For the last few months, we spent a lot of time researching facts, collecting information, creating data figures and presenting it. This week around, Indusface Research thought of asking random cybersecurity questions to few of our readers and cybersecurity experts. Here are a few of them.

 

Question 1 to Kevin Du, Senior Member at the Institute of Electrical and Electronics Engineers, New Jersey, USA.

  1. Developing web applications is more difficult or securing them?

“Developing web applications is not difficult, so there are thousands of them made and changed every day, but web developers do not know about potential attacks on these web applications. Therefore, many of the applications either have no defense against these attacks or are simply implemented in the wrong way, making them vulnerable. The percentage of vulnerable web applications is very high (around 50% based on some recent reports), and I don’t believe it will be improved significantly in the near future without proper solutions.”

 

Question 2 to Tyler Cohen Wood, Cyber Security Advisor at Inspired eLearning, San Antonio, United States.

  1. Why do so many companies use web apps, still can’t keep them secure?

“Many enterprises like the convenience of web based apps because they allow updating and maintenance to be performed in the web browser itself, rather than distributing software to multiple computers or systems.  Security becomes a problem due to zero-day threats and frequent changes, making web apps vulnerable to traditional cyber threats, such as SQL injection and phishing attacks amongst many others.  Protection against cyber threats should be a key component. “

 

Question 3 to John Chapin, Web Application Development Consultant, Capital Technology Services, Philadelphia, United States.

  1. Why are the startups hacked more often?

“So many startups do not protect the data of their users on the server or in transit. Of those that do take the time to get that right, there’s a significant portion that don’t come back to patch those systems when a new vulnerability is found. My hope is that in the very near future small and medium size business starts to get the, “101” security lessons applied correctly. The small businesses not paying adequate attention to their web sites and custom web applications are going to be easy attack vectors for getting into services with better security.”

Take 14-day trial for free website security scan and protection

 

Question 4 to Symon Perriman, VP of Business Development, 5nine Software, Middletown New Jersey, United States.

  1. How do you relate cloud and virtual servers with security?

“Today’s websites are primarily running inside virtual machines (VMs), whether that is on premise or in a cloud-based environment.  Security for virtualization should be treated different from traditional static servers, where the hardware and infrastructure infrequently changes.  Virtualized environments are dynamic as VMs are constantly being created and destroyed (sometime without admin intervention). There is a need to monitor and scan all of it continuously.”

 

Question 5 to Sheila Lindner, President, Octacom, Ontario, Canada.

  1. What’s your take on securing business?

“One of the biggest trends we’ve seen over recent years is a push toward better security. The stats on web application security pitfalls are astounding – according to Gartner, 75% of mobile apps fall below basic security expectations. Especially with the rise of electronic health records and data storage in public sectors, the importance of mobile app security is becoming more and integral to the daily lives of the world’s citizens. Businesses must ensure they are providing a reliable and secure experience to maintain a good reputation, not to mention their customer and consumer base, into the future.”

 

Question 6 to Bryan Clayton, CEO, GreenPal, Nashville, Tennessee, United States

  1. Were you ever hacked? What were the risks?

“Our system was breached two months after we launched in the summer of 2014. Luckily, we were in our infancy and only a few hundred-customer profiles were exposed however if something like that happen to us, today it could spell the end of our business. After that, shot across the bow we invested in application-layer security. We recently saw that we were under attack again but it was blocked. App sec gives us peace of mind at a price we can afford.  I highly recommend getting secured to any business that could be exposed to online attacks to their database.”

 

Bonus Question to Ashish Tandon, Founder and CEO, Indusface.

  1. It’s often argued that application security is an expense with no returns. Your take?

“According to the National Small Business Association, 72% of businesses that suffer major data loss shut down within 24 months. Gemalto Survey further highlights that 64% of the people are unlikely to shop or do business with a company hit by a data breach.

The risk is just too high to ignore. Application security is not an expense; it’s a modern day business necessity. Period.”

Founder & Chief Marketing Officer, Indusface

Venky has played multiple roles within Indusface for the past 6 years. Prior to this, as the CTO @indusface, Venky built the product/service offering and technology team from scratch, and grew it from ideation to getting initial customers with a proven/validated business model poised for scale. Before joining Indusface, Venky had 10+ years of experience in security industry and had held various mgmt/leadership roles in Product Development, Professional Services and Sales @Entrust.