Cybersecurity: Top Five Tips in Tillamook
Your advice articles are great, and your recent articles about the risks of using open source software (OSS) were very helpful. Sloan, could you please share your top five tips for improving my team’s cybersecurity posture when using OSS?
Signed by Tommy in Tillamook
Dear Tommy in Tillamook,
Open source software (OSS) continues to grow due to its many benefits, such as cost-effectiveness, community-driven development, and transparency. As you know, there are potential cybersecurity risks that should be considered when using open source software. I’ve published many articles about cybersecurity, so I won’t go into that here. Though I will point out some interesting stats regarding cybercrime. According to Cybersecurity Ventures, “global cybercrime costs [are expected] to grow by 15 percent per year over the next three years.” According to a Cisco blog post, cybercrime “will be more profitable than the global trade of all major illegal drugs combined.” Now is the time to further educate your team, Tommy. I’m glad you reached out.
Cybersecurity – What Do The Numbers Say?
While the numbers are staggering, research reports that cybercrimes are vastly undercounted. Many companies don’t report — due to embarrassment, fear of damaging their reputation, assuming law enforcement can’t help, etc. It’s not illegal to keep a cyberattack hush-hush. I’ve not heard of a law that requires publicly reporting cybercrime. According to a Cybersecurity Ventures, “some estimates suggest as few as 10 percent of the total number of cybercrimes committed each year are actually reported.”
But don’t panic, you are asking the right questions to change things for the better. As you requested, I’m going to share five tips to improve your team’s cybersecurity posture. They’re easy to implement and easy to maintain.
Five Tips to Improve Cybersecurity Posture
Here are my top five tips to help you navigate the use of open source software and improve your team’s cybersecurity posture:
1. Choose reputable open source projects. When selecting OSS, it is important to choose reputable projects that adhere to your corporate security policies. Look for those that have a large and active community of contributors. This helps to ensure that the software is regularly updated and that any vulnerabilities are quickly identified and patched.
2. Keep software up to date. Just like with proprietary software, it is essential to keep OSS up to date with the latest security patches and updates. Make sure to regularly check for updates and install them as soon as possible.
3. Monitor for vulnerabilities. OSS is not immune to vulnerabilities. It’s important to monitor for any potential security issues. Regularly scan your codebase to identify and address any potential risks associated with the use of open source components. There are plenty of open source tools to help get you started.
4. Implement access controls. It’s important to put in place access controls for any OSS that is used within your organization. This helps ensure that only authorized users have access to the software. Additionally, sensitive information is protected.
5. Train your staff. Provide cybersecurity training to your staff. Include training on the safe use of OSS. This may help to reduce the risk of human error, while improving your overall cybersecurity posture.
Safer Cybersecurity Summary
By following these tips, you can effectively use open source software while minimizing potential cybersecurity risks. OSS can be a valuable asset to your organization, but only when used with caution. Always ensure that proper security measures are in place.
Thanks for sending me your question. On a scale of 1 – 10, with one being the lowest score and ten being the highest, how would you rate your team’s overall cybersecurity posture today? Which of the five tips will you implement first? Add your comments below.
Keep in mind, there are plenty of other great blog posts on the topic and check out Sonatype courses.
~ Making Cyber a Safer Space