The danger of leaving software security as an afterthought

28 Jul 2017

Is it time to update? Image: Santi S/Shutterstock

TechWatch editor Emily McDaid discusses the trends, threats and tribulations of software cybersecurity with Gary Robinson, founder and CEO of Uleska.

I recently sat down with Gary Robinson, an entrepreneur in cybersecurity (with a start-up called Uleska) and a European board member of Open Web Application Security Project (OWASP).

Robinson chaired OWASP’s main European conference, AppSec EU, in Belfast on 11 and 12 May.

He gave us the good, the bad and the ugly about cybersecurity.

‘When we make it more affordable for our customers to secure their products, then we’ll all be safer when we turn our computer on’
– GARY ROBINSON 

What are the important trends in cybersecurity?

There’s a massive skills shortage right now. Not only do cybersecurity experts have a 0pc unemployment rate, there are an estimated 1m open recs for unfilled global jobs in cyber right now. We’re in high demand.

Why are skills in such short supply?

I believe that universities need to step up their training in cyber. It’s possible to graduate with a CS (computer science) degree with only the bare minimum of exposure to security.

What threats are you protecting against?

We already know how to solve every security problem that exists. One example, SQL injection, is still being used to hack organisations such as TalkTalk, although we’ve known about it for a decade. OWASP tells developers how to protect against SQL injection attacks for free.

The problem is time, and money. Teams don’t have enough resources to secure every application, so they are picking and choosing customer-facing apps, while not securing other – possibly back-end – systems. Right now, businesses might only secure five to 1opc of their applications.

The rate of software being developed is increasing and human skills cannot keep up to secure it. This is why I launched Uleska, as a lifeline to software teams, so they can proactively secure applications while they’re building them, instead of as an afterthought.

Let’s talk about what Uleska can do.

Uleska addresses securing the software on the first, and every day, of the project, instead of on the last day.

This improves time to market, reduces the chances of being hacked and reduces the cost of securing product. We’re building an initial product with money from Techstart NI, and have filed a patent with help from Invest NI. Uleska gives companies the security requirements, code toolkits and automated security tests specific to the project they are creating.

uleska

Gary Robinson, founder and CEO of Uleska. Image TechWatch

What stage is Uleska at?

We’re finalising our first product now. We’ve taken part in two UK cybersecurity accelerators, HutZero in London and CSIT Labs locally, to ensure that we’re solving a real pain our customers are seeing, and that no one else is solving it this way.

Is it challenging to be an SME in the cybersecurity space?

Yes, mainly due to privacy – people don’t want to shout about their vulnerabilities or attacks that have happened. You can’t just ring up a bank’s CISO and ask about their cybersecurity problems.

Microsoft or IBM might be privy to information due to their existing relationships, so privacy can be a challenge when you’re a smaller start-up in this space.

What edge do entrepreneurs in security have over industry giants?

Big players might have better access but smaller entrepreneurs can be more nimble. We come up with a brand new idea, or way to solve the problem and, when the solution is proven, then we can get traction.

Are the bad guys one step ahead?

There’s more money in hacking than in building protective systems so yes, in that sense, they are. The only way forward is to build great security software. Thankfully, there’s a huge amount of innovation happening in the cybersecurity industry, and the hope is that will tip the balance in favour of protection.

The biggest risks right now are phishing attacks and insider attacks. Around 55 to 68pc of attacks are coming from an organisation’s own employees – either unwittingly or intentionally.

Where do you want to be in five years?

Our vision is to make security less of a hassle, and something that any team can apply easily. When we make it more affordable for our customers to secure their products, then we’ll all be safer when we turn our computer on.

By Emily McDaid, editor, TechWatch

A version of this article originally appeared on TechWatch

Uleska is a finalist in the annual Invent competition run by Connect at Catalyst Inc, which aims to showcase the best and brightest innovators that Northern Ireland has to offer. Invent 2017 will take place on Thursday 5 October in Belfast, where 12 finalists will battle it out for a £33,000 prize fund and the chance to attend a Northern Ireland tech mission to California.

TechWatch by Catalyst covered tech developments in Northern Ireland

editorial@siliconrepublic.com