Managing Risk is More Important Now Than Ever

February 20, 2018 2354 Views Gabriel Torok

I just read the Forrester Wave™: Governance, Risk, And Compliance Platforms, Q1 2018.

Forrester reminds us all that “Risk and compliance management is more important than ever, thanks to the increasingly intangible nature of business value and the growing risk of violating customer trust.”

The report evaluated 14 leading GRC (governance, risk, and compliance) vendors: ACL, Enablon, IBM, LogicManager, MetricStream, Nasdaq, NAVEX Global, Riskonnect, RSA, Rsam, SAI Global, SAP, ServiceNow, and Thomson Reuters. What was most interesting to me is that 50% of these leading providers use PreEmptive’s application protection tools as part of their own strategy.

With software applications driving new business models, corporate reputations are increasingly at risk and regulatory fines are skyrocketing. Now is an ideal time to implement a comprehensive risk management strategy.

Artificial Intelligence, Real Threats: Can Attackers Flip the AI Script?

There’s big money in artificial intelligence (AI) — reaching almost $12 billion over the next six years. As noted by research firm McKinsey & Company, companies are now in the process of building out the technology foundation they need for AI deployment, with 45 percent of executives already worried about not investing enough in AI to keep up with the competition. It’s not a baseless fear: The McKinsey research also suggests that AI adoption is following a standard “S-Curve” model, which starts with slow adoption by a limited number of businesses followed by rapid mass adoption as market opportunities increase and then slows again as stragglers are left behind.

Given the wide range of potential applications for AI and the evolution of core intelligence technologies, increased business interest is no surprise. What companies may not be prepared for, however, is the uptick in hacker usage of AI tools and solutions — what happens when attackers flip the AI script?

That was the title of yesterday's congressional briefing organized by ACT | The App Association (in cooperation with the Congressional IP Caucus which is co-chaired by Rep. George Holding, Rep. Adam Smith, & Rep. Hakeem Jeffries).

As is often the case when presenting to different kind of audience (not software-centric), you’re forced to reorganize your thoughts – here are few that might be worth sharing.

Attendees were promised the following agenda:

Learn how rogue apps steal content;
Understand what access devices are enabling the piracy of content;
Learn about a range of app piracy methods used to exploit U.S. companies;
Gain insight into existing industry best practices and enforcement methods for combating IP piracy.

App development now happens at breakneck speeds as companies recognize the need for first-to-market applications that exceed consumer expectations for usability and performance. The root of this rapid release cycle? DevOps — the combination of development and operations teams to deliver best-in-class applications ASAP.

But more apps on the market more quickly means more chances for security issues — as noted by Bank Info Security, 60 percent of all breaches over the last two years started with known software vulnerabilities. Bottom line? DevOps is getting apps out of development, but lack of security is putting them in harm’s way. There are no second chances when it comes to first impressions; users won’t come back if applications expose personal data or become malware distribution drones.

The solution? DevSecOps: Security as a fundamental aspect of application development. Here’s what you need to know.

Model–View–ViewModel (MVVM) is a common pattern used in WPF, Xamarin, and other types of .NET applications. There are different ways to apply the MVVM pattern, but they all share a few underlying concepts. I’d like to discuss these concepts, and how to successfully configure protection with Dotfuscator for MVVM-based apps.

Credentials are a problem for your app. Why? Because they’re a critical access gateway: If attackers get their hands on working usernames and passwords they can cause havoc — everything from stealing user accounts to compromising high-level application functions.

It’s big business; Sensor Tech Forum notes that 85 malicious apps on Google Play were stealing login credentials, while Verizon’s 2018 Data Breach Investigation Report found that 81 percent of hacking incidents used weak or stolen passwords.

And while part of the problem rests with users choosing username and password combinations that are easy to remember and easy for attackers to guess, applications have their own issue: Hard coding. From smart city software to stock trading applications, the use of hard-coded credentials saves time upfront but significantly impacts security.

Don’t become an easy mark for hackers: Here are six ways to boost credential control and reduce total risk.

Managing Risk is More Important Now Than Ever

Artificial Intelligence, Real Threats: Can Attackers Flip the AI Script?

Rogue Apps: Facilitating Theft from Developers and Consumers

No Second Chances: App Shielding and the Emerging Need for DevSecOps

Protecting .NET applications that use the MVVM pattern

Create More Secure Applications – Don’t Hard Code Credentials; Instead, Use Application Hardening

Latest Blog Posts

Artificial Intelligence, Real Threats: Can Attackers Flip the AI Script?

Rogue Apps: Facilitating Theft from Developers and Consumers

No Second Chances: App Shielding and the Emerging Need for DevSecOps

Protecting .NET applications that use the MVVM pattern

Create More Secure Applications – Don’t Hard Code Credentials; Instead, Use Application Hardening

Latest News

Dotfuscator Adds Rooted Device Controls to Meet Exceptional Xamarin.Android Demand

Microsoft Build 2018

PreEmptive Solutions Launches GDPR Compliance Relief Program

Protecting Your Xamarin Apps with Dotfuscator

Third Major Dotfuscator Community Edition Release in 12 Months Expands Real-time Defense and Streamlines Xamarin Integration

Twitter

App Protection Blogs

Managing Risk is More Important Now Than Ever

Latest Blog Posts

Latest News

Twitter