Why developers are our best defence against cyberattacks

Matias Madou, Co-Founder & CTO at Secure Code Warrior, explains why developers are our best defence against cyberattacks.
Matias Madou, Co-Founder & CTO at Secure Code Warrior, explains why developers are our best defence against cyberattacks.

As restrictions ease and we start to see the light at the end of the tunnel, it could be years before we fully adjust to life post-pandemic. At the same time, many organisations are choosing to continue to operate on a remote or hybrid basis; the influx of new tools and technologies designed to support a remote workforce brought with it a new set of vulnerabilities that IT and security teams were not prepared for.

Criminals quickly caught on to the fact that organisations were not set up for remote work and took advantage of the disruption, launching a barrage of attacks over the past year. In this unknown territory, traditional cybersecurity defences can’t be relied on to hold the fort; it’s developers that need to step up to become the new frontline defenders.

For organisations to better defend against cyberattacks, developers need to be given ownership of their vital role in cybersecurity, ongoing support to enable them to share responsibility, and credit where it’s due for their successes. In addition, developers need continuous upskilling to keep pace with advances in technology, access to the right resources, and a framework of contextual knowledge that teaches practical secure coding skills, not to mention the importance of quality, safe code. It’s the responsibility of business leaders to champion these new approaches to security from the top, empower CISOs, CTOs and security executives to invigorate existing security programmes and prioritise developer-centric learning.

Preparation is key

Cyberattacks are becoming more and more sophisticated, and current cybersecurity tools are struggling to keep pace. Traditional tools like firewalls and antivirus software can stop some attempts, but the attacks that do slip through the net can take an average of 280 days to identify and contain, according to findings from IBM. The Equifax data breach, for instance, which exposed information on 147 million people and cost the company over $1.7 billion, went undetected for 76 days.

When it comes to cybersecurity, the reality is that many organisations are still relying on reactive defences. The strategy behind this approach relies on either the remediation of bugs in code that has already shipped or to incident response in the event of a disaster. This approach is very expensive and overlooks a proactive approach that utilises the human element of security. By investing in their security teams, organisations can regain more control of the situation, helping to eliminate vulnerabilities at the start before passing common, fixable bugs onto an already overloaded security tool.

Security should be the priority, not speed

For a long time, a developer’s skill has been measured against how quickly they can develop code, with security as an afterthought. We need to rethink this seal of quality and shift the focus from speed to security. By choosing to support developers with viable routes to upskilling, organisations can improve their whole software pipeline. There is a real opportunity here for business leaders to reshape this outdated notion and prioritise high quality, secure code.

Providing relevant, in-depth educational experiences that provide the foundation of secure coding skills will help developers see the bigger picture and understand how they are helping prevent cyberattacks caused by common vulnerabilities. Coupled with incentives for writing secure code, CISOs and security executives can encourage developers to become key in their cybersecurity teams.

Why we should put developers first when it comes to security

According to a study carried out by the IBM System Science Institute, the expense of fixing a vulnerability increases by a factor of six once it leaves the development environment. If the vulnerability is discovered during a traditional testing process after the programme or app has been completed, it becomes 15 times more expensive. Furthermore, if an organisation finds a bug or a vulnerability once a programme is placed in the production environment, it’s a staggering 100 times more detrimental to an organisation’s bottom line.

The initial financial outlay of training developers to write secure code can soon be justified once common security bugs start to be eliminated before progressing down the development pipeline. If business leaders invest in upskilling developers and focusing on a more effective, long-term solution, they can actively avoid paying the price of a security breach.

Staying one step ahead

On-the-go skills development programmes don’t always have the best reputation and not always fairly. In particular, the technology and cybersecurity industry is because they’re constantly evolving, so guidelines are outdated and sometimes nearing obsolescence before they’re even finished.

Learning should be continuous to remain effective. Developing a flexible upskilling programme can result in better coding and developers with greater skills. Several developer-led programmes use learning tools, which become part of the process itself, alerting the developer if they write code with a known vulnerability, facilitating contextual, accessible teaching moments by explaining how the developer could have completed the same action more securely.

READ MORE:

Secure code is quality code

Many common vulnerabilities exist because developers haven’t followed best practices in secure coding, and they are using poor coding patterns. This is often not their fault, and the culture and facilitation of security skills for them leaves a lot to be desired. Secure coding and quality coding are very much interlinked. The more time developers familiarise themselves with the latest security practices; the more conscious they are of creating high-quality code.

In a world where cyberattacks constantly threaten organisations, investing in developers is a wise move for businesses. Catching vulnerabilities in the early stages of software development means that they don’t become a security headache further down the line.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

An image of cyberattacks, Security & Data, Why developers are our best defence against cyberattacks

Amber Donovan-Stevens

Amber is a Content Editor at Top Business Tech

Addressing Regulatory Compliance in Government-Owned, Single-Use Devices

Nadav Avni • 26th March 2024

Corporate-owned single-use (COSU) devices, also known as dedicated devices, make work easier for businesses and many government agencies. They’re powerful smart devices that fulfil a single purpose. Think smart tablets used for inventory tracking, information kiosks, ATMs, or digital displays. But, in a government setting, these devices fall under strict regulatory compliance standards.

Advantages of Cloud-based CAD Solutions for Modern Designers

Marius Marcus • 22nd March 2024

Say goodbye to the days of clunky desktop software chaining us to specific desks. Instead, we’re stepping into a new era fueled by cloud CAD solutions. These game-changing tools not only offer designers unmatched flexibility but also foster collaboration and efficiency like never before!

What are Multi-core Safety-Critical Avionics?

Wind River • 13th March 2024

A multi-core processor is a type of central processing unit that integrates multiple individual processing units onto a single chip. It supports different cores executing their tasks simultaneously, for quick and enhanced overall performance. Multi-core processors nowadays support safety-critical avionics. Find out more about what multi-core processors are, what multi-core safety-critical avionics are, and how...

Why Transition from 4G to 5G+ vRAN/O-RAN?

Emily Goldshteyn • 13th March 2024

The journey from legacy to 5G doesn’t have to be off-putting. It is a process that, if approached strategically, can make your company a pioneer in the digital age. Virtual and Open RAN, which come with broader choices of technology options and greater flexibility, are giving service providers greater opportunity as they transition their networks....