Computer Security Day – Tips from Synopsys
by Boris Cipot, Senior Security Engineer, Synopsys Software Integrity Group
Taking a moment on this Computer Security Day to express gratitude to the individuals dedicated to daily risk mitigation in order to make our computerised life more secure. These people are not creating new rules and limitations to hinder your work, but are trying to protect the assets, data, and workplaces. Understanding the intent behind these established rules fosters an appreciation for the collective endeavour to fortify our digital lives.
To help fulfil our role, there are many things that you can do. For a start, authentication is always important, and the most used method – the password. Make sure that you create strong passwords, including the use of special characters and numbers with a length of 13 or more characters. Do not reuse passwords for multiple services and make sure that they are not available to prying eyes. The best way to achieve this goal is to use a password manager that will help you to generate and keep those passwords. In many cases, the password managers will also run consistent checks to ensure that your accounts and passwords are not breached.
As an additional measure, it is also important to deploy 2-factor authentication. Many online services have this additional feature available today. It is an additional step when logging in but an important one to keep your account safe.
Next, make sure you update your software. Old software is often the hackers’ gateway to your devices and data. Patch, update, and upgrade as often as you can and if possible, set updates to happen automatically. In corporate environments, it is not as easy due to the processes and possible system downtime. However, try not to postpone the updates. Bad actors can easily find out what software vulnerabilities your company systems or employee laptops and mobile devices are running. Exploiting those is then just a small step.
The onus on the development community is huge, with application development occupying a pivotal role. Make sure that you develop your software with security in mind. Rigorously scrutinise your proprietary code for unintentional vulnerabilities that could transform your network into an open house for cybercriminals. Use Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Interactive Application Security Testing (IAST) technology to quickly find and address issues.
Furthermore, understanding the composition of your code is vital. Whether we are utilising Open Source Software or embracing the expediency of AI-generated code, you need to make sure that you know what is built into your software and what vulnerabilities it brings to the table. Utilise Software Composition Analysis (SCA) tools to gather comprehensive information and monitor the overall risk posture.
As for the organisation heads, fostering a secure working environment requires proactive measures. Prioritise ongoing cyber training for employees, ensuring comprehension of cybersecurity risks and threats. Equip security personnel with the necessary tools for comprehensive risk assessment, result correlation, and focused, effective responses. In doing so, organisations can fortify their defence mechanisms against the evolving landscape of cyber threats.