As networks, hardware, and software evolve, so does the approach of cybercriminals. Therefore, reports of cyber attacks and security breaches are becoming commonplace and are even more detrimental to the businesses and potential customers who are affected. Thanks to the advanced strategies of criminals who have learned how to circumvent hardware and network penetration, criminals are now gaining access to digital files and personal information using software and applications as the entry points. Case in point, it was recently reported by CNN that USIS, a major contractor providing background checks for the U.S. government reported a foreign government breach of their computer systems – almost no one is safe.
As Gartner recently reported, 84% of security breaches occur at the application layer and there has been a 68% increase in mobile application vulnerability disclosures. Because of this influx in attacks and the vulnerabilities in software and applications, security teams are facing tremendous pressure to learn how to secure their software and minimize risk to this sensitive data. The discussion of developers, IT teams, and decision makers must shift into a new focus and bring security to the forefront of application development.
Teaming up to present the webinar, Secure, Diverse and Highly Accessible Applications with SAP Fortify, Andrew Kay, HP Application Security Solution Architect and Andreas Gloege, SAP Quality Assurance Solutions, explain these new challenges in application security and ways to reduce risk and cost, and how to secure an entire software landscape using SAP Fortify by HP.
Two case studies, presented in the webinar, include the Sony Playstation network breach and the Heartland cybercrime case. The Sony Playstation breach occurred in 2011 and compromised around 77 million customer accounts. The breach shut the entire network down for 25 days and the total cost of damages/loss is estimated at more than $171 million. The Heartland cybercrime case affected at least 650 financial institutions when 94 million credit records were stolen. The total cost of damages was more than $140 million and in 2008, that was noted as the largest case of identity theft.
But, there is a way to prevent these cybercrimes and protect software and applications.
The current [reactive] approach to building software focuses on building, deploying, testing, and then fixing when vulnerabilities are exposed. This presents a much longer rework cycle, which proves to be timely, inefficient, and costly.
Instead, SAP Fortify by HP is end-to-end software security for the new style of IT, which can minimize risk and reduce costs. The approach is more efficient and factors in security as a main concern, rather than an afterthought.
In the webinar, Kay outlines the Fortify strategy, which focuses on:
- Application Assessment – Find security vulnerabilities in any type of software
- Software Security Assurance (SSA) – Fix security flaws in source code before it ships
- Application Protection – Fortify applications against attack in production
This shift of focus forays into the best practices for SAP application security and showing that finding security issues at design time instead of in production is easier and less expensive.