We live in a world of increasingly connected devices – phones, digital assistants, smart watches, cars, thermostats, refrigerators, windmills, and more. More than 50% of the world’s population is now online and two-thirds own a mobile device, according to the World Economic Forum. Additionally, the codebase of today’s applications typically consists mainly of open source components – exposing them to greater risk of hacking than ever before. Given this matrix of connected things – our homes, societal well-being, economic prosperity and nation’s security are impacted by any attack on the internet or software, both of which are now considered part of the U.S.’ critical infrastructure.
This is why we here at JFrog want to bring attention to Cybersecurity Awareness Month. Starting today, and continuing each Tuesday, we’ll host a series of blogs that call attention to some of the vulnerabilities in today’s software, along with tips for scanning or analyzing software for vulnerabilities to help maintain security. Our hope is that we can help you better identify vulnerabilities hidden in all parts of your applications before attackers can find them.
Cyberattacks on critical infrastructure were rated the fifth top risk in 2020 by the World Economic Forum, which said “[these attacks] have become the new normal across sectors such as energy, healthcare, and transportation.” This is why it’s important for everyone to understand the importance of good cyber hygiene and the impact their actions online can have on the wider connected infrastructure. It’s also critical for developers to have tools that make it easy to “shift left” and bake-in security from the start of the software development lifecycle (SDLC) — application planning and design — all the way to software deployment and distribution.
Cybersecurity Awareness Month – which takes place each October – was launched by the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security (DHS) in 2004. It was created as a collaborative effort between government and industry to ensure citizens have the education, and resources they need to act more responsibly, and be safer and more secure online. We support this initiative and feel it’s important for developers to continuously govern and audit all artifacts consumed and produced in CI/CD pipelines.
What started as a U.S.-only program has grown exponentially, reaching consumers, small and medium-size businesses, corporations, educational institutions, and citizens around the world including those in Europe, Japan, and India. Now in its 18th year, Cybersecurity Awareness Month continues to build momentum and impact around the globe both online and offline.
The overarching theme for Cybersecurity Awareness Month 2021 is “Do Your Part. #BeCyberSmart.” The theme focuses on both individuals and organizations and their role in protecting cyberspace. If everyone does their part – implementing stronger security practices, training employees, raising community awareness, educating audiences on identifying and fixing software vulnerabilities – our interconnected world will be safer and more resilient for everyone.
As cyber threats become more sophisticated and targeted, organizations must approach cybersecurity more proactively and invest in the areas of their business most prone to attack – particularly software. The easier it is for developers to have visibility into, continuously monitor, and mitigate security risks across the SDLC, the safer your enterprise will be.
For individuals, be cognizant of your online activity. Are the networks you’re using secure? Have you validated the apps you’re using have secure software components? Do your devices have strong privacy settings and passwords, and lock automatically after a certain period of inactivity?
We have an opportunity to keep our systems, devices, and the internet secure every day. Cybersecurity should not be an afterthought. Let’s shift left and kick-off this Cybersecurity Awareness Month with this post by Shachar Menashe, Sr. Director Security Research at JFrog, on a vulnerability recently discovered within Yamale, a popular software package created by the family heritage company, 23andMe. Stay tuned for more security research updates each Tuesday in October right here on our blog.