July 8, 2019
Cybersecurity is a vast, increasingly serious subject in the world of IT, and, realistically, the world in general. Software has its own, distinctive role in cybersecurity. Hackers frequently target software applications. As a result, it’s useful to understand software’s vulnerabilities as well as countermeasures that can protect software from attack.
Cybersecurity, a (Very) Brief Overview
We hear a lot about cybersecurity these days, and with good reasons. Hacking, which used to be considered a nuisance, is now a serious problem that affects businesses, individuals and even entire nations. The topic gets a bit overhyped as a result. The essence of cybersecurity, however, is the protection of data and information assets, like computer systems, from unauthorized access.
With this unauthorized access, the attackers are usually interested in stealing data or disrupting IT systems as a means to disrupting a business or government. Their intent is invariably malicious or criminal in nature. Almost every tool and practice connected with cybersecurity is intended to detect, prevent or respond to such unauthorized access.
Why Hackers Target Software
Malicious actors generally target software because it gives them access to data. If you want to steal credit card numbers, for example, then attacking the Point of Sale (POS) software is a good way to accomplish that goal. Other times, hackers simply want to disrupt or paralyze an organization, so they go after its software. Rendering a company’s Enterprise Resource Planning (ERP) inoperable, for instance, will bring the owner’s business to a standstill.
How Hackers Breach Software Applications
There are many different ways to hack into a software application. The simplest, and one of the most common, is to either guess or steal a real user’s log-in credentials. The spear-phishing attack is frequently used to grab log-in credentials for corporate systems. More sophisticated software attacks may insert corrupted code into a program’s source code. This occurs sometimes with open source solutions, which assemble code from different sources, not all of it checked for malware. Another technique is to get inside an application via a second app. With APIs and machine-to-machine integration, it is possible to access an application without actually logging in as a user.
Preventing Software-Based Cyberattacks
Keeping hackers out of your software usually takes a multi-layered approach to defense. Good access controls are a must. It’s imperative that you know who has access to your applications and stay on top of users who leave your company. In our experience, it’s incredible how often a company will terminate an employee, but then forget to cancel that person’s user access to critical software programs like ERP.
Monitoring the infrastructure that runs software is another effective countermeasure. In many cases, it’s not the software that has the vulnerability. Rather, it’s a vulnerability like a server or workstation that gets left on, with the user logged in, that opens up a backdoor to a malicious actor. For malware insertions, it’s possible to administer code scanning programs that spot bad code before it gets compiled and put into production. This latter technique is growing more challenging as the development process speeds up with DevOps and comparable methodologies. Automation and AI can help here, checking code by machine and looking for anomalies that no human being would ever see.
Additional Cybersecurity Resources
What is the C-Suite Thinking about Software and Technology?We recently published The 2019 C-Suite Software Sentiment Study. We surveyed over 500 executives about their thinking, planning and prioritizing for the increasingly mission-critical subject of software and...read more
The 2019 C-Suite Software Sentiment Study by the Business Software Education Center was conducted in May of 2019 with the goal of providing a mid-year check regarding what executives are thinking, planning and prioritizing on the increasingly mission-critical subject of software and technology.read more
Stay Up to Date With The Latest News
Meet Our Sponsor
With an experienced and dedicated team of IT service providers and software consultants, MIBAR provides customers with a one-stop shop for all of their business technology needs.
Join Our NewsletterGet the latest information and resources on business technology.
Follow us on social media to stay up to the date with the lastest content.