Later this month, people will don scary costumes, visit haunted houses and decorate their homes with spooky symbols in celebration of Halloween—all with the good intent of giving friends and family a little fright.
There is something much more frightful, however, being discussed this month—the growing threat of cyber attacks. October is National Cybersecurity Awareness month and was designed to encourage companies and individuals alike to consider their own practices on the Internet and how to prevent incidents. "Cyber threats pose one of the gravest national security dangers the United States faces,” stated President Barack Obama. “When our nation's intellectual property is stolen, it harms our economy, and when a victim experiences online theft, fraud, or abuse, it puts all of us at risk.”
As illustrated in this interactive graphic of the world’s biggest data breaches in the last ten years, the size and severity of attacks has steadily increased. Yet spending on security training for application developers has failed to grow accordingly. Aspect Security, a leader in application security training and an OpenSesame seller, recently released its annual report on the state of developer application security knowledge. After quizzing 1,425 developers representing 695 companies, the study puts the average developer’s knowledge of standard security vulnerabilities at a D rating. The biggest knowledge gap areas included: protecting sensitive data, threat modeling and architecture reviews, as well as securing web services. Additionally, the study found security knowledge “does not correlate with years of experience.” An effort must be made to instruct developers in secure coding practices during specialization in order for the lessons to take hold.
Consumers rely on technology like never before—to monitor health and national defense, track finances and personal records, even maintain relationships—and, consequently, demand companies better protect the increasing amount of personal data they share, or run the risk of losing their loyalty. As such, protecting their data, customers, employees and reputation is the top concern of every organization with an online presence.
Rather than outsource IT security to external firms and their experts, everyone in a company’s IT team must be uptrained in security practices to build cyber resiliency across the organization. There simply is no substitute for internal training, planning and being prepared for a cyber threat.
As such, OpenSesame has a number of resources available to help managers and developers understand cybersecurity threats:
- Aspect Security focuses exclusively on application security. Their engaging and interactive elearning curriculum teaches developers, architects, QA and managers everything they need to know about creating and deploying secure applications. A good place to start would be with their Application Security Awareness Series Bundle and Application Security Technical Series Bundle.
- SmartPros is a leading provider of professional education and training, and features course titles covering subjects in the accounting, financial services, legal, engineering and information technology industries. Start with their “Cyber Terror and Cyber Risk: What You Need To Know” course, particularly for those in IT leadership positions.
- CyberSecurity Training Track: This 14 course track was designed specifically to provide a starting point for both managers and developers to begin to develop the tools necessary to combat cybersecurity threats. The track moves a learner from basic to advanced knowledge of security vulnerabilities through various levels of courses. Download your complementary copy of the training track!
National Cybersecurity Awareness month creates an opportunity to begin a dialogue within your company on the importance of secure data. Take some time this month to talk with your IT staff about their application security concerns and avoid giving your customers any unnecessary frights.