This week marks the 25th anniversary of when the WWW was made available to the public. Security experts from Ipswitch, ForgeRock, Barracuda Networks and WhiteHat Security commented below.
Michael Hack, SVP of EMEA Operations at Ipswitch:
“Whilst Governments and regulators work to try and fix this with initiatives such as GDPR and the Data Privacy Shield, and technologists work around the clock to keep one step ahead of cyber criminals, we are still and are always likely to be playing catch up.
“There are steps businesses can take to help keep data safe. Ensuring that perimeter defences and secure file transfer technologies are up to date is key. As is making sure policies and regulations are adhered to. However, training the staff that both administer and use a Web enabled network is essential. A proper understanding of how to keep data safe and widespread recognition of common pitfalls is an essential tool in Web security. We might have come a long way since the Michelangelo virus which, in 1992 was expected to create a digital apocalypse by wiping all data on March 6, there’s still a long way left to go.”
Simon Moffatt, EMEA Director, Advanced Customer Engineering at ForgeRock:
“In reality, social networks, retailers and other websites have very little incentive to help protect users’ identities. A huge proportion of websites generate revenue through highly-targeted advertising, which is based upon the user’s personal information. Given this, it is in the website owner’s interest to actually encourage users to provide as much information as possible.
“Alongside limited government involvement, industry standards, or incentives to educate consumers about identity protection, it is not surprising to see that there has been a spike in identity fraud cases in recent times. Although the issue of identity fraud does not yet seem to be a mainstream concern, if the number of such cases continues to rise, it likely will be, sooner rather than later.”
Jason Howells, EMEA Director, MSP Solutions at Barracuda Networks:
“We are fast reaching a point where businesses are simply unable to effectively secure themselves with their internal resources. As the web threat landscape continues to rapidly change, it’s apparent that many of those internal IT and security professionals know in their hearts that they will likely buckle under the pressure.
“For service providers, this means it’s now virtually impossible to bid on an IT project that doesn’t include provisions for cyber security. Whether they develop that expertise internally or partner to deliver it doesn’t matter. Any proposal that doesn’t include a robust web security component is going to be dead on arrival.”
Ryan O’Leary, VP Threat Research Centre at WhiteHat Security:
“By prioritising the critical and high-risk security flaws for remediation, security professionals stand a good chance of reducing the number of days that serious vulnerabilities remain open to attack. They should also aim to participate in devops team meetings to drive the secure application agenda and plan to have both static and live code tested for vulnerabilities on a regular basis. It only takes one persistent hacker to leverage a single flaw to create what could become a catastrophic data breach incident. Businesses must create a culture of cross-team collaboration and cooperation to prioritise website security.”
The opinions expressed in this article belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.