Software companies spend thousands of dollars securing code, applying security patches, using automated testing tools, hiring security experts, and running bug bounty programs. But despite these efforts, cybercriminals continue to find flaws to exploit.
Large-scale, enterprise-level applications may be more secure, but as they get more and more complex, it’s inevitable that software bugs and vulnerabilities will crop up.
In this week’s installment of our 2017 cybersecurity forecast, we share our outlook on vulnerability trends that will likely occur as the year unfolds.
The rise of software flaws
For many years, security flaws in Microsoft products were the primary target for hackers. But according to Trend Micro’s Zero-Day Initiative, in 2016, there were 135 vulnerabilities in Adobe, and 76 in Microsoft. Apple, on the other hand, unearthed 50 vulnerabilities since last November, doubling the number of security flaws found in 2015.
We predict that attacks on Microsoft software will decrease as cybercriminals plan to exploit other major software companies. Hackers, like business owners, are economical and are always seeking the best return on their investment. This means they usually attack platforms that are easy to infiltrate and have large user bases.
Microsoft is probably not the easiest or most rewarding developer to hack. After all, the tech giant invests a considerable amount of resources to improve the security capabilities of its applications and operating systems. Also, Microsoft’s PC shipment and market dominance have recently taken a downturn, making it a less attractive target -- especially when compared to Apple.
As Mac computers, iPads, and iPhones gain a bigger market share, more cybercriminals will set their sights on Apple software. In addition, black-hat hackers will likely abuse unsupported software versions and devices like the iPhone 4S.
Meanwhile, Adobe’s large user base and its highly insecure Flash plugin will continue to make it a highly popular target among the hacker community.
We also expect that the discovery of Apple and Adobe vulnerabilities will lead to the creation of easy-to-use exploit kits, allowing even non-technical cybercrooks to launch software attacks.
Mitigating security risk
When obscure software flaws are discovered, it takes software developers days, or even weeks, to build the appropriate security patches. Businesses can, however, shield vulnerabilities to proactively minimize the risk of zero-day exploits and security weaknesses.
Tools like intrusion detection and prevention systems (IDS/IPS) use heuristic analysis to inspect network traffic for malicious activity and block zero-day hacks. Strong firewalls will detect known attacks and cover unpatched software vulnerabilities. And regardless of whether enterprises use Apple, Adobe, or Microsoft products, advanced endpoint protection should always be applied to desktops and mobile devices.
Software vulnerabilities may seem small in comparison to our previous cybersecurity forecasts, but that doesn’t make them any less important. Contact us at www.intelligis.com to enlist the help of our managed IT services team in Atlanta. We provide IPS, endpoint protection, and advanced firewall solutions to shield your business from emerging threats.
Don’t forget to tune in next week for more on our cybersecurity forecast!
