Developing Secure IT Products to Defend against Cybersecurity Threats

According to the website StaySafeOnline.org, “building security into information technology products is key to enhanced cybersecurity. Security is an essential element of software design, development, testing and maintenance. The software we use every day on our phones, tablets, and computers may have vulnerabilities that can compromise our personal information and privacy.” (About, 2014) With a technological environment changing as quickly as it does today to accomodate the needs of an ever increasing number of savvy users pushing everything from social security numbers to personal medical information, the need to develop secure software is paramount.

And safety considerations don’t begin and end with the finished product alone. As a recent article on IEEEXplore points out, security risks might also include attacks against ” product code during development, any supplier or original equipment manufacturer (OEM) involved in developing the product’s software components, or (even) the product distribution channels.” (Baize, 2012)

So how does a software developer address these issues during development and distribution? And how can an organization know that the software they’ve purchased is safe? Typically software vendors utilize the secure software development life cycle which includes considerations such as “ protection of the overall product development environment, focusing on not only avoiding source code leakage but also prevent ing unauthorized source code modification; integrity of the source code supply chain…for open source software being embedded in products; and embedding controls for product code integrity and authenticity verification, during both delivery and execution of the products.” (Baize, 2012)

Another development in the defense against malicious cyber attacks is the design of products atat are not only attack-proof, but are also capable of detecting and defending against these attacks – in other words, products that are “attack-aware”. “Software security practitioners have made great progress incorporating into software the techniques that stop attacks targeting the most common security flaws…Most modern software can distinguish legitimate input from input containing (malicious code). If secure software can detect and stop malicious strings, it can and should also log and report incidents that are being prevented. This will provide the intelligence that security products need to better monitor activity and ensure quick attention, which can lead to prevention of data breaches.” (Baize, 2012)

While this all sounds great in theory, the truth of the matter is that cyberattacks can and do occur. Here’s a list of things to look out for which may indicate that your computer has been attacked:

• You have standard programs and files that won’t open or work.
• Files that you didn’t delete…have disappeared, have been placed in the (delete) bin, or have been deleted.
• You cannot access programs using your usual password. You find that your passwords have been changed within your computer.
• There is one or more programs on your computer that you didn’t put there.
• When you’re not using the computer, it is connecting itself to the internet frequently.
• File contents have been changed and you didn’t (make) the changes.
• Your printer may behave strangely. It may not print no matter what you do or it will print different pages that you did not command it to. (wikiHow, 2014)

We encourage you to contact the TSC immediately at X2920 or by e-mail at techhelu@sju.edu if you notice any of these symptoms or if you have any other reason to believe that your computer has been compromised.

Resources

About. (2014). Retrieved from StaySafeOnline.org: http://www.staysafeonline.org/ncsam/about
Baize, E. (2012). Building Security In. Retrieved from IEEEXplore: http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=6226545
wikiHow. (2014). How to know if You’ve Been Hacked. Retrieved from wikiHow: http://www.wikihow.com/Know-if-You%27ve-Been-Hacked