Why Every Cybersecurity Leader Should Assume Source Code Loss Risk
A popular proverb says “forewarned is forearmedâ€. When dealing with Cybersecurity, we must be prepared for the worst. Of course, it is up to us how high the level of security we achieve, whether we have appropriate certificates, whether we will perform audits, etc. We create our security, risk management, and compliance policies. We must first assume that certain events can happen and then devise a strategy to protect us from them.
The backup issue is as obvious as it is ambiguous. Current trends are, for example, the “shifting left†approach, DevSecOps, and a source code backup after each action. You can read about it here. So I will skip the data protection aspect, but I would like to pay more attention to the source code security. Code is our business value and we should guard and care for it. But are we really aware of it? Do we know how to do it?
Source code security
In 2021, compared to the previous year, the number of cyberattacks and data breaches increased by 15%. A single ransomware attack occurs on average every 11 seconds around the world. Identity Theft Resource Center claims that due to inadequate security of cloud databases, hackers came into possession of confidential data belonging to 99 million people.
There are more stats. According to a study made by ThoughtLab, in 2021 cybersecurity budgets as a percentage of firms ’total revenue jumped by 51%! That’s quite a lot. On the other hand, 29% of CEOs and 40% of security leaders admit that their organizations are not prepared for the rapid changes in the world of security threats. The same research also shows predictions about the future of threats and the main areas of hackers’ interests. They pose social engineering and ransomware as their main threat. Areas worth paying attention to, security executives point out as “weak spots primarily caused by software misconfigurations (49%), human error (40%), poor maintenance (40%), and unknown assets (30%).â€
领英推è
UpCity has also done some interesting research. Or rather, the results of these studies are interesting and a bit scary at the same time. In May 2022, the results for the SMB in the U.S. sectors were published. And what do we learn? Only 50% of businesses have a cybersecurity plan in place. As many as 32% of them did not change their plans after the remote work revolution caused by the pandemic!
Speaking of which, the new style of work has forced the development of technology for identity management and authentication. Also some malware and ransomware mitigation. In the world of security, it is already the case that the development of technology also means the development of new forms and methods of attacking and bypassing security. Are we sure we are ready for it?
Third-party software
Using external services can be beneficial. Of course, it all depends on the situation and the service itself, but the IT industry is developing towards narrow specialization. Nobody knows everything, and the aforementioned data shows it. Even the fact that cybersecurity budgets are raised does not mean that these budgets are sufficient enough to with the ever-changing environment. Often, despite the seemingly additional cost, it pays off to invest in external services that increase the security of our business. Systems or services related to security are created by experts in a given field. We know our business and our industry, but we do not necessarily have a knowledgeable group of security experts, so it is worth using the knowledge and experience of others.
??? Do you agree? Continue with reading the full story ?? Why Every Cybersecurity Leader Should Assume Source Code Loss Risk