Veracode CEO Sam King had the opportunity to speak at this year’s inaugural virtual Boston Globe Summit, “The Great Recovery.” Sam was invited to join the panel, How Boston is Tackling the Biggest Cyber Threats Facing Society, moderated by Gregory T. Huang, Business Editor at the Boston Globe, with guests Greg Dracon of .406 Ventures and Christopher Ahlberg of Recorded Future.
The group began by discussing the evolving landscape of software today. Sam noted that the COVID-19 pandemic, a forcing function to remote work environments, kicked digital transformation into action for many organizations, whether or not they were prepared. In fact, a survey from Verizon detailing sentiment among business leaders about the impacts of COVID-19 found that 38 percent of respondents had implemented virtual collaboration technology and a third chose to temporarily close to allow for transitions to new systems that would enable new ways of working. There was also increased adoption of cloud and software as a service.
Sam also touched on issues raised by Veracode’s co-founder and CTO Chris Wysopal in his testimony to Congress in 2003 which are still as relevant as ever: large amounts of software are still not designed in a defensive way, nor are they built with security testing directly embedded in the software development process.
This is especially problematic for businesses and government, so it’s vital that organizations pay attention to initiatives like the current administration’s Executive Order on Improving the Nation’s Cybersecurity. “President Biden came out with the Executive Order a couple of months ago and that is a step in the right direction for two reasons: he is asking federal agencies to do a better job, and he is also using the purchasing power of the federal government to try and secure the extended software supply chain,” Sam noted.
As we move forward, what should the role of the government be in security, and which policies did the panel think are most useful? Worth mentioning are the recent Massachusetts state senate hearings in which we learned that residents had lost nearly $100 million from cyberattacks in 2020 according to the FBI Internet Crime Complaint Center annual report.
In these cases, the role of government in driving policy may be best achieved by providing resources and educational training so that state and local institutions can improve their systems and build thoughtful security plans that protect their data – and the data of the people who use their services. As Sam commented during the summit, establishing guidelines and then creating some incentives to drive policy is a step in the right direction.
Ideally, government should work with the private sector to share information around requirements, ratings, and labels so that software is held to the same standards across the board. Sam once again applauded the executive order, explaining how critical it is for the government to take proactive steps to ensure the security and safety of software by establishing standards around accessing vulnerabilities and implementing security processes.
When asked about what we might see in the future of cyberattacks, Sam noted that she hopes the current moment in time is a call to action for everyone, especially those implementing policy and strategy within their organizations. “I think it’s going to take a wholesale effort where people that are guiding the strategies of companies and looking at the risks are creating structural change in the organizations they’re responsible for,” she continued.
Stay up to date on the latest tools, trends, and vulnerabilities in software security by reading our annual State of Software Security report, and watch a recording of the panel.