The trusted alternative to mass market instant messaging solutions
Boost communication by inviting thousands of members in dedicated chat rooms!
Cryptobox provides businesses and organizations with a sharing and collaboration solution to secure internal and external exchanges, using end-to-end encryption.
Cryptobox is the first secure sharing and collaboration solution to provide end-to-end data encryption, whether your device is a smartphone or a computer.
The digital transformation affects all businesses and organizations, from the smallest to the largest. This transformation brought about by technological developments offers many benefits:
To meet the new challenges of mobility and remote work, Ercom has developed Cryptosmart PC, a sovereign VPN solution to secure the connections of your remote Windows computers.
Cryptosmart is the only “Restricted” French & NATO certified solution, jointly developed with Samsung, to secure end-to-end mobile communications on consumer devices.
Cybels Hub DR, the first "Restricted" level accredited cloud solution to help inter-entity collaboration in a secure environment with partners! Collaborate in voice or videoconferencing, exchange data with your partners, all at the "Restricted Distribution" level, on a cloud operated and secured by Thales.
Posted 4 janvier 2019
All employees in an organization use applications. Whether on a local computer, a server on site or in the cloud, as a service, on a mobile or tablet… Applications are important, and for good reason, as they allow us to work more efficiently.
But applications are synonym of threats. The software you use every day can be vulnerable to cybercriminal attacks. Security breaches can disrupt your entire information system and your business.
All software and applications, regardless of distribution channel and usage patterns, are developed by cross-functional teams that work for months to create a useful tool for professionals. However, design or implementation errors can be made. These notorious flaws can be purely functional, while others can create security vulnerabilities. It is therefore common for applications to be updated to correct these flaws and vulnerabilities.
This is a classic approach in the iterative process of creating applications. Major issues appear however when publishers neglect security during the design phase, take too much time to fix a vulnerability, or decide altogether not to fix it. This is a situation that can affect any type of tool, including operating systems, as shown in this example with Windows, about a vulnerability that has been corrected… 19 years after its first identification.
Most of the time however, developers are responsive and correct vulnerabilities in a matter of days or weeks. This does not necessarily solve all of the problems, because IT departments do not always have a centralized management console to force updates, and need to rely on users. With the lack of time or interest, it is an approach that can lead to oblivion and leave a gaping digital opening available for all attackers to use.
There is a wide variety of application threats. For users, they are all likely to lead to the same result: alteration, theft or leak of data and confidential information.
Once a malicious individual has the means to penetrate a system through a security breach, the threat spreads very quickly. Ignoring application threats is like giving strangers the keys to a safe.
It becomes easy to steal strategic plans, sensitive information or patents, which can be passed on or sold to a competitor, or exposed on the dark web. Your employees’ personal information, which you are responsible for under the GDPR, may also be exposed, including pay slips, contracts, annual reviews, social security numbers, etc.
In addition to theft, data can also be corrupted: what if your customer database is encrypted by an attacker, or if your financial and business data are modified or deleted?
Application threats are multiple and changing. This list includes, for example, “XML External Entity” in which exploitation of vulnerabilities within the code allows attackers to execute remote commands on a server, scan internal systems, and launch denial of service attacks.
Lack of logging and monitoring are also an interesting case, as they allow attackers to reinforce and extend their strategies to alter, extract, or destroy data.
As a key player in securing data and information systems, the IT department is the first line of defense against application threats. All organizations, regardless of their size, are likely to fall victim to an attack one day. But the problem is that, as the 2018 Ponemon Institute study has highlighted regarding application security, there are deep internal disagreements between IT and operational managers. For 48% of operational managers, application performance and speed must take precedence over safety. Two thirds of IT managers believe there should not be any compromise between performance and security in terms of priority.
The good news is that organizations are becoming more aware of the issues. This is the case for 64% of organizations that consider the next attack will come from an application. However, between intentions and actions, the gap is still large: only 25% of organizations have announced significant investments to bridge that gap.
Due to their vast diversity, application threats cannot be mitigated by a single solution. The best cure will always be a set of good practices and preventive actions. A few examples:
Application threats are a major challenge for IT departments, sometimes underestimated by users, and must be managed strategically. This approach requires a holistic vision, as it affects all components of the business at all operational levels. Preventing threats means having the right tools at the right time on the right devices, with users trained and made aware of the realities and potential consequences.
Cet article vous a plu ? N'hésitez pas à le partager