CSO and ex-CEO/co-founder of CloudBeesthe business software delivery company.
After ranking fifth highest risk in 2020, cyber-attacks are becoming more ubiquitous and IoT cyber-attacks are expected to double by 2025. But not everyone sees this – and I mean that quite literally. Because not all technology can be seen, its potential effects often fly under the radar.
Suppose a bad actor hacks into code and captures sensitive information about a company or government. As consumers, we only see a website that is down or a notification that our sensitive information may have been accessed. In the wake of these events, it seems most people shake their heads, talk about the importance of safety, and move on — without any action.
With purely virtual technology becoming more common, it’s easy to forget that there are significant consequences – physical consequences – of these attacks. With the rise of IoT, cybersecurity threats are taking on new dimensions. That is why we must remain vigilant.
Imagine there is a snow storm in Atlanta. It cuts off traffic in the city, causes huge traffic jams and threatens everyone on the road. Now imagine a bad actor hacking into all the self-driving cars in Atlanta and doing the same with malicious intent.
This is just an example. Think about how many aspects of our lives are ‘connected’ today: our telephones, alarm systems, health equipment, even some of our refrigerators and much more.
Year after year we see the technology evolve. But security measures have not been able to keep up with this rapid evolution. As technology leaders, it is our responsibility to move from the belief that security matters to taking concrete measures to protect our software supply chains from attacks.
So, how can we take action today to improve our security and compliance stance? Here are three steps leaders can take to proactively secure their software supply chain.
1. Build security into every aspect of your software delivery process. Security cannot be reactive. Security must be proactive and continuously, otherwise your software will not be safe. Businesses should make security a priority by building it into their software delivery process so that it is foresighted, not an afterthought. Only by being secure in development, delivery, and production can you consider your software supply chain to be secure.
2. Have a plan to mitigate. Even if your code is implemented and out of sight, it should never be out of mind. Remember: Security cannot be reactive. Having a plan to keep up with code and seal the vulnerability when it’s detected helps ensure you stay proactive with your security measures. Rapid response strategies, such as feature highlighting and automated rollbacks, can help identify issues and reduce the time it takes to resolve any security vulnerabilities.
3. Integrate a continuous compliance system into your security strategy. You can integrate this directly with your mitigation system. Therefore, step two is paramount if you want this third step to be successful. The best continuous compliance systems connect your software supply chain, production system, and coding ecosystem to trigger immediate mitigation and fix implementation instructions.
With technology changing at lightning speed, we really have no excuse to stand still when it comes to security. For too long we’ve lived in what I call a “theoretical state” — that is, knowing the threats are there, but largely reactive in our approaches. That is why we must work to create the concrete solutions needed to protect ourselves from threats both visible and invisible. But this cannot happen without consciousness, and it certainly cannot happen without action.
Forbes Technology Council is an invite-only community for world-class CIOs, CTOs, and technology executives. Am I eligible?