Hackers are getting more diligent: you must understand your code before you can protect it

Cyber security has become the main topic of discussion in the past year. More and more major organizations have been hit by security breaches. It is important to note that it is not always due to the code that they implement and create themselves. It is more due to not having the practices in place to make sure they are using third-party code that is safe and secure. 

image :

Cyber security has become the main topic of discussion in the past year. More and more major organizations have been hit by security breaches. It is important to note that it is not always due to the code that they implement and create themselves. It is more due to not having the practices in place to make sure they are using third-party code that is safe and secure. 

Using manual checks and vendor risk management (VRM) is not enough today. Your vendor risk management team will look and see that a library is free, or a piece of software costs $5,000, so it may fit under a risk assessment threshold. Though, just because the software you are purchasing is not expensive, does that mean it should not be checked upon implementation and then again during an update or upgrade?  No. These are some of the most important code bases to check. Automation is the key.

Every year, we see significant global security breaches around the world. Just recently, the largest meat processing plant in the world was shut down for multiple days. In addition, one of the largest hacks in history, known as SolarWinds, used a supply chain method to use a gap in an IT program to gain access to compromise data, networks and systems within government agencies, Microsoft, Intel, Cisco, Deloitte and over 18,000 other large organizations.

After the SolarWinds breach, the US Government has placed an Executive Order for cybersecurity initiatives and to care about the full software supply chain within every application. This will also require private vendors that work with the federal government to have these initiatives in place. In summary, these include:

  • A Software Bill of Materials (SBOM) will become mandatory
  • Importance on open-source provenance
  • Automation tools will be important
  • Secure development environments
  • Much more

ISO 27001:2017 takes best practices, consistency, policy, and growth into consideration. 95% of cybersecurity breaches are caused by human error https://www.cybintsolutions.com/cyber-security-facts-stats/. So, having policy, training, and consistent procedures is imperative to make sure your organization is as safe as possible. Any smart hacker will try and target your weakest link, which means you cannot allow anything to be weak.

iText has been ISO 27001:2017 certified for the past 3 years. Over that time, we have seen growth and expansion to consistently cover the growing needs within information security. Part of the reason we had chosen ISO, rather than NIST or any other program was the requirement for yearly audits and proof of growth. The world evolves exponentially around us, and we have to change and grow with it to make sure all of our customers are also safe from cybersecurity or supply chain issues.



문의

문의가 해결되지 않았습니까? 

저희가 도와드리겠습니다. 연락해 주시면 빠르게 답변해 드리겠습니다.

문의하기
최신 정보를 받아보세요

11,000명 이상의 가입자와 함께 새로운 제품, 업데이트, 팁, 기술 솔루션 및 기회에 대한 최신 정보를 받아보시면서 iText PDF 전문가가 되어보세요.

지금 구독하기