By now we've all heard the news. Car rental behemoth, Hertz, is suing Accenture for $32 million for their failure to deliver "viable web and mobile applications". In fact, Hertz claims that the project needed to be "scrapped" entirely due to "serious security vulnerabilities and performance problems" which were in part due to Accenture's failure to perform adequate security testing. What tests they did perform, "were seriously inadequate, to the point of being misleading." Just one week later, Accenture's stock suffered a downgrade.
Fortunately, Accenture's fate was entirely avoidable. Here are three recommendations you can implement today:
1) Don't rely on internal security audits
This cannot be overstated. Seriously. Do not rely solely on internal testing. A full 75% of web applications tested by Silent Breach "presented high or critical vulnerabilities that could have led to a data breach, or even total compromise of the website." Remember, this is after they've passed through the gauntlet of internal testing and have already been deployed. If there's one thing to remember, it's that web design agencies excel in web design, while cybersecurity firms excel in (you guessed it) cybersecurity.
Takeaway: Partner with a reputable cybersecurity firm to perform external vulnerability audits on all of your apps. Client's will love the extra layer of certification.
Not sure how to find a partner? Check out this article on How to Choose a Cybersecurity Firm.
2) Build security into the design
For those of us in the web design industry, cybersecurity simply cannot be an afterthought. True, compared with flashy designs and lightening performance, delivering airtight security can often feel like a thankless task. After all, a WebApp's security is usually vastly undervalued, right up until something goes wrong. Just ask Accenture. However, Silent Breach research shows that the vast majority of security breaches can be avoided by implementing simple security features in their design. So, the next time you're about to reach for that comfy jQuery framework, do some research around its vulnerabilities; you probably won't be surprised by what you find.
Takeaway: Baking security into your software from the start will highly reduce your clients' risk of exposure. And reflect positively back on your work.
Here are our Top 5 Tips for Hardening your WebApp Security.
3) Fight complacency with regular training sessions
Your product will only be as good as your people. By definition, then, a strong team will create strong products. The trick is to view digital fitness much like physical fitness: it's never a single-shot silver bullet, but a regular and effective routine that builds resilience and ability. To translate this into web design, consider holding monthly security trainings to keep your skills up to date and learn about the latest cybersecurity threats and trends.
Takeaway: Hackers are always working on new ways to breach your defenses. Stay one step ahead by holding regular training sessions and incentivizing continuing education.
About Silent Breach: Silent Breach is an award-winning provider of cyber security services for Fortune 500 companies. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and Internet of Things (IoT) industries.