You Can’t Outsource Accountability

Needless to say, Indian service providers pioneered and developed the outsourced software development space; currently, they generate a combined $3.2 billion of revenue annually. Although Indian software service providers claim high standards, it is apparent that there are still weaknesses in their delivery. I just published a report that highlights the main culprits for this: a lack of executive commitment, poor application coding, and the industrialization of software development:

  • Poor application coding persists despite lessons learned. The security vulnerabilities are hardly obscure: More than two-thirds of applications have cross-site scripting vulnerabilities, nearly half fail to validate input strings thoroughly, and nearly one-third can fall foul of SQL injection. Security professionals and software engineers have known about these types of flaws for years, but they continue to show up repeatedly in new software code.
  • A lack of executive commitment within outsourcing firms leads to poor security. Although most of the service firms’ executive leadership teams mean well, few appear to grasp the true potential for security breaches at their customers, the implications of those breaches, and the part that the outsourced partner must play in preventing them.
  • The industrialization of software development expands the attack surface. Development on an industrial scale can put clients at significant risk. In some cases, offshore development centers serve multiple clients but lack effective network segmentation.
Read more

Asia Pacific Governments Must Learn From Recent Cyberattacks

The digital age brings some inherent security risks, like cyberattacks and hacking, that can have a significant impact on governments. The governments of Singapore, Philippines, South Korea, India, and Japan are some of the recent major victims — and the list is growing by the day.

Why are Asia Pacific (AP) governments a soft target for cyberattacks?

  • Aging, vulnerable infrastructure. Many servers that host critical government websites still run outmoded operating systems and are plagued by problems such as obsolete software and insecure coding, making them vulnerable to cyberattacks. For instance, only a handful of government computers in India use the latest version of Java; more than three-quarters of them are running unsupported versions of the software, which has been a common target for malware since 2010.
  • Low adoption of advanced security technology coupled with lack of security expertise. Governments still rely on conventional security controls like antivirus, antimalware, and firewalls that are powerless against sophisticated attacks. The problem is exacerbated by the fact that governments lack highly skilled personnel to combat cyberattacks effectively.
Read more