Co-Founder and Interim Chief Executive Officer of CloudBees, the enterprise software delivery company.
getty
After being ranked the fifth highest risk in 2020, cyberattacks are becoming increasingly ubiquitous, and IoT cyberattacks are expected to double by 2025. But not everybody sees this—and I mean that quite literally. Because not all technology can be seen, its potential impacts often fly under the radar.
Let’s say a bad actor hacks into code and captures sensitive information about a business or government. As consumers, all we see is a website that goes down or a notification that our sensitive information may have been accessed. In the wake of these occurrences, it seems that most people shake their heads, talk about the importance of security and move on—without any action.
As purely virtual tech becomes increasingly more prevalent, it’s easy to forget there are significant consequences—physical consequences—of these attacks. With the emergence of IoT, cybersecurity threats are taking on new dimensions. It’s because of this that we must stay vigilant.
Imagine there’s a snowstorm in Atlanta. It shuts down traffic throughout the city, causing major traffic jams and threatening everyone on the road. Now imagine a bad actor hacks into all self-driving cars in Atlanta and does the same thing with malicious intent.
This is just one example. Consider how many aspects of our lives today are “connected”—our phones, alarm systems, health devices, even some of our refrigerators and so much more.
Year after year, we see technology evolving. But security measures have failed to keep pace with this rapid evolution. As tech leaders, it is our responsibility to move from a belief that security is important to taking concrete actions to protect our software supply chains from attack.
So, how can we take action today to improve our security and compliance posture? Here are three steps leaders can take to proactively secure their software supply chain.
1. Build security into every aspect of your software delivery process. Security cannot be reactive. Security must be proactive and continuous, or else your software is not secure. Businesses must make security a priority by building it into their software delivery process so that it’s a forethought, not an afterthought. Only by being secure in development, delivery and production can you consider your software supply chain secure.
2. Have a plan to mitigate. Even if your code is deployed and is out of sight, it should never be out of mind. Remember: Security cannot be reactive. Having a plan to keep track of code and close the vulnerability when it’s detected ensures you’re staying proactive with your security measures. Quick response strategies—such as feature flagging and automated rollbacks—can help detect issues and reduce the time it takes to fix any security issues that arise.
3. Embed a continuous compliance system into your security strategy. You can directly integrate this with your mitigation system, which is why step two is of the utmost importance if you want this third step to be successful. The best continuous compliance systems connect your software supply chain, production system and coding ecosystem to trigger immediate mitigation and instructions for deploying a fix.
With technology changing at lightning speed, we really have no excuse to stand still when it comes to security. For too long, we’ve been living in what I call a “state of theoreticals”—that is, knowing the threats are out there but being largely reactive in our approaches. Because of this, we should be working toward creating the concrete solutions needed to protect against both visible and invisible threats. But this can’t happen without awareness, and it certainly can’t happen without action.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
