IndigoCube has launched a new business unit dedicated to application security. Ziaan Hattingh, managing director of IndigoCube, says the new unit is a direct response to a growing market need.
"Companies spend the bulk of their security budgets on infrastructure security, such as firewalls, access control and identity management, but research shows that 75% of attacks are directed at the application layer," Hattingh says.
"The current hype around big data as a source of competitive advantage has increased the value of the application layer and everything it contains - and when the Protection of Personal Information Bill becomes law, companies will become liable for the security of the personal data stored on their systems."
Worryingly, a survey by Deloitte and ITWeb indicates that 53% of South African companies are unready to comply with the requirements of the new legislation, which is expected to be signed into law during 2013. Securing the company's applications will obviously form an important part of its obligations under the proposed law.
Further impetus behind IndigoCube's new unit is the fact that South Africa is a favoured target for cyber criminals. The RSA Anti-Fraud Command Centre says South Africa experiences the largest number of phishing attacks in Africa, and is the third-most targeted country globally.[1]
One of the reasons behind this upsurge, Hattingh believes, is the general lawlessness in South Africa, coupled with the police's lack of specialised capability to deal with cyber crime. It should be added that cyber crime also poses huge challenges with respect to jurisdiction, given that it is typically perpetrated via the Internet from outside of the country's physical borders.
IndigoCube's new security unit will focus on providing clients with application security solutions based on IBM Security's suite of AppScan products. The solutions cover both the testing of software code for vulnerabilities before deployment ("white box" testing) as well as simulated attacks on deployed software to identify vulnerabilities ("black box" testing).
"We have been using the AppScan products in our testing and software development work, but now it is time to launch a unit focused on security - it's something that South African business needs, and we can supply," Hattingh says.
The new unit will be headed up by Walter Kruse, a leading practitioner of software testing and a passionate advocate of application security.
[1] The South African Cyber Threat Barometer (2012/3), research conducted by Wolfpack Information Risk, summarises the current situation. For information on phishing, see "SA facing increased cyber-crime threats", IT News Africa (12 November 2012), available at http://www.itnewsafrica.com/2012/11/sa-facing-increased-cyber-crime-threats/.
Share