The rising number of security breaches and high-profile cyberattacks have reached "epidemic" stages, according to security researchers.
Do coders learn security practices and methods to thwart hackers too late to be effective? Security instructor from the SANS Institute Pieter Danhieux argues that this is the case, which has resulted in security staff being unprepared for the rising onslaught of hacking and security breaches worldwide.
The security instructor argues that current teaching methods in application design and programming needs to undergo some rapid changes to try and contain the cyberattack "epidemic," as students are often not given enough thorough grounding in secure design processes at early stages in security courses.
"Programming students will typically attend a single module on security during a course and it often comes in the later part of the educational cycle. The result is often a class of very talented developers but they don't think with security in mind."
In his opinion, this has led to "poor" security practices, especially in relation to building applications that have buffer-overflow and SQL injection vulnerabilities -- something widely exploited by hackers across the globe, including hacking collective Anonymous. Danhieux also points out that these system flaws were the most fundamental mistakes made by coders ten years ago, and are still the most common issues found today.
"But you can't just say it's just down to insecure program design,” he notes, "the bigger problem is still due to insecure passwords, over privileged users and poorly patched systems."
It may only be high-profile security breaches, such as HSBC's experience with DoS attacks and hacktivist groups that target university websites which generally make the news, but a number of incidents go unreported every year -- which is why teaching the next generation of security professionals how to keep up-to-date with the latest exploits is now so crucial. The security researcher stated:
"The U.S. is one of the only countries with a well-developed disclosure culture around security breaches. So the assumption might be that there are relatively few incidents and that America is the epicentre -- I can tell you for a fact that the scale of the attacks is at epidemic proportions and it is organised, well-funded and global."
Image credit: Don Hankins