THREE QUARTERS OF ORGANISATIONS THINK APPLICATIONS CAN BE EXPLOITED BY CRIMINALS

London, UK 9th April 2008 - A survey by Infosecurity Europe of 757 organisations has found that 75% think their applications contain security holes that can be exploited by criminals. Further, interviews conducted by Infosecurity Europe with a panel of 20 Chief Security Officers (CSOs) of large enterprises on the topic revealed that they are very concerned about the security of application code. They were especially concerned about the work carried out by developers working on mission critical web applications outsourced to third parties. Many of them said that they would welcome an initiative to raise awareness of security amongst the developer community and change their behaviour to make secure software applications a priority.

According to Professor Howard A. Schmidt, Director, Fortify Software and former Cyber Security Adviser to the White House, "this figure of three quarters of organisations having security holes based on application vulnerabilities, while dramatic, is unfortunately not that surprising. When organisations develop applications, quality is one of the highest priorities but security vulnerabilities are seldom recognized or fixed. Priority is often given to delivering application features and business benefits without the understanding of fundamental coding errors that lead to security issues. Cybercriminals are targeting applications to steal money and information, and they know all too well how to exploit vulnerabilities not only in commercial software but are also very adept in finding security holes in applications that are developed "in house". Business leaders need to set in place business software assurance processes including development practices designed to ensure that their applications are secure to protect the data of citizens, customers and shareholders from the new wave of threats from cybercriminals."

At Infosecurity Europe 2008 the subject of cybercrime and application security will be covered in a number of keynotes and seminars. In the interactive theatre, Fortify Software will present their new documentary, “The New Face of Cybercrime”. Visitors can be among the first to watch this groundbreaking feature. Directed by Academy Award®-nominated filmmaker Frederic Golding, it highlights the impact cybercrime has on consumers and businesses, and is tipped to win awards at independent film festivals this year. The film will be followed by an interactive panel debate led by Professor Schmidt, who also sits on Fortify Software’s Board of Directors.

The main focus of the film is to emphasis that the criminal, as well as the crime, has evolved. Where hackers were once young nerds who did it for fun or experimentation, now e-crime is the domain of organised gangs, often from Eastern Europe or China, who simply want to make money. Gone is any desire to embarrass website owners or just cause mindless e-vandalism. It's no longer an ego boost or a method of earning bragging rights. It’s just about the cash. Their main targets are ecommerce web sites and the customer databases behind them. Databases that hold credit card numbers, expiry dates, PINs, addresses, and everything else that’s needed to empty a victim’s bank account. In many cases, the data isn’t used directly by the hackers, but is sold to other gangs.

“Today's cybercriminals are highly sophisticated”, says Richard Kirk, VP EMEA for Fortify. “Their technical expertise is extremely good, as is their knowledge of the systems they're trying to break into. They know the thresholds at which an online ordering system will seek additional verification of a customer's identity, and take care to stay below it when placing fake orders. They also have at their disposal the resources of large organised crime gangs who are fully aware that the world's police forces are woefully under-resourced for tracking down internet fraudsters. In the panel debate we will discuss the solutions to the problem of cyber-crime and application security.”

Claire Sellick, Event Director, Infosecurity Europe said, “The internet is here to stay, as is internet crime. With the relentless move online by all sorts of business and government agencies, e-crime will continue to evolve. As more coffee shops and libraries offer free, anonymous WiFi access, tracking down cybercriminals will get harder. So as hackers evolve, so must your efforts to defeat them.”

Infosecurity Europe is the number one event dedicated to information security. With over 300 exhibitors, the event is the most comprehensive showcase for the most diverse range of new and innovative products and services from the World's top information security experts and vendors. The event enables security professionals and business managers to establish a commercial justification for information security, refine their security policies and select the most appropriate solutions to support their security strategy in order to safeguard their company's reputation and assets. Over 11,000 visitors are expected to attend this year's event with many travelling from overseas to participate in the FREE education programme that addresses both strategic and technical issues. It draws on the skills and experience of senior end users, technical experts and real world case studies. Infosecurity Europe takes place at the Grand Hall, Olympia, London from 24th to 26th April 2007.

To register to attend or for more information please visit www.infosec.co.uk