rand - Euro
17.16
-0.2%
Rand - Aus dollar
10.85
-0.1%
Rand - Yen
0.13
-0.2%
Gold
1,834.78
0.0%
Silver
24.30
+0.0%
Palladium
2,111.50
0.0%
Platinum
1,034.00
0.0%
Brent Crude
87.89
-0.6%
Top 40
68,186
-2.1%
All Share
74,835
-1.9%
Resource 10
74,924
-3.0%
Industrial 25
94,147
-1.8%
Financial 15
15,076
-0.2%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot