Why AppSec Matters Now More Than Ever

by ZeroNorth on April 9, 2020

Facing change is never easy…

Many of us have a love-hate relationship with change, especially when things are not going well. But as we know, thanks to the Greek philosopher Heraclitus, the only constant in life is change. We must embrace it, even if it means our “normal” is never quite the same. The goal is not to fight the change but to be the change by finding creative ways to improve our decisions, in business and life. In this way, change is more than just a challenge—it’s a catalyst for even bigger, better things.

In the world of software technology, working successfully with change often means leaning more heavily on innovation to pivot from What can we do to build competitive advantage? to What can we do to make things better for everyone right now? This means creating new capabilities we’ve never needed before—either expanding existing applications or pushing out new products—and shoring up applications to handle massive spikes in demand.

Keeping cybersecurity healthy is key.

Of course, the recent pandemic we’ve all been facing has considerable cybersecurity implications as well. We’re already starting to see an uptick in attacks of all kinds—phishing, malware, DDoS and others—with risks ranging from disinformation to disruption. On the AppSec side, hackers are surely studying any exploitable vulnerabilities in all the new quickly-forming systems coming online in the wake of the outbreak. In line, development teams everywhere are looking to create secure code while paying close attention to best security practices. But with so many changes happening so quickly—and with so much uncertainty—AppSec processes and controls could very well end up lagging.

The pressure to get new applications and features to market quickly has taken on an increased level of urgency. Unfortunately, this also creates an enormous potential opportunity for cyber criminals. As a result, we are thinking very seriously about the overall vulnerability of our hospitals, food supplies and other vital functions. Bad actors thrive on the opportunities created when the world is experiencing change or moments of struggle.

What can you do?

Ratchet up security across the SDLC: Organizations with DevSecOps teams that have a robust AppSec program in place, with automation and real-time visibility, should continue to use their security processes and controls to make informed risk decisions, even as timelines continue to accelerate. If your company hasn’t yet achieved this level of AppSec maturity, there are some things you can do to ratchet up security across the SDLC. There are a number of open source security scanning tools—including SCA, SAST, DAST and container scanning tools—you can quickly adopt at no cost to immediately shore up AppSec where there may be gaps.
Automate security throughout the SDLC: For developers and security professionals who, like everyone else, are working remotely, it’s important to remember they’re also struggling with the challenges this new normal creates. Automate security throughout the SDLC wherever possible, but make sure your teams can easily collaborate for those areas you can’t automate.
Maintain secure “working from home” (WFH) practices: As the security experts in your organization, you can help everyone in your company maintain secure WFH practices. There are some good resources that can also help. The National Cybersecurity Alliance has put together a COVID-19 Security Resource Library, which is a compilation of tips and recommendations from NCSA and its partners on ways to stay safe online, as well as how to avoid cyber threats and scams during this pandemic. And the Cybersecurity and Infrastructure Security Agency created a page for CISA information and updates on COVID-19, which includes specific security guidance for telework.

We’re in this together.

Everything is being stress-tested right now: our technology, our processes, our security—not to mention our sanity. Thank you to the tech community and others who are working tirelessly to answer immediate needs with technology solutions. Your work matters now and for the future, as this digital shift will likely last far beyond the current pandemic. Be well and stay safe.