Creating Successful Cybersecurity Solutions

Uploaded on 2024-04-25 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Digital hardware and software products represent the biggest entry door when it comes to successful cyberattacks. In a digital environment, everything is connected, from internal communications systems to IoT devices, to cloud storage, meaning that a security breach in one product can affect an entire organisation.

Even applications considered less critical by an organisation can lead to a breach of the entire system. With Statista estimating that cybercrime cost Germany €206 billion, and the global economy $8.15 trillion in 2023, the stakes are certainly high.

The Sunburst attack is a good example of why security considerations are so important for the design of software products. In 2020, malware was injected into SolarWinds’s Orion software as part of an update. This attack against a single software product managed to compromise over 18,000 customers, including the US Justice Department, which had its information stolen and its systems spied on. It demonstrates the extent to which modern connectivity has expanded the reach of cyberattacks.

New legislation is being passed to address these kinds of threats. The European Cyber Resilience Act is a legal framework that seeks to reduce the vulnerability of digital hardware and software products against cyber-attacks. It mandates cybersecurity requirements for digital products placed on the EU market and means that manufacturers are now obliged to think of security considerations throughout the life cycle of a product. This regulation will go some way to ensuring that all providers of security, communications and storage solutions provide robust technology and have backup and damage limitation plans in place to protect customer data in the event of an incident. However, for most organisations, compliance alone is not enough to ensure protection against an attack. 

To prepare and protect themselves in the battle against cybercrime, organisations must invest in greater prevention. But all cybersecurity resilient products are not made equal. So what considerations should suppliers take into account when designing software?

1: Secure From The Start

Security needs to be considered right from the start of the development process for network and connectivity solutions. The goal is to apply cybersecurity techniques as part of the secure software development life cycle (SSDLC), to ensure that applications are secure right from the get-go, i.e. security by design.

Before creating a new software product, security requirements should be mapped out and planned. 

Then, secure coding and architecture best practices should be followed, making sure that software components are isolated and that protocols such as encryption and authentication are implemented. Comprehensive testing and review will ensure that any potential vulnerabilities are detected. This process means that all features will be designed in a way where security is central to their functioning, rather than added as an afterthought.

2: Staying Up To Date 

Much like businesses are constantly investing in new security solutions, ransomware groups are consistently using the latest developments in IT to increase the sophistication of their attacks. Emerging technologies such as generative AI introduce new attack vectors, with the potential to exploit previously undiscovered vulnerabilities and self-evolving malware can often go undetected by existing security deployments. Quantum computing is also on the horizon and will create a new threat of cryptanalytic attack. Post-deployment support can monitor activity in the system and provide updates and patches that defend against new threats and keep the software secure, preventing any security incidents. For this reason, it is integral for security solutions to undergo constant development and reiteration to ensure they are protected from the latest tactics and technologies used by hackers. 

3: Flexibility Across Platforms

Most organisations operate using a patchwork of disparate third-party software which each have one, or a couple of functions. For example, there may be one system for emails, another for internal communications, and a third used for storing files and data.

This fragmentation can leave organisations at greater risk of attack because security teams lack a unified view of their IT system. Additionally, it only takes one partner with poor security to put an entire organisation at risk.

Enterprises need to look for flexible, adaptable security solutions that can be introduced to work across their applications, IoT devices and platforms to ensure water-tight protection of data across their networks. These solutions provide more thorough protection, while also being easier for a security team to manage.

Taking these three considerations into account when creating software and hardware applications will allow suppliers to go beyond compliance with EU legislation like NIS-2. 2024 will no doubt have its share of cybersecurity challenges, but by putting security at the core of their products, designers are best placed to provide their partners and customers with a secure, well-connected online environment.   

Vincent Lomba is Chief Technical Security Officer at Alcatel-Lucent Enterprise

Image: gorodenkoff

You Might Also Read: 

Under A Watchful Eye - Unified Observability:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Defending Your Supply Chain From Cyber Threats
Facing The Quantum Challenge »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Centre for International Governance Innovation (CIGI)

Centre for International Governance Innovation (CIGI)

CIGI research areas include Conflict Management & Security which encompass cyber security and cyber warfare.

Splunk

Splunk

Splunk provide real-time Security Information & Event Management solutions for Enterprise Networks, Cloud and small-scale IT environments

Allianz Commercial

Allianz Commercial

Allianz Commercial is the center of expertise and global line of Allianz Group for insuring mid-sized businesses, large enterprises and specialist risks.

Clavis Information Security

Clavis Information Security

Clavis is an Information Security company offering a complete portfolio of solutions from Pentesting and Security Assessments to Managed Security Services and Training.

Swedish Board for Accreditation and Conformity Assessment (SWEDAC)

Swedish Board for Accreditation and Conformity Assessment (SWEDAC)

SWEDAC is the national accreditation body for Sweden. The directory of members provides details of organisations offering certification services for ISO 27001.

Greensafe IT

Greensafe IT

Greensafe offer various onsite and offsite data erasure services, aimed at increasing data security whilst reducing any risk of data loss during transit.

Gallarus Industry Solutions

Gallarus Industry Solutions

Gallarus leads innovation within industrial Manufacturing, Production and Management Systems, including Cyber Security solutions specifically developed to protect against the latest cyber criminality.

Panorays

Panorays

Panorays automates third-party security lifecycle management. It is a SaaS-based platform, with no installation needed.

ThreatX

ThreatX

ThreatX provides complete web application & API protection to address expanding app footprints and complex attacks.

Broadcom

Broadcom

Broadcom is a global technology leader that designs, develops and supplies a broad range of semiconductor and infrastructure software solutions.

ECS Ethiopia

ECS Ethiopia

ECS Ethiopia provides Ethiopia’s leading institutions with top cyber-security expertise and technology to enable them to overcome risks and market barriers enabling them to grow their business.

e-Xpert Solutions

e-Xpert Solutions

e-Xpert Solutions is a company specialized in the Information Security field since 2001. Our skills are strong technical expertise and the development of tailor-made solutions.

Cysurance

Cysurance

Cysurance is a next-generation risk mitigation company that insures, warranties and certifies security solutions.

GitLab

GitLab

GitLab is a complete DevOps platform, delivered as a single application, fundamentally changing the way Development, Security, and Ops teams collaborate and build software.

StackGen

StackGen

StackGen (formerly appCD) automatically generates Infrastructure from Code (IfC) based on application code with golden standards applied.

Operational Systems (OpSys)

Operational Systems (OpSys)

OpSys is a leading Managed IT and Cyber Security provider protecting the critical elements of businesses across the globe.