The number of criminal cases involving sabotage of a company’s new software has been increasing over the past decade, so much so it’s become necessary for software security specialists to do more than spot flaws in the production and development phases of software applications. It is now essential to look for purposely planted failings hidden there by enemies.
Dangers of Software Sabotage
Imagine how destructive software corruption could be to certain businesses. What if a mining company relied on mapping software to survey potential mining sites and someone tweaked the software to throw it off a few miles? Or imagine what disasters could happen if a hedge fund company’s algorithms were surreptitiously altered. Unfortunately, events like these are not all that uncommon thanks to software saboteurs.
Who would want to sabotage your software? The most likely answer is someone within your own organization. A disgruntled employee, a greedy employee, or a former worker is often the culprit. Carnegie Mellon Software Engineering Institute’s CERT reports that a third of the IT attacks they have investigated have been conducted from inside. Those inside enemies can wreak as much or more havoc as external hackers.
How to Prevent Software Sabotage
Since this is so often an inside crime, the solution to the problem often comes from within as well. There are some steps you can take to minimize the chances of being the victim of a saboteur. Basic steps include limiting access to developing software to essential personnel only. Encryption is another important strategy and so are actions like reading log monitors and enforcing code-change.
Other security advisors suggest that you work programmers in pairs so there is always at least two sets of eyes on the code being written. This not only helps with security, it can often catch simple errors before they grow into big problems. Peer code reviews may hinder a saboteur’s plans and can scope out potential bugs in the design.
Code signing is another protective measure. Every check-in should be logged and audited.
As stated earlier, software sabotage is often performed by disgruntled employees. You may have difficulty recognizing an employee that has a grudge against the organization. They don’t want you to figure out who they are so most unhappy employees try to disguise their hostility.
They may be young or old, male or female. They may not display any outward signs of resentfulness. If they do give any indication of trouble clues could include angry or aggressive behavior, increased absenteeism, and/or declining personal hygiene.
Insider sabotage occurs more often than you would like to believe. Don’t fall into the trap. Be proactive and take measures to thwart software sabotage. If you’re still not sure what to do, consider contacting a group like www.smartbear.com for better software testing and security measures.