During the Philippine Software Industry Association’s (PSIA) 34th Enablement Seminar, which primarily focused on cyber security, various experts shared their knowledge and insights to chief technology officers, information security officers, and IT professionals.
In line with the theme of “Managing and Integrating Secure Software Development Practices,” the talks ranged from simple introductions about the importance of cyber security to complex discussions about the best software development practices and security applications for small businesses.
For entrepreneurs, especially those in the BPO and ICT industries, the most relevant takeaway from the seminar was the importance of safeguarding their digital assets by improving the security of their programs and applications. SMEs were also urged to invest in security programs for small businesses to protect their assets.
The Open Systems Interconnection (OSI) model, is a “simplified” way to understand how telecommunications work and what are within it. The model has seven layers:
What’s important to note is that the first and last layers — physical and application — are the layers most people know and see. The Data Link, Network, Transport, Session, and Presentation layers work behind the scenes.
The application layer and your applications are closely tied together.
For example, HTTP is in the application layer and Google Chrome is an application. Google Chrome uses HTTP to access websites. HTTPS and FTP (File Transfer Protocol) are also in the application layer, and Google Chrome can use those two to access data from the Internet or the local intranet.
The biggest reason the application layer is vulnerable to attacks is that it is the most exposed out of the seven layers. According to Anton Orpilla, IT Architect of IBM Philippines, 32% of system compromises occur in the application layer.
Say that you have a webserver containing all the data you have for your company. That same webserver can be accessed through an Internet browser, such as Google Chrome, by your employees to do their work.
There are three common scenarios that can happen in this setup:
The chances of getting attacked grows as the number of people who can access the webserver multiplies and the number of faults that unknowingly — or knowingly — exists in the application.
As Pointwest’s Security Analyst Christine Balanaa simply puts it, “Don’t forget the evil users.”
There are two types of cyber attackers: insiders and outsiders. Insiders can be in the form of trusted, careless, disgruntled, or malicious employees. Outsiders can be in the form of amateur, professional, or organized hackers.
Cyber attackers can attack you because of multiple reasons. It is usually for financial gain and espionage, but it can be also for intellectual, social, and political reasons.
Your company or servers become a prime target if you have the following:
Those three reasons actually make banks the most targeted businesses online. There is good reason that foreign banks such as Chase spend around $600 million per year in cyber security and Paolo Falcone, Configuration Manager and SRE at Etrading Software Ltd., continuously updates his knowledge and service to banks.
He points out, “Banks are heavily regulated to protect customers, reduce risks of major failures, prevent misuse, (and) preserve bank-client confidentiality.”
As long as applications are core to services or operations, businesses should make sure that they can’t be accessed and manipulated by unauthorized or malicious individuals or organizations. Company software security breaches are costly.
Imagine how many work hours are wasted if a contact center’s IP telephony/UC software goes down for an hour just because a malicious individual found a method to take it down remotely. That can translate to almost a hundred work hours.
That contact center still needs to pay those idle hours. It may even need to pay some fines dictated in its contract with the client because of the sudden down time. If that company had some cyber security awareness and invested in cyber security programs and applications, they could have avoided the damages.
That’s why businesses, especially banks, BPOs, and ICTs, require the highest level of defense against online attacks. A vulnerability in their cyber security infrastructure can lead to millions of pesos in damage and loss of their clients’ trust. Cyber security programs, on the other hand, would cost only one to five percent of those millions of pesos.
It is essential for businesses, regardless of size and scope, to install cyber security applications and train their IT departments to learn DevSecOps, continuous security-oriented SDLC (Software Development Life Cycle), and the best development practices that come with them.
Find out how to boost your business’ cyber security and sign up to Globe myBusiness Academy.
Get access to all our exclusive member-only content