The United States of America is home to some of the world’s most sophisticated and advanced software ecosystems. As such, it is a prime target for modern cybersecurity challenges, such as hacks and data breaches. Regional cyber statistics from Verizon indicate that the U.S. (combined with Canada) accounted for over 68 percent of all cyber hacks globally in 2023. Therefore, it’s imperative to tackle software security by state to enhance enterprise software protection in America.
This article will examine software security by state in Texas, Georgia, and New Jersey. It will examine the most prevalent software attack vectors and software security innovations, such as Kiuwan, that organizations can implement.
Texas hosts numerous businesses from diverse industries, including information technology, oil and energy, biomedical research, and defense. Since all these industries have high economic significance and handle vast amounts of sensitive data, it’s no surprise that the Lone Star State is grappling with many software security challenges.
In June 2023, the hacktivist group SiegedSec hacked Vueworks, an application for managing maintenance work orders for various departments in Fort Worth. Shortly after, the city issued a press release stating that the hackers infiltrated the system, downloaded internal data, and posted it online as a protest against Texas’s ban on gender-affirming care.
According to city officials, investigations determined that the group gained unauthorized access to the system by obtaining login credentials. While they did leak some data, it wasn’t sensitive, and they did not manage to access any other systems. In response to the incident, the city took the precautionary measure of removing the system from the external internet and forcing all users to reset their passwords.
On 16th August 2019, a ransomware attack saw hackers infiltrate 22 municipalities’ computer systems in Texas. In exchange for restoring access to the compromised systems, the hackers demanded a $2.5 million ransom. While the cities did not pay a single cent to these hackers, it is estimated that Texas spent around $12 million to resolve the attack.
According to the Texas Department of Information Resources (DIR), within a few hours of discovering the ransomware attacks, the state, in coordination with federal teams, had already created and implemented a response plan. The cybersecurity teams conducted an initial evaluation of the affected municipalities, focusing on providing immediate assistance to those in the most urgent need. By the fourth day following the attacks, the DIR reported that cyber response teams had completed over 25 percent of the response activities across all affected municipalities. Soon after, all the essential business services were successfully reinstated.
Home to Atlanta, fondly known as the “Silicon Peach,” Georgia has become a hub for enterprise software development. This growth has not gone unnoticed by malicious actors seeking to exploit vulnerabilities.
In June 2023, the University System of Georgia (USG) experienced a data breach that exposed the personal information of its students and staff data. According to USG, the breach occurred due to a vulnerability in MOVEit, a software application for storing and transmitting sensitive information. This vulnerability enabled unauthorized parties to access MOVEit servers, ultimately making USG a target for malicious actors.
After identifying the breach’s source, USG promptly patched the software. It also revealed that it was actively monitoring communications with Progress Software, the provider of MOVEit.
Still linked to the MOVEit software, in 2023, PBI research services experienced a data breach that exposed data stored by the Georgia Teachers Retirement System (TRS). According to TRS, a vulnerability in MOVEit allowed hackers to access the data of over 261,697 university faculty, retired Georgia teachers, and beneficiaries.
Immediately after identifying the hack, PBI took immediate action. They informed all affected individuals and established a dedicated call center for their members. Additionally, PBI recommended that its members take protective measures, such as conducting reviews of their credit reports and implementing two-factor authentication on their online accounts.
New Jersey has also had its fair share of security threats. One of the highest-profile breaches in this state is the myNewJersey portal breach. In 2021, hackers targeted and hacked into the myNewJersey software application, a portal that allows users to access information, such as payroll and tax records, using one ID and password. According to reports, the hackers accessed the portal using compromised login credentials from the dark web. They accessed over 200 state employees’ personally identifiable information, which included pension information, Social Security numbers, phone numbers, names, email addresses, and birthdays.
Cybersecurity in business is paramount. If not implemented and approached strategically, devastating consequences can arise, such as financial losses, reputational damage, and operational disruptions. Moreover, the incidents highlighted in our software security by state analysis reveal several lessons organizations can learn.
For one, organizations must understand that vulnerabilities are everywhere. The incidents in the states discussed highlight vulnerabilities in all types of software applications, even those used by government agencies and educational institutions. This underscores the need for a comprehensive software security approach involving continuous vulnerability analysis and patching of vulnerabilities. This also means having a comprehensive security strategy in place. This plan should outline steps to be taken in the event of a breach, ensuring a well-coordinated response. For instance, prompt response is vital in mitigating the impact of the incidents once identified. Identifying and containing the breach quickly can prevent further damage and help reduce financial and legal implications.
Software security isn’t a one-time thing; it’s a continuous process that should start from the earliest stages of application development and persist throughout the software’s lifecycle. One key element of this ongoing process is the use of robust code security tools. Kiuwan is a leading application security testing and code analysis platform offering several features organizations can use to avoid launching applications with vulnerabilities waiting to be exploited.
We have two main solutions: Static Application Security Testing (SAST) and Software Composition Analysis (SCA). With SAST, Kiuwan conducts an in-depth source code vulnerability analysis during the development phase. On the other hand, Kiuwan SCA allows organizations to analyze and monitor third-party components used in their applications, enhancing overall security by addressing vulnerabilities in these components. Sign up for a free trial today to enhance your software security.