The first concern in development is security. According to the Global Development Survey 2017, released by Evans Data Corporation (EDC), only 31% of companies formalize cybersecurity policy. The 34 percent have an informal policy adopted by various departments, while roughly 25 percent have a piecemeal system defined within departments or none at all.
The data size of the survey was 1500 developers from different regions in different languages. The report reveals that APAC companies are most likely to have overall formal cybersecurity strategy. The businesses in North America and the EMEA region have informal policies, and businesses without policies are most common in EMEA.
The report shows 26%of developers globally developing apps to run on secure and trusted systems, but within the next six months, 19% expect to start doing so.
Internet threats and its solution
- Growing hackers exploitation with sophisticated tools that hunt for known vulnerabilities of any website.
- Network of infected computer and devices
- Malicious internets traffic attacks such as an HTTPS Flood and DNS Amplification DoS Attack
- According to the survey conducted by Clutch, a leading research and reviews platform for business services, over 50% of websites collect visitors’ email addresses, creating the possibility of privacy breaches. Inconsistent security measures increase the risk of visitor’s privacy and greatest security risk to consumers. Clutch’s 2017 Website Security Survey included 302 site managers who built or maintain a web site for personal, business or other use.
- SSL misconfiguration
- Cross-site scripting attacks
- Malicious domain registrations & Phishing: According to the report of Anti-Phishing Working Group (AWPG), 2016, malicious use of the domain name system reached an all-time high, accounted for half of all domain names used for phishing in 2016. The AWPG report reveals 255,065 unique phishing attacks globally during 2016.
- Phishing: Cybercriminals set up web pages that masquerade as reliable brands, such as banks and e-commerce sites (PayPal, Yahoo, Apple), where they lure victims and by trick get sensitive information such as usernames, passwords, and credit card details.
- Domain shadowing: When an unsuspected company’s DNS settings are manipulated to insert multiple phishing sites onto the firm’s servers.
- Defacement: Original content replaced with the material put by cyber-criminals to push their agenda.
- SEO spam attacks: Once hacker gain access to the site, deploy files containing SEO keywords and link them to untrustworthy websites.
- Automatically and regularly updated antivirus software and anti-spyware: Automation of security products in response to changing environment and to protect against viruses, spyware and other malicious code. Fast removal of malware, hack repair and blacklisting by Google, Norton, and McAfee.
- Deployment of Firewall to block malicious traffic and requests. It would encrypt information and make it secure and hidden.
- Continuous monitoring and scanning to detect security holes or issues and get automatic remediation capabilities.
- Site owners keep their systems up to date which include Operating System, applications, and add-ons.
- Proper Server Ecosystem: To keep the business running smoothly, hosting provider offers Backup & Restore Solution. Even if worst happens, a perfect backup makes it possible. Even, if you are on cloud computing, it is recommended to have a robust backup solution.
- Businesses take active measures to protect their web hosting and email services.
- Pay attention to the destination URL, while entering credentials.
- Get familiar with file Structure and review it periodically for changes or suspicious content.
- Use strong passwords which include capital letters, lowercase letters, numbers, special characters and random structures.
- Malware and Mobile Anti-Abuse Working Group M3AAWG, an organization that aims to fight abuse of internet infrastructure
- eQualit.ie, a Canadian-based nonprofit offers Deflect Service to protect against DDoS
co-founder: Dmitri Vitaliev