As a leader, it’s important to strike a good balance between innovation and cyber security to stay ahead of the game, while safeguarding your business.
In this blog, Kane Mathers, our talented Senior Software Developer and ethical hacker, spills the beans on the cyber security threats you must be aware of and the driving forces behind hackers’ relentless pursuits.
Tip 1: Keep your main operating system up to date
There are two main areas to focus on here. Firstly, avoid shared hosting environments. Hacking attempts aren’t limited to the main website; all websites running on the same server can be targets. You might have the most secure website in the world, but if another website on the same host is vulnerable, it can be the entry door to the server.
Secondly, monitor your network. Services running on other hosts that you might assume are undiscoverable (because people don’t know the IP of the host) can lead to your server being publicly accessible, without your developers realising. Consider Shodan for real-time monitoring and alerts.
Tip 2: Maintain and update dependencies
Dependencies, such as old websites, or CMS plugins, can pose significant vulnerabilities, so it’s crucial to conduct regular security audits. Check out tools like Github’s Dependabot to ease the burden of keeping dependencies up to date.
Kane says he doesn’t waste his time on heavily trafficked pages on a website, like the login page or home page.
“I’ll go straight to the less trafficked, possibly older functionality, of a website that hasn’t been kept up to date or has been rushed out.”
Tip 3: Ensure you have quality Application Programming Interfaces (APIs)
Here, the focus is on effectively managing tech debt and embedding peer code reviews into development processes to ensure you have quality APIs.
There are three important considerations:
- Always complete peer code reviews – involve team members who have a passion for security into this process.
- Just because APIs aren’t easily discoverable, doesn’t mean they won’t be discovered (most common in mobile app-specific APIs).
- Consider how user input can be abused. Ask questions such as; is it going into a database, touching the filesystem, or being passed to external applications?
Our rule of thumb for managing tech debt: Allocate 20% of your team’s capacity towards tech debt, 10% on bug fixes, and 70% on new features.
Security is an ongoing process
Safeguarding your business is becoming even more important in today’s evolving digital landscape. It’s more than simply updating your software or doubling down on high-trafficked website pages.
Leaders must recognise that cyber security is not a one-time task but an ongoing process. Staying proactive is key to protecting your digital assets.