Cyber experts share advice for organisational cybersecurity practices
2021 has been a difficult year for cybersecurity. Over the past twelve months, we have witnessed a range of devastating cyberattacks that have targeted both healthcare systems and oil pipelines alike. October marks this year’s Cybersecurity Awareness Month and with threats becoming both more frequent and complex, there has never been a more opportune moment for businesses to evaluate their current policies and defences.
Below, industry leaders offer their advice on how to best improve an organisation’s cybersecurity practices throughout the next few weeks and beyond.
Sascha Giese, Head Geek at SolarWinds Following a year of rapid transformation fueled by the global pandemic, technology professionals today are under even greater pressure to ensure optimised, secure performance for remote workforces, while facing limited time and resources for personnel training.
When it comes to risk management and mitigation, prioritising intentional investments in technology solutions to meet business needs is critical, especially in the current environment, where the accelerated shift to remote working is considered by tech pros to be the number-one aspect within IT environments to increase risk exposure.
With almost half of tech pros confirming their organisations have had medium exposure to enterprise IT risk over the past 12 months, tech pros must partner more closely than ever before with business leaders to ensure they have the resources and headcount necessary to proactively address security risks. Most importantly in this environment, tech pros should constantly assess their risk management, mitigation, and protocols to avoid falling into complacency and being ’blind’ to risk.
Guy Podjarny, President and Co-Founder at Snyk Security can’t be solved by simply pouring money into it. Developers are the only way we can scale security.
Digital transformation hinges on independent developers working continuously and rapidly. Businesses live or die depending on how well — and how quickly — their dev teams are able to build new functionality, get it to customers, and adapt to what they learn. Cloud removes barriers, giving developers more control over the underlying infrastructure, and accelerating the deployment of new updates.
From writing safe code, to updating a vulnerable open source library, to configuring infrastructure correctly - developers are the ones making the decisions that decide how secure the app is. They should be equipped with the right tools, and given the mandate and process to use them, so that they can build security in and stay ahead of the attackers.
Getting developers to embrace security, and build it into the fabric of software development is key to ensuring that security can keep up with the pace of modern development, and a fundamental requirement for securing our digital lives.
Richard Grisenthwaite, SVP, Chief Architect & Fellow at Arm We predict that soon, 100 percent of the world’s shared data will be processed on Arm; either at the endpoint, in the data networks or the cloud. This pervasiveness brings a responsibility to deliver even more security - Arm has been researching, creating and adding security features to processors for the last decade and more, and is committed to continuing to drive the evolution of more secure systems with our ecosystem.
*We don’t have to look too far into the future to see computing as a distributed utility where data is being processed on the most appropriate platform at that time. In this environment, the ability to trust the computing infrastructure and the system is a crucial element in ensuring people feel confident about the security and privacy of their information. New emerging technologies such as confidential computing will help to build this trust, enabling computation in hardware-based secure environments that shield portions of code and data from access or modification, even from privileged software.
By providing secure foundational technology, and empowering developers to implement the right privacy controls quickly and easily, we can enable a world in which data and code is protected wherever computing happens.
Dahwood Ahmed, Regional Director UK&I at Extreme Networks Global research found in our Cloud Security Drivers 2021 report revealed 53% of security and IT decision-makers reported security-related attacks increased during the pandemic. This is no surprise given the rise in connected devices and the growing number of organisations who have now adopted hybrid working which, for many, has resulted in less visibility into their security ecosystem, less control of access points, and a larger, more varied attack surface for adversaries to target. Businesses must therefore take this moment to safeguard themselves by not only focusing on shoring up network connectivity, but network security.
Organisations can achieve this by adopting a cloud-based and software defined network which offers cloud managed triple ISO security, stealth network segmentation and implements role-based access policies for all devices and users. This will be critical to stop cyber criminals and their increasingly sophisticated attacks as any compromised device will allow bad actors to move laterally across a network and wreak havoc. Only by having a holistic approach towards network security will businesses be able to achieve infinitely distributed connectivity, and protect themselves moving forwards.
Ian McShane, CTO at Arctic Wolf Let’s be logical and realistic, cybersecurity operations must be a priority for businesses all year round, not just in October. That said, the campaign is a useful reminder for businesses to make sure they are prioritsing and taking their cybersecurity operations seriously.
As hybrid working continues to become normal practice, the reality is cybersecurity is fast becoming an urgent and permanent problem for businesses to address. The constant reports of successful ransomware attacks and the steep rise in cyber attacks over the past year are reflective of how unprepared businesses currently are when it comes to combating sophisticated cyber threats. In fact, our recent research found three quarters of UK SMB leaders believe their workforces lack the capability and expertise to withstand an attack.
The best way organisations can address their cybersecurity challenge is by recognising that they don’t have a tools problem, but an operational one. By prioritising and embracing their security operations, it will allow them to address the rapidly evolving threat landscape with ease and simplicity. Those that prioritise investing in their security operations now, will be the real cybersecurity winners in the long run.
Rob Zuber, CTO at CircleCI As a result of digitalisation and the adoption of cloud services and apps - which has been fuelled by remote work as teams seek to maintain productivity with effective and transparent processes, we’re seeing seismic shifts in tech use and app development. As development practices evolve, so do new threats such as external attacks, privilege abuse, and data theft.
Most organisations fail to adopt application security best practices that work to protect software, data, and users. Common pitfalls include information leakage, cryptographic issues, carriage return and line feed (CRLF) injection, and code quality flaws.
These organisations can secure their assets and defend their software by integrating application security best practices, like vulnerability management, into their software development life cycle. Vulnerability management requires continuous scanning, classifying, prioritising, and patching these software vulnerabilities. Yet, developers performing these tasks manually are prone to error. Given the shortage of trained developers when it comes to DevOps, containers, and Kubernetes, the chance of human error is even higher.
*Enterprises cannot take these key application security risks lightly, but the risks don’t have to be showstoppers. Integrating optimisations through practices like CI/CD, can help to automatically detect and mitigate threats scalably, keeping developers developing, securely.
This was posted in Bdaily's Members' News section by Technology Experts .