Cyberattacks: The Software Features Junkie
How Rampant Software Feature Upgrades increases your network attack surface and makes your business the perfect next cyberattack target?
Today’s cyberattack exploited a vulnerability in a feature that was part of a software upgrade two weeks ago.
Vulnerabilities are introduced into software when software engineers write new features.
Hence, more features equates to more exploitable vulnerabilities which in geek speak, expands the (cyber) attack surface of your network.
Still think you and your firm are immune to Cyberattacks? Guess what?
1 — Donald Trump is the President of the United States primarily thanks to the cyberattack on the Democratic National Party that leaked its internal emails to the public.
2 — The recent NotPetya cyberattack cost Maersk — the world’s largest container shipping line — $300 million i.e. 42% of its underlying annual 2017 profits. The bulk of the impact from the NotPetya attack was felt in the third quarter, due to lost revenues in July after the company’s IT system, including booking applications, were brought down by the malware, hidden in a document used to file tax returns in Ukraine.
3 — The Wannacry ransomeware locked up 200,000 computers in 150 countries and effectively shut down the UK’s health care IT infrastructure.
So, avoid unnecessary, untested and unvalidated upgrades to your network software that introduce new features that will reduce your network security, reliability and availability.
Multiven strongly recommends that customers get software bug fix upgrades and security updates and patches only.
New feature upgrades should be introduced only after thorough road-map bug scrubs, security risk assessments and regression testing.
If you don’t have the necessary expertise in-house for the aforementioned software security research, Multiven can help.
Photo credits: Multiven