Aside from signalling a change in seasons, the month of October is recognised by many as an opportunity to direct attention to our digital landscape by supporting a range of activities nested under and promoted as the Cybersecurity Awareness Month. Initially started as a partnership between the National Cybersecurity Alliance (NCSA) and the Cybersecurity and Infrastructure Security Agency (CISA) in the United States, Cybersecurity Awareness Month is now a fixture in policy and technology good-practice and capacity-building by governments and private sectors around the world. It focuses on raising public awareness about cybersecurity and educating everyone who is a “digital citizen” about strategies to protect their digital assets from the more nefarious elements of online life.
SecureFlag is commemorating Cybersecurity Awareness Month 2022 by organising two unique activities for our customers. Our goal is to help them understand the importance of cybersecurity and secure coding and incorporate secure coding practices into their day-to-day work.
Through these fun activities and a hefty dose of competition, we hope our learners will immerse themselves in the true spirit of the best month of the year (for cyber-nerds, at least!).
Every year, Cybersecurity Awareness Month adopts a unique theme, with the 2022 iteration titled See Yourself In Cyber aiming to hold a mirror up to netizens and entities alike and showing them how to:
The NCSA encourages everyone to participate in and support Cybersecurity Awareness Month… and we here at SecureFlag are 100% aligned! So if you are looking to spread awareness about secure coding in your organisation, we urge you to join the fun!
One of the most effective ways to improve cybersecurity awareness in organisations is through training, and within enterprise environments, secure coding is one of the more critical elements to consider. Secure coding training helps enforce coding best practices and standards where security is not just an afterthought, but embedded or “baked” into the SDLC from start to finish.
When developers, security teams, and DevOps understand the importance of adhering to security best practices, they can design more secure code with fewer vulnerabilities. And fewer vulnerabilities means the code - and ultimately the organisation - is less likely to become the victim of security exploits, intellectual property theft, and data breaches.
For Cybersecurity Awareness Month 2022, SecureFlag is organising two hands-on secure coding activities for our customers:
Tournaments are an engaging and interactive series of challenges and missions to drive cybersecurity awareness and promote secure coding practices in the organisation. SecureFlag will organise these timeboxed events within organisations. By nature, developers are a competitive lot, and we find that coding tournaments are right up their street!
Coders will compete with each other to find and remediate as many security vulnerabilities as they can within the given timeframe. The activities are fun, based on real code examples, and ranked in order of difficulty, which means participants can learn better and enjoy themselves all at the same time. A leaderboard will display live results so they can see how they are doing at any given time and tap into their competitive spirit to overtake their colleagues and chase coding glory and bragging rights around the (virtual/in-person) water cooler!
We run these events both on-site and remotely. Each tournament can be completed within an afternoon, while longer ones can last for up to 3 days. Promotional material and prizes for the winners are also included in our packages.
As the name suggests, this competition runs for the entire month of October. The participant who scores the most points at the end of the month wins the challenge and the grand prize! To ensure that everyone has a fair chance of claiming at least some of the glory, all those who complete a Learning Path during the competition will automatically become eligible to win the prize.
Unlike tournament participants, these participants will not see a live leaderboard. This is because we don’t want them to feel intimidated while competing with more experienced users, or lose their enthusiasm or motivation over time. This way, the challenge boosts participation and truly brings home the key message of the month across the enterprise.
It’s not enough to only think about cybersecurity and secure coding during one of the twelve calendar months. Threat actors are everywhere, and they can - and do - attack at any time. That’s why coding teams need to be hyper-vigilant about security threats and follow secure coding practices at all times.
Ongoing and uninterrupted secure coding requires appropriate tools, a strong cybersecurity culture, and the willingness to adapt to its ever-evolving practices and guidelines. Equally important, it requires training. Only then will teams understand:
Over the years, companies have become quite good at finding security problems in code, even at scale. However, finding problems is only half the battle. Developers must also know how to fix stated vulnerabilities and, more importantly, prevent their recurrence. Many developers lack the skills or knowledge to follow secure coding practices. As a result, existing security gaps remain unfixed and vulnerable to exploitation. Additionally, developers keep adding new defects as they develop new code, further weakening the applications’ security.
One reason for poor security - and coding - hygiene among development teams is inadequate training. Another is training based on old-fashioned methods like PowerPoint slides, videos, and classroom lectures. These rarely incorporate a practical, hands-on aspect that allows developers to see, experience, and fix vulnerabilities as if they were in the real world.
At SecureFlag, we take a different approach to secure coding training. One, we teach developers how to identify a security problem, exploit it themselves to understand its potential impact, and then remediate it by actually modifying the code responsible for that problem. Practical, hands-on, do-it-yourself!
Two, the training is provided in a dedicated desktop environment created on-demand for each trainee in just a few seconds. Once the setup is complete, the developer has a full desktop computer with a full development environment already configured to help them learn secure coding in a fun, immersive, and engaging way.
And importantly, the organisation also benefits! Providing SecureFlag training to developers helps embed code security into the CI/CD pipeline. Dev teams take greater responsibility to consistently enforce production-ready code standards and make a greater effort to bake security features into code right from the start. The result: safer code and a more resilient, secure organisation better equipped to keep adversaries out of business-critical resources and data.
Cybersecurity Awareness Month is a great time to build your team’s secure coding skills and promote application security goals throughout the enterprise - knowing that many other countries around the world are focused on the same activities as you brings with it a sense of global community for global good too! SecureFlag’s events are designed to get developers fired up about secure coding for an enhanced security posture. If you want to take part in the action, contact us to set up an event at your organisation!