The global pandemic and more recent geo-political events have brought an even greater focus on the threat of cyber attacks on individuals and businesses.
Even as global lockdowns and restrictions on movement have eased, many organizations have not adapted to remote or hybrid styles of work. The reality that most of the workforce now operates outside a perimeter that can be controlled creates greater opportunity for scammers, hackers and the potential for cyber attacks than ever before. New intelligence suggests that cyber attacks targeting the United States are being considered.
To educate companies, the White House provided a fact sheet that included a comprehensive list of security best practices for organizations seeking to rapidly secure their digital infrastructure. The White House statement recommended public and private organizations move with urgency to enhance their cyber security posture and protect critical infrastructures.
Specific recommendations include:
- Mandate the use of multi-factor authentication on your systems to make it harder for attackers to get into your systems;
- Deploy modern security tools on your computers and devices to continuously look for and mitigate threats;
- Check with your cybersecurity professionals to make sure your systems are patched and protected against all known vulnerabilities; frequently change passwords across your networks so that stolen credentials are useless to malicious actors;
- Back up your data and ensure you have offline backups beyond the reach of malicious actors;
- Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack;
- Encrypt your data so it can not be used if it is stolen;
- Educate your employees to common tactics that attackers will use over email or through websites, and encourage them to report unusual behavior on their computers or phones, such as unusual crashes or very slow operation; and
- Engage proactively with your local FBI field office or CISA Regional Office to establish relationships in advance of any cyber incidents. Please encourage your IT and Security leadership to visit the websites of CISA and the FBI where they will find technical information and other useful resources.
Veracode Developer-first Mission
At Veracode our mission is to take a developer-first security approach to securing the software that powers businesses. Here are three ways that you can use the Veracode Platform to align with the recent White House guidelines.
- Shifting security left is key to any developer-first AppSec program. That’s why we enable you to identify security vulnerabilities from directly within your IDE. You can perform a static scan or assess the composition of your software from any of our 30+ developer focused integrations. With static code analysis and Software Composition Analysis (SCA), integrations into VSCode, Azure DevOps, and many more, we meet developers where you are with the tools you need.
- SCA plays a key role in identifying supply chain risks and is paramount in any successful AppSec program. Veracode SCA helps you build an inventory of your third-party components to identify vulnerabilities, including open-source and commercial code. The Veracode Platform analyzes both your own and third-party code in a single static scan, providing you visibility across your entire application portfolio. You can access SCA results after your static prescan is complete, enabling your developers and AppSec teams to quickly identify known vulnerabilities and automatically remediate them.
- The White House urged rapid action in dealing with potential Cyber Security software threats. Often the first step to identifying risk is to create a Software Bill Of Materials (SBOM). The Veracode AppSec platform enables your developers and security teams to quickly create an SBOM and identify potential software risks. To learn more about how to create an SBOM in the Veracode platform check out our blog How to generate a Software Bill of Materials (SBOM) in Veracode Software Composition Analysis (SCA).
In the wake of the SolarWinds hack and the recent Log4Shell vulnerability in Log4j, governments are prioritizing cybersecurity and are actively mapping out plans to ensure their departments, partners, and stakeholders are building greater cyber resilience.
It has never been more important to remain vigilant and to remove roadblocks that prevent organizations from securing their software. Veracode is committed to helping developers and AppSec teams meet the White House recommendations around security both now and long into the future.
For more information on how we’re helping developers and application security teams check out the links below: