Joseph Feiman, WhiteHat Security: We Have to Do More to Protect Election Software Systems

WhiteHat Security, Chief Strategy Officer, Joseph Feiman has been in the business for many years now, and he agreed to speak to us about several topics, including the changes COVID-19 has brought upon us and our work routines.

Feiman, a man who previously worked for Gartner for 18 years, has co-founded the application security market category, serving as a trusted contact for security execs and other industry professionals worldwide.

Now, at WhiteHat Security, he oversees business strategy and vision in an effort to push the company forward in these troubled times.

TechNadu: WhiteHat Security offers solutions for a wide range of industries. Which ones would you say are at more risk in front of cyber-attackers nowadays?

Joseph Feiman: The list of most vulnerable industries begins with financial and insurance segments. Over the last few years, the government has also become a primary target of attacks. It makes me say that money and politics are the primary hacker's drivers and targets. I can also conclude that after hackers-hooligans and vandals came hackers-criminals - and now, government-supported hackers.

TechNadu: We've seen a lot of shifts in the way companies operate in the past few months. Have you also seen changes in how cyber attackers are directing their attacks?

Joseph Feiman: Since the beginning of the Covid-19 spread in/around March 2020, hackers have made health care organizations – those preoccupied with helping sick – their primary target. World Health Organization was one of their first targets – a clear demonstration that peoples' suffering would not stop hackers.

TechNadu: How can companies protect themselves better in this new age we're living through?

Joseph Feiman: We have noticed some increase in the application security services that companies acquire and apply to ensure that their web-exposed software is secure. Unfortunately, the problem with insecure software is so deep and broad, only radical changes in the ways in which software is built could bring substantial and reassuring security improvements.

TechNadu: What are some of the most common vulnerabilities detected by your platforms?

Joseph Feiman: Among the most common vulnerabilities, you will see SQL Injection, Cross-Site Scripting, all kinds of injection attacks. They are most dangerous, as they exfiltrate sensitive data or corrupt applications' behavior. The most unfortunate fact is that those vulnerabilities have always topped the list of the typical vulnerabilities over the last decade and a half. It simply means that the security of applications that run our society, business, and personal lives is barely getting better. The origin of the problem is the fact that software/application development has not made security a mandatory feature.

TechNadu: I've noticed that WhiteHat Security is also focusing on the dangers surrounding the upcoming US elections. What are the latest concerns regarding the elections, and what can be done against them?

Joseph Feiman: Security measures include vulnerability detection, vulnerability remediation, and attack prevention.

We should, urgently, continue detecting and remediating vulnerabilities in the election software systems. This should be done with tools/services such as application security testing.

Envisioning that many vulnerabilities will not be detected or remediated, we should be, urgently, deploying protection systems, such as network firewalls and web-application firewalls.

TechNadu: WhiteHat Security has been around for quite a while, but you only joined them a little over two years ago. How did you end up taking the role of Chief Strategy Officer? What attracted you to the company?

Joseph Feiman: In my capacity as Gartner Research VP and Fellow and a lead application security analyst, I have been among pioneers of that industry. I have known WhiteHat since 2006. A few years after leaving Gartner, I was invited to join WhiteHat. Here, I see a strong potential for innovation, for solving the key AppSec issues that I stated previously.

TechNadu: What's one of the most important things you've learned in your long career?

Joseph Feiman: Three things come to mind:

• Security is an afterthought for companies and governments.
• Security adoption is insufficiently slow. Hackers are faster than us.
• Inertia of thinking among our enterprise security leaders is an inhibitor.

TechNadu: When it comes to cybersecurity, what is the best advice you have for our readers?

Joseph Feiman: We are and will be living in a global society that lacks information security and privacy. Realize that fact and see what you can do to improve security and privacy – to some degree – as an individual, company, and government.