Some Thoughts on Who Should Pay the True Cost for Insecure Software

Paula Musich
Paula Musich

Summary Bullets:

  • A clear majority of cybercriminals share the same motivation as legal commercial enterprises: the drive for profits.
  • It is way too easy for cybercriminals to buy automated exploit kits and execute attacks for financial gain.

The recently released Verizon Data Breach Investigations Report shows that legitimate business has something in common with cybercrime: both are chiefly motivated by profits.  The report found that of the 92% of breaches it unearthed that were caused by external bad actors, 55% of those were linked to strictly profit-motivated cybercrime groups.  For legitimate business, the profit motive drives companies to focus on developing applications that either reduce the cost of doing business or add to top-line growth.  In either case, what is rewarded in application development is speed, functionality and increasingly a good user experience.  Secure coding and thorough testing that avoids common vulnerabilities is further down the priority list.  Continue reading “Some Thoughts on Who Should Pay the True Cost for Insecure Software”