The head of the FBI poked fun at himself to illustrate the threat posed – to individual, corporate and state security – by the vulnerability of web applications to malicious attacks. Discussing the war on Internet crime in a speech to the Commonwealth Club in San Francisco on Wednesday 7^th October, 2009, Robert Mueller described how his wife banned him from using Internet banking after he nearly fell for a phishing attack.

Mueller used the story of his own embarrassment to add weight to more serious warnings about cyber crime, the efforts of his agency to combat it and the need for everyone – from private individuals to the largest corporations and government departments – to be constantly vigilant. He referred to the Internet as a conduit for crime as well as for commerce, saying, “The Internet has created virtual doors into our lives, our finances, our businesses, and our national security. Criminals, spies, and terrorists are testing our doorknobs every day, looking for a way in.”

Robert Mueller’s speech resonated with us. All too often, we see people paying too little attention to the dangers posed by cyber crime and its consequences. Mueller drew a powerful analogy between Internet crime and burglary: “What if I told you that as you sit here today, strangers were walking through your offices, homes, and dorm rooms? What if they were opening your drawers, reading your files, accessing your financial information, or stealing your company’s research and development? Well, that is happening, right now, in homes and offices and schools around the world. Intruders are reaching into our networks every day, looking for valuable information. And unfortunately, they are finding it, because many of us are unaware of the threat these persons pose to our privacy, our economic stability, and even our national security.”

As our In the News page shows, reports appear in the press every day about more cyber attacks on businesses. Some are so vicious that they close the victim companies down. Each compromised record costs between £50 and £250, depending on the extent of the system cleanup and forensic analysis, regulatory and legal costs, consumer breach notification, and credit monitoring services. The average number of records compromised in an attack is estimated at 30,000, so the impact on your bottom line could run into the millions – and that’s before you quantify the damage unwanted media attention will cause to your brand image and share price.

Should you be among the next victims, you will find that the ramifications from web application vulnerabilities run deep. Your compliance with government and industry regulations is jeopardised and credit card companies are raising transaction fees where they perceive unusually high risk. So tightening your web application security not only increases your confidence – you can achieve an immediate return on investment.

As many web application security vulnerabilities exist in the application logic, embedded in the source code itself, the earlier you address security defects the lower the overall cost to your business. To eliminate these vulnerabilities at source is difficult, as your developers – the guys that really know the application – are not security gurus. Your security gurus, however, can’t be expected to know the application or the code.

We see this disconnect all the time and more and more organisations are finding they need help merely to keep pace with essential improvements in web application security scanning methodologies and tools. After all, the head of the FBI, no less, has described web application security as a “cyber arms race” – and it’s a race none of us can afford to lose.

More Information

Read the fulltext of Robert Mueller's speech here.

Click here to watch the StarBase Webinar on Application Security Testing

Return to Newsletter

Next Article