Securing applications following a cyberattack

As cyberattacks continue to rise, organisations must focus not only on prevention but also on effectively responding to breaches and restoring compromised systems. Traditional incident response methods are often insufficient, as they overlook attacker impacts on application development processes. To enhance cybersecurity, software security should be a top priority, encompassing the entire software development lifecycle (SDLC).

Securing software during the development process is easier than addressing flaws introduced later. To limit the impact of an attack, organisations should store binary signatures, conduct anomaly testing, restrict access to development tools, and manage access controls for repositories. Recent attacks, such as the compromise of a CI/CD platform, highlight the importance of containment strategies and consider employees' home networks, especially those not guided by a VPN service, as potential threats.

Supply chain attacks, where attackers install backdoors in widely used software, pose significant risks. The SolarWinds breach and the compromise of 3CX's binary distribution demonstrate the challenges in detecting sophisticated insertions. During the application build phase, it is crucial to use trusted tools, manage access, and integrate security from the outset, a practice known as "shifting left." In the current threat environment, it’s advisable for software developers and security experts to lock arms and develop software in partnership. The old-fashioned way of developing software before adding security has exposed millions to cyber attacks.

While prevention efforts are essential, organisations should also prepare for failure by taking immediate action to limit damage after a breach. Scanning endpoints, changing passwords and keys, validating code and containers, securing the toolchain, and managing developer access are key steps. Trusting compromised development tools can have severe consequences, emphasising the need for careful scrutiny and binary analysis.

Network breaches can have devastating consequences, eroding confidence in the application and network security. Despite organisations' best efforts, vulnerabilities in third-party software can lead to breaches. It is crucial to maintain vigilance, implement strong security measures, teach employees the value of a hide VPN, prepare for potential attacks, and swiftly restore trust in software and the application development pipeline.