Today’s youth … tomorrow’s threat? It’s absolutely mindboggling that kids today know how to swipe an iPad before they learn how to talk or write. Don’t you agree?
Computers, handhelds, software – the interconnectedness once foreign to people like me are natural appendages to the future generation. Why am I bringing this up? The systems and software designed today were done so by a generation that had to painfully adjust their lives to the constant interruption or disruption of technology. We have integrated ourselves into this new reality time and time again.
However, tomorrow’s generation is integrated with technology almost from birth. Sociologically, we are at a disadvantage because this younger generation will easily find ways to compromise the systems we have designed using outdated technology paradigms. Perhaps this paradox is nothing new; however, the rate of technology invention will not outpace the rate of human innovation and the ability to compromise technology in the decades to come. If you don’t believe it, check out the news story below and try to catch your jaw from hitting the floor.
“British schoolboy, 16, 'took part in world's biggest cyber attack and was found to have significant amount of cash flowing through bank account’”
Adding some more logs to the fire, there are a number of companies beginning to dabble in the “digital black arts” (aka software development), whom traditionally have not done so in the past, such as consumer goods companies. Additionally, there are many more companies integrating software (Open Source or Commercial off the Shelf) into their environment. But, these companies often do not understand the associated risks that come with these initiatives. The question becomes: How can these companies manage these changes and manage risk?
Like any good problem, the solution requires a holistic and layered approach, starting with cyber security. There are many opinions out there regarding the layers of security needed to sufficiently address this growing threat; I, however, will just discuss one: application security.
It’s always interesting to me when we receive the phone call from companies, who are known to be the leader in their market, because they have a “situation.” The conversation usually starts off with a quick signing of an NDA, and then we’re immersed into the details of how the company has been compromised from not proactively paying attention to application security; and, before they go public, they need to make sure a solution is in place.
I have enormous amounts of respect for these companies, and I’m in awe of their incredible ability to execute ultra-complex, go-to-market strategies and build empires. However, when it comes to making sure their digital assets are locked down, they have fallen short and are unknowingly playing the cyber equivalent of Russian roulette. The C-level executives in these situations are typically speechless, having found out that after the millions of dollars and years of hard work spent building a loyal and strong customer base, it has rapidly started to erode in less time than it took my old Atari 2600 to boot up and load Pac-Man.
The cyber threat is here and it’s not going away. In fact, it’s growing at a rate that is mind blowing, and with new generations in the pipeline growing up with technology integrated from the start into their daily lives, we’re in for a ride.
Doing due diligence in having an independent come into your company to assess your application security readiness needs to be part of the corporate strategy as a planned, proactive activity. Your customers and shareholders deserve nothing less. It’s not the silver bullet per se, but part of a bigger holistic cyber security strategy that will at least keep your company in good standing and perhaps a half-step ahead of the bad guys in cyberspace.
By the way, this photograph is such a violation of my nostalgic memories. How dare someone comingle an iPhone with my beloved Atari 2600. As we would say back then, “Dude that’s totally cool … NOT!”
PSC, Vice President