A recent Forrester blog was headlined “Avoid An Open Source Security Nightmare.” Those potential nightmares become very real when a vulnerability is exposed, and your network is breached. That’s not a far-fetched scenario, given that Forrester’s The State of Application Security 2021 report found that 30 percent of external breaches were caused by software vulnerabilities, while Sonatype reported that open-source software supply-chain attacks increased by 650 percent in 2021. And you need to look no further than the recent Apache Log4j vulnerability for an example of a widely-used open source software vulnerability now being exploited.
These threats have resulted in a much greater government focus on helping organizations that rely on open-source software. That’s why the White House hosted a meeting in January with large-scale public and private organizations that use and maintain open-source software. The discussion focused on three topics:
For IT pros, these events should be a red flag indicating it’s time to take a deeper look at your deployments that depend on open-source software to strengthen your cybersecurity posture. That’s where the National Security Agency (NSA) and Center for Internet Security (CISA) can help. It’s also time to be sure that your disaster recovery plans—especially your data backup and restore capabilities—are ready for action so you can get your organization back up and running quickly if your network is breached or your data is locked up by ransomware. That’s where Arcserve can help. But more on that later.
Look to the NSA and its elite technical capability for advisories and mitigations regarding evolving cybersecurity threats. The NSA also hosts an open-source software site, sharing security tools on GitHub for open-source projects that use everything from Apache to Windows.
CISA hosts its own site with tons of free cybersecurity services and tools. But before you jump into those, CISA lists some basic measures you should take to shore up your defenses today:
Another valuable tool CISA offers is guidance for a “Get your Stuff Off Search (SOS).” While zero-day attacks make headlines, it’s the little stuff that often provides an entry point into your networks and data. An SOS Search looks at everything from the industrial internet of things (IIoT), supervisory control and data acquisition systems (SCADA), industrial control systems, remote access technologies, and other assets, reducing internet-facing attack surfaces that anyone can find with a web search. While not a government agency, the Open Source Security Foundation (OpenSSF) is another valuable resource to help you tighten security by offering training in secure software development.
While you should make every effort to enhance your cybersecurity posture—and these tools and services are a great starting point—there is no way to ensure that you won’t suffer a breach, ransomware attack, or any other kind of data disaster. With cloud-based backup and disaster recovery, you can protect your on-premises systems and data in a purpose-built business continuity cloud. While local backups may be enough to recover from a server failure or other common problem, a site-wide disaster will destroy those backups and make recovery challenging at best. When combined with Arcserve’s backup and recovery solutions, Arcserve Cloud Services disaster recovery as a service (DRaaS) that gives you the ability to get critical systems back online quickly and easily.
Find an Arcserve expert technology partner to help you ramp up your recovery capabilities. And if you’re ready to dive into the details of Arcserve’s offerings, check out our demos on demand.