![]() They probe and research systems using techniques such as footprinting, enumeration, and fingerprinting. "However, encouraging your organization and your supply chain to commit to the tenets of corporate security responsibility will drive brand trust and set your organization apart as one that demonstrates its active commitment to security.Hackers use exposed information and feedback from their actions to their benefit. "here’s no surefire way to prove your security credentials or to know whether one of your suppliers might be the next victim of a data breach," the report noted. ![]() It also recommended following Google's Minimum Viable Secure Product guidelines. The report recommended that robust security checks be performed on suppliers, including proof of compliance with privacy laws, a third-party audit of a security framework, current pen-tests, multi-factor authentication, a vulnerability disclosure policy, and single sign-on. Fifty-three percent of organizations admitted they had lost customers as a result of a data breach. ![]() Sixty-three percent of organizations told HackerOne's researchers that cybersecurity best practices are as important as cost when they choose a supplier, and 62% said they'd take their business elsewhere if a supplier suffered a data breach. Good cyber practices can be a major differentiator for a company, and an important consideration when suppliers are chosen, according to the report. To reduce friction between security teams and developers, the report recommended involving development teams in the security process, rewarding developers for fixing security issues, and holding cybersecurity awareness sessions across the organization. "Security teams should facilitate development, not block it," the report said. Early testing and continuous testing throughout the development lifecycle are ways to avoid security snags. That need not be the case, the report maintained. Suppliers’ cybersecurity best practices as important as costĪ common criticism of security is it slows innovation by increasing the time it takes for development teams to produce software. To avoid that and promote collaboration, HackerOne recommended encouraging third parties to report vulnerabilities, setting up regular security briefing sessions with company brass, and translating security risk into risk to the business. Sixty-seven percent said they'd rather accept software vulnerabilities than work with hackers, while 50% of hackers admitted they hadn't disclosed a bug because of a previous negative experience or the lack of a channel to report it.Ī lack of trust makes everyone a potential cyber enemy, the report maintained. The report also revealed a lot of distrust between organizations and third-party researchers. To create greater transparency, the report recommended building a culture of openness, avoiding assigning blame when incidents happen, providing third-party researchers with a clear process for reporting vulnerabilities, and taking an open approach to stakeholders should a breach occur. Not admitting weaknesses and asking for help fixing them can cause significant damage to a brand should a "secret" vulnerability be exploited, the report explained. Distrust between organizations and third-party researchersĪccording to survey data gathered for the report from 800 security leaders, 64% maintain a culture of security through obscurity. To demonstrate a company is adhering to best practices, the report recommended it commit to the four tenants of corporate security responsibility: transparency, collaboration, innovation, and differentiation. Demonstrating secure best practices is now a competitive differentiator. Organizations are increasingly scrutinizing the practices of their suppliers, basing procurement decisions on security credentials and switching suppliers should the company have experienced a security incident, the report noted. HackerOne, a bug bounty platform provider, offered a blueprint for greater corporate security responsibility and called for a shift from secrecy to transparency when dealing with vulnerabilities in a report released Thursday.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |