The first concern in development is security and emerging online threats. According to the Global Development Survey 2017, released by Evans Data Corporation (EDC), only 31% of companies formalize cybersecurity policy. The 34 percent have an informal policy adopted by various departments, while roughly 25 percent have a piecemeal system defined within departments or none at all.
The data size of the survey was 1500 developers from different regions in different languages. The report reveals that APAC companies are most likely to have overall formal cybersecurity strategy. The businesses in North America and the EMEA region have informal policies, and businesses without policies are most common in EMEA.
The report shows 26%of developers globally developing apps to run on secure and trusted systems, but within the next six months, 19% expect to start doing so.
Internet threats and its solution
- The vulnerabilities like Heartbleed and ransomware like WannaCry, Spectre, and Meltdown flaws in Intel chips
- Growing hackers exploitation with sophisticated tools that hunt for known vulnerabilities of any website.
- A network of infected computer and devices
- Malicious internets traffic attacks such as an HTTPS Flood and DNS Amplification DoS Attack
- According to the survey conducted by Clutch, a leading research and reviews platform for business services, over 50% of websites collect visitors’ email addresses, creating the possibility of privacy breaches. Inconsistent security measures increase the risk of visitor’s privacy and greatest security risk to consumers. Clutch’s 2017 Website Security Survey included 302 site managers who built or maintain a web site for personal, business or other use.
- SSL misconfiguration
- Cross-site scripting attacks
- Malicious domain registrations & Phishing: According to the report of Anti-Phishing Working Group (AWPG), 2016, malicious use of the domain name system reached an all-time high, accounted for half of all domain names used for phishing in 2016. The AWPG report reveals 255,065 unique phishing attacks globally during 2016.
- Phishing: Cybercriminals set up web pages that masquerade as reliable brands, such as banks and e-commerce sites (PayPal, Yahoo, Apple), where they lure victims and by trick get sensitive information such as usernames, passwords, and credit card details.
- Domain shadowing: When an unsuspected company’s DNS settings are manipulated to insert multiple phishing sites onto the firm’s servers.
- Defacement: Original content replaced with the material put by cyber-criminals to push their agenda.
- SEO spam attacks: Once hacker gain access to the site, deploy files containing SEO keywords and link them to untrustworthy websites.
(2017) Equifax data breach exposed personal information of 145+ million people. The Property Claim Services estimates that cyber-insurance would cover approx. $125 million of loses from the incident.
- Automatically and regularly updated antivirus software and anti-spyware: Automation of security products in response to changing the environment and to protect against viruses, spyware, and other malicious code. Fast removal of malware, hack repair and blacklisting by Google, Norton, and McAfee.
- Deployment of Firewall to block malicious traffic and requests. It would encrypt information and make it secure and hidden.
- Continuous monitoring and scanning to detect security holes or issues and get automatic remediation capabilities.
- Site owners keep their systems up to date which includes Operating System, applications, and add-ons.
- Proper Server Ecosystem: To keep the business running smoothly, hosting provider offers Backup & Restore Solution. Even if worst happens, a perfect backup makes it possible. Even, if you are on cloud computing, it is recommended to have a robust backup solution.
- Businesses take active measures to protect their web hosting and email services.
- Pay attention to the destination URL, while entering credentials.
- Get familiar with file Structure and review it periodically for changes or suspicious content.
- Use strong passwords which include capital letters, lowercase letters, numbers, special characters and random structures.
CyberInsurance – Insuring against hacks and breaches
According to the Organisation for Economic Co-operation and Development, the US cyber-insurance market is blooming with around $3 billion premiums and growing steadily at a rate of 30% every year. The insurance company has created the model or algorithm to quantify different types of risks to calculate the premium.
The policies tend to accommodate:
- First-party liability coverage which includes online extortion payments, renting temporary facilities during an attack, and lost business due to systems failures, cloud or web hosting provider outages, or even IT configuration errors.
- Lower deductibles and coverage for hardware replacement costs
- Third-party liability coverage associated with breach class-action lawsuits or settlements.
- The additional coverage for customers adopting specific technology partners.
- Allianz in partnership with Aon, Apple, and Cisco
- Chubb with CrowdStrike and FireEye
- XL Catlin with Clarium, Venable, and NetDiligence
- Zurich with access to Deloitte cybersecurity consulting services
Organizations & Laws
- From May 25, The European Union General Data Protection Regulation would go into effect
- Malware and Mobile Anti-Abuse Working Group M3AAWG, an organization that aims to fight abuse of internet infrastructure
- eQualit.ie, a Canadian-based nonprofit offers Deflect Service to protect against DDoS
co-founder: Dmitri Vitaliev