“70% of organizations acknowledge the significance of secure coding training”
Did you know that 34% of data breaches involve internal actors? We spoke with Jared Ablon, HackEDU Founder and President, about security. Jared addresses what you need to do to stay secure while working from home, how hackers use unauthorized access, and more.
JAXenter: Hi Jared, thank you for taking the time to answer our questions. Let’s talk about the fact that 34% of data breaches involve internal actors. That figure is surprising. Are these breaches accidental or on purpose?
Jared Ablon: Research shows that only a small percentage of breaches caused by internal actors are malicious. Generally, the cause of breaches is innocent and due to a lack of education and understanding about vulnerabilities.
JAXenter: In your opinion, will this number increase or decrease over the next few years?
Jared Ablon: The good news is that there’s momentum to train employees in all roles to understand attacks and how to protect themselves and their organization. 70% of organizations acknowledge the significance of secure coding training and at HackEDU we’re definitely seeing an increase in training of software developers so that they can code securely and protect against attacks early in the SLDC. While I don’t have a crystal ball, I would hope that breaches involving internal actors would decrease over time with these efforts.
JAXenter: How do hackers use unauthorized access?
Jared Ablon: Whether it is through phishing or taking advantage of a software vulnerability, attackers can use unauthorized access to do anything an authorized user can do. This is why it is such a critical issue because unauthorized access can be the keys to the kingdom.
JAXenter: How should employers personally test their employees’ security? What can they do to ensure everyone is properly trained and vetted?
Jared Ablon: It’s best practice to have a continuous training program for all employees and to regularly test their ability to recognize and avoid attacks. Specifically with increases in web app attacks, it’s more important than ever to have specialized training for software developers to ensure they are learning hands-on skills to reduce risk.
JAXenter: Of course, working from home is now the new norm. It comes with a lot of positives, but does it also come with some security risks? And if so, what should employees working from home do to protect sensitive data?
Jared Ablon: Well, there’s a long list but here are a few that I think are particularly important.
- Employees should be working on a secure network ensuring that they’ve changed the standard password on their home WiFirouter.
- If possible, they should have a VPN to access company information.
- They should never leave their work computers unlocked or let their family use their work PC.
JAXenter: What are some code review best practices that will ensure all our code is up to the best security standards?
Jared Ablon: Train users on how to do code reviews.
Create and follow a set of secure coding guidelines.
Follow a Secure Software Development Lifecycle and employ security best practices throughout the lifecycle. It can be overwhelming but start somewhere and get 1% better each day.
JAXenter: What are the essentials in your security toolkit?
Jared Ablon: A Secure Software Development Lifecycle (SDLC). There is no one essential thing, it is about starting somewhere and building a comprehensive approach to secure coding throughout the full software development lifecycle.