Digital Transformation

The term Digital Transformation (DT) represents different things to different organisations and business sectors. One definition of DT, courtesy of Cap Gemini, states Digital Transformation is the use of new digital technologies to enable major business improvements such as enhancing customer experience, streamlining operations, or creating new business models.

Many transformation projects have introduced a new or extended reliance on web based applications to enable major business improvements such as enhancing customer experience or to streamline operational capabilities.

Web based applications are not new and because they are easily accessible and often serve as an entry point to valuable data, web applications are now—and therefore always will be—a prime target for attack. DDoS attacks against major financial institutions, and massive Web breaches resulting in millions of compromised credit card numbers and personal data records are now commonplace in the news headlines practically every week. Hidden behind the front page headlines, too, lurk tens of thousands of unreported breaches—unexplained website outages, temporary website defacements, small-scale fraud incidents—that never make their way into news articles. One local example that did make the news in April 2017, involved the defacement of 150 websites in one evenings work. Whilst the problem was readily fixed, the overall cost to rectify the situation is a little hard to quantify.  The incident highlighted how an investment in a web application project or more sophisticated digital transformation project can be largely wasted if a security breach occurs.

Cybercriminals don’t just target brand name companies; they are equal opportunists, constantly seeking out vulnerable sites to compromise, disable, or deface as the recent NZ defacement example highlighted. The weapons of choice are technical web attacks, business logic attacks, and fraud—which traditional network security defences, like firewalls and intrusion prevention systems (IPSs), are largely incapable of preventing.

  • Technical Web Attacks - hackers commonly base their technical web attacks on SQL injection and cross-site scripting (XSS) techniques. To accelerate the rate of technical web attacks, the cybercriminals leverage a combination of off-the-shelf attack toolkits, infected ‘bots,’ and search engines to quickly find and exploit web application vulnerabilities. The “industrialisation” of hacking has made technical attacks much more automated and dangerous.
  • Business Logic Threats - hackers aren’t just using traditional web attacks. Business logic attacks and fraud are also becoming increasingly popular techniques. Today, hackers exploit business logic flaws to post advertisements in online forums. They scrape websites for valuable intellectual property. They perform repeated brute force attacks. They use wildcards in search fields to bring applications to a screeching halt. These attacks have left many organisations at wits’ end, because application scanners cannot detect business logic flaws and secure development processes can’t always mitigate them.
  • Online Fraud - hackers have turned their sights to unsuspecting website visitors, infiltrating millions of computers with malware to steal user credentials and hijacks sessions by tracking keystrokes and manipulating website content. While the malware targets end users, the true victims are the website owners; often banks and ecommerce sites, which must pay fraud restitution costs. Together, web application attacks, business logic attacks, and fraud can cost organisations millions or even billions of dollars. Breaches stemming from web-based attacks can result in brand damage, customer churn, lost revenue, fines, and lawsuits. Many victims of web application attacks have invested in customer notification and credit card monitoring services for their customers. In several instances, large-scale breaches internationally have caused major decreases in profit or share value.

So what to do?

  • Firstly accept the fact that your web applications will be pervasive, valuable and vulnerable.
  • If you do not have in house expertise to step you through a risk analysis of your web enablement project then hire someone to do this with your organisation.
  • Once the analysis is done be prepared to deploy the right type of security controls, up front, to protect your investment - namely a Web Application Firewall.

Today you can subscribe to Cloud based security services that protect millions of sites successfully around the world using Web Application Firewall technology. You do not need to buy an on premise appliance to do this job. 

Some of the key benefits of working with Cloud based solution versus buying and managing an appliance in house are –

  • As a service subscriber you can fall back on the expertise of a security organisation that has a global view of web based threats and how to manage and eliminate them.
  • The threat can be stopped at source rather than having it traverse the internet only to arrive at your front door.
  • No need to invest in physical equipment, or worry that it is set up correctly and then hope there is an expert around to manage it with some consistency thereafter. 

To read the white paper - Web Attack Survival Guide - CLICK HERE

To discuss how Imperva can help your orgarnisation contact: Bruce Armstrong - bruce.armstrong@mpa.co.nz or Mike Conboy - mike.conboy@mpa.co.nz.

Bruce Armstrong -
Consultant 

Bruce has a background in sales and marketing and has spent many years in IT in both Wellington and Auckland. He has worked for the large multi-nationals Microsoft and HP, and in more recent times has focused on information security solutions and products, and cloud infrastructure and delivery. Based in Wellington Bruce manages sales in the Wellington and Southern regions for MPA.  

Bruce has an ability to work with partners to get the best outcome in complex IT problems, and work through options and issues. With a love of all things technology and a dislike of techno-babble, Bruce is a great guy to talk to about your security and IT plans and projects.


Latest Security Problems Solved

Privileged Password Management - Pitfalls to consider More >
SIEM matures, however landscape changes. More >
What Does It Take To Lower Your Mobile Cost Of Ownership? More >
2014: The Year Encryption Comes of Age More >
Our Solutions
Security Solutions

We work with leaders in the fields of data protection, authentication and perimeter security to protect your organisation and manage any threats with the most effective security systems. More >

Technical Services

MPA New Zealand Ltd provides a range of technical services to compliment the vendor technology our company brings to the local market. More >