Architecting Cyber Security

Corona Spiking Cyber Attacks?

After having decimated humans and animals internationally, the virulent corona has made inroads across the firewalls, the intrusion detection/prevention systems and the de-militarised zones(DMZ). Don’t get bogged down by these jargons, but the fact is hackers have been super active during the ongoing flu season. Cyber attacks have surprisingly spiked. Just recently, World Hearth Organization (WHO) was attacked (Source: Forbes) and such trends have increasingly been lately seen across many countries. In Italy alone, cyber attacks have increased by 200% during Corona regime.

Image: Corona & a specific cyber attack (Source: threatpost.com)

  • There is a hacker attack every 39 seconds.
  • In 2018, hackers stole 0.5B personal records and over 75% of healthcare industry was infected with malware in 2018-19.
  • Most companies take nearly 6 months to detect a data breach.
  • 95% of cyber security breaches are due to human error.
  • Cyber crime damage costs would hit $6 trillion annually by 2021.

Security attacks dent not only an enterprise image but also its competitive positioning. As a result, enterprise security businesses are evolving like never before. Today there are more than 500 companies alone in cyber security space; there were hardly a handful a decade ago (Source).

No doubt, these firms help us become secure. However, implementing & continuously upgrading such solutions come at a cost. For an SME (Small & Medium Enterprise), this means increase in the cost of operations and a dent in the profitability. So, what should these firms do if they want to enhance security quotient in their application/product without they having to spend too much on such solutions? The answer is obvious: build security in their offerings. But how? Let us delve onto one such idea – something not so commonly talked about.

Architecting Security: A Perspective on Software Dependencies

A software application relies on dependencies. A dependency arises at different times: it could arise either during system startup, application startup or during application execution/run time. Dependencies could be with libraries, third parties, registry keys (windows), configuration files (Unix), some expected inputs formats (from I/O operations or from user interfaces), required memory size, disk space usage or network availability.

Just imagine the scenario when one of these dependencies starts giving up – would your application still be reliable? Would it continue to behave the same way it is meant to be? And most importantly, how would you ensure that all dependencies that your application relies upon remain available, intact, robust & most importantly – “secure”?

At times & because of constraints (time, resource, cost, experience etc.) these potential outcomes may not be considered during application design, leading to dreaded un-handled exceptions. Such dependency failures could take many forms: from application crashes to sensitive data (e.g. passwords) being dumped on to screen or on to some file. In pursuit to identify such design flaws, attackers/hackers target such vulnerabilities & the exact time these dependencies get called. Once their research is done, they plan & execute such attacks.

So, what should we do to circumvent such malicious intent from these hackers?

  1. Identify all your application dependencies. The more legacy the application, the more likely the vulnerability.
  2. Take a closer look at the time of usage of such dependencies.
  3. Now try to block usage of such dependencies (e.g. dll, api) as & when they get called.
  4. Now see how your application behaves in such deprived conditions.
  5. Most of the time, you would notice that application crashes or sensitive data (e.g. passwords) gets dumped on to screen or onto some temporary file.

Let this be a food for thought as you architect your next application. At the same time, could this be a lever for your Competitive Advantage? Absolutely, yes. Show how your competitor’s application crashes and how yours doesn’t? This could be a good enough reason to win the First Movers Advantage as you design your next software application.

Author: Vijay Kumar is the Founder of DigitalFort Technologies (..). DigitalFort Technologies is an EdTech startup focussed on Cyber Security, Blockchain and Emerging Technology Consulting & Education. Vijay is a Speaker, Trainer, Moderator and Panellist across India, UAE and Europe and he has 11 US patents across SMAC (Social, Mobility, Analytics, Cloud), AI/ML, Video/Media, Security and Blockchain.

DigitalFort Offerings:

  1. Cyber Security: Security Audit, Vulnerability Assessment/Penetration Testing(VA/PT), Security Testing, Hardening (Routers, Servers, OS, DB etc.), Application & DB Security, Implementation and Digital Forensics, ‘WFH-How Not To Get Hacked’
  2. Blockchain Offerings: Consulting & Education
  3. Others: Python, Data Science & AR/VR Consulting & Education

Want to explore synergy or learn from industry experts, get in touch: vijay@digifortex.com

Want Live Online Education/Training by an Industry Expert on FinTech, Emerging Tech, Cyber Security and Leadership? Check out our Bouquet of courses:

To know more: Contact - Click Here