Why does it matter that you care about the security of your custom software?
Short answer – yes, it matters. However, you’re here for the long answer, so lets lay out the reasons why software security is so important. Have you ever heard of ‘stuxnet‘? (This is almost definitely outside of the scope of your custom software, however the principle still stands) Stuxnet is a malicious computer worm that targeted SCADA systems, particularly those of the nuclear program in Iran.
Now, we understand that this example is far outside the scope of what software you may be running. However, that doesn’t mean it isn’t important. All to often public facing software is targeted by malicious attackers. Your business may not even be a specific target, but if you’re leaving vulnerabilities unpatched, it’s only a matter of time before something goes wrong.
So, the first thing is to ask yourself the following:
- Is your software public facing? – ‘Public facing’ means can you access this software from the internet?
- Has your software been penetration tested? – Penetration testing is the act of purposefully attacking your own software to find holes in the security.
- Does your software store or process PII? – PII stands for ‘personally identifiable information’, eg. client names, email addresses, physical addresses, phone numbers, etc.
- Does your software attempt to meet the CIA triad – CIA stands for ‘Confidentiality, integrity & availability’. Software should always be developed with this in mind to aim for a solution that keeps information private, accurate & still available to the software users.
Do you regularly update your software security? – Is your software a one off purchase with zero support thereafter? Or, do you pay a subscription plan with the software developers to ensure it is kept up to date. - Where is the software hosted? – Is the software only used locally or do you host your software with the software provider, AWS, Azure, etc?
It’s important that these questions are answered & that you are comfortable with the answer. If your software is public facing, this needs to be secured as this type of software is the most likely to be targeted. If your software has never been penetration tested, it may be worth consulting a software developer or penetration testing company. It’s important that if your software stores ‘PII’, you secure this information, as if it is leaked, you are liable to litigation. If your software does not meet the CIA triad, receive regular updates or is not hosted in a secure location by a reputable provider, you are opening your software to attack.
There is no 100% secure solution anywhere in the world, however layered security & actively finding ways to stay ahead of the ‘bad guys’ gives you a much greater chance of surviving attacks. We hope this was informative & will help to guide you in the right direction. For more information contact us.