Why developers are our best defence against cyberattacks

Matias Madou, Co-Founder & CTO at Secure Code Warrior, explains why developers are our best defence against cyberattacks.
Matias Madou, Co-Founder & CTO at Secure Code Warrior, explains why developers are our best defence against cyberattacks.

As restrictions ease and we start to see the light at the end of the tunnel, it could be years before we fully adjust to life post-pandemic. At the same time, many organisations are choosing to continue to operate on a remote or hybrid basis; the influx of new tools and technologies designed to support a remote workforce brought with it a new set of vulnerabilities that IT and security teams were not prepared for.

Criminals quickly caught on to the fact that organisations were not set up for remote work and took advantage of the disruption, launching a barrage of attacks over the past year. In this unknown territory, traditional cybersecurity defences can’t be relied on to hold the fort; it’s developers that need to step up to become the new frontline defenders.

For organisations to better defend against cyberattacks, developers need to be given ownership of their vital role in cybersecurity, ongoing support to enable them to share responsibility, and credit where it’s due for their successes. In addition, developers need continuous upskilling to keep pace with advances in technology, access to the right resources, and a framework of contextual knowledge that teaches practical secure coding skills, not to mention the importance of quality, safe code. It’s the responsibility of business leaders to champion these new approaches to security from the top, empower CISOs, CTOs and security executives to invigorate existing security programmes and prioritise developer-centric learning.

Preparation is key

Cyberattacks are becoming more and more sophisticated, and current cybersecurity tools are struggling to keep pace. Traditional tools like firewalls and antivirus software can stop some attempts, but the attacks that do slip through the net can take an average of 280 days to identify and contain, according to findings from IBM. The Equifax data breach, for instance, which exposed information on 147 million people and cost the company over $1.7 billion, went undetected for 76 days.

When it comes to cybersecurity, the reality is that many organisations are still relying on reactive defences. The strategy behind this approach relies on either the remediation of bugs in code that has already shipped or to incident response in the event of a disaster. This approach is very expensive and overlooks a proactive approach that utilises the human element of security. By investing in their security teams, organisations can regain more control of the situation, helping to eliminate vulnerabilities at the start before passing common, fixable bugs onto an already overloaded security tool.

Security should be the priority, not speed

For a long time, a developer’s skill has been measured against how quickly they can develop code, with security as an afterthought. We need to rethink this seal of quality and shift the focus from speed to security. By choosing to support developers with viable routes to upskilling, organisations can improve their whole software pipeline. There is a real opportunity here for business leaders to reshape this outdated notion and prioritise high quality, secure code.

Providing relevant, in-depth educational experiences that provide the foundation of secure coding skills will help developers see the bigger picture and understand how they are helping prevent cyberattacks caused by common vulnerabilities. Coupled with incentives for writing secure code, CISOs and security executives can encourage developers to become key in their cybersecurity teams.

Why we should put developers first when it comes to security

According to a study carried out by the IBM System Science Institute, the expense of fixing a vulnerability increases by a factor of six once it leaves the development environment. If the vulnerability is discovered during a traditional testing process after the programme or app has been completed, it becomes 15 times more expensive. Furthermore, if an organisation finds a bug or a vulnerability once a programme is placed in the production environment, it’s a staggering 100 times more detrimental to an organisation’s bottom line.

The initial financial outlay of training developers to write secure code can soon be justified once common security bugs start to be eliminated before progressing down the development pipeline. If business leaders invest in upskilling developers and focusing on a more effective, long-term solution, they can actively avoid paying the price of a security breach.

Staying one step ahead

On-the-go skills development programmes don’t always have the best reputation and not always fairly. In particular, the technology and cybersecurity industry is because they’re constantly evolving, so guidelines are outdated and sometimes nearing obsolescence before they’re even finished.

Learning should be continuous to remain effective. Developing a flexible upskilling programme can result in better coding and developers with greater skills. Several developer-led programmes use learning tools, which become part of the process itself, alerting the developer if they write code with a known vulnerability, facilitating contextual, accessible teaching moments by explaining how the developer could have completed the same action more securely.

READ MORE:

Secure code is quality code

Many common vulnerabilities exist because developers haven’t followed best practices in secure coding, and they are using poor coding patterns. This is often not their fault, and the culture and facilitation of security skills for them leaves a lot to be desired. Secure coding and quality coding are very much interlinked. The more time developers familiarise themselves with the latest security practices; the more conscious they are of creating high-quality code.

In a world where cyberattacks constantly threaten organisations, investing in developers is a wise move for businesses. Catching vulnerabilities in the early stages of software development means that they don’t become a security headache further down the line.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Amber Donovan-Stevens

Amber is a Content Editor at Top Business Tech

Data-Sharing Done Right: Finding the Best Business Approach

Bart Koek • 20th November 2024

To ensure data is not only available, but also accessible to those that need it, businesses recognise that it is vital to focus on collecting, sorting and governing all the data in their organisation. But what happens when data also needs to be accessed and shared across the business? That is where organisations discover a...

Nova: The Ultimate AI-Powered Martech Solution for Boosting Sales, Marketing...

Erin Lanahan • 19th November 2024

Discover how Nova, the AI-powered engine behind Launched, revolutionises Martech by automating sales and marketing tasks, enhancing personalisation, and delivering unmatched ROI. With advanced intent data integration, revenue attribution, and real-time insights, Nova empowers businesses to scale, streamline operations, and outperform competitors like 6Sense and 11x.ai. Experience the future of Martech with Nova’s transformative AI...

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...

Automated Testing Tools and Their Impact on Software Quality

Natalia Yanchii • 09th October 2024

Test automation refers to using specialized software tools and frameworks to automate the execution of test cases, thereby reducing the time and effort required for manual testing. This approach ensures that automation tests run quickly and consistently, allowing development teams to identify and resolve defects more effectively. Test automation provides greater accuracy by eliminating human...