Creating Successful Cybersecurity Solutions

Digital hardware and software products represent the biggest entry door when it comes to successful cyberattacks. In a digital environment, everything is connected, from internal communications systems to IoT devices, to cloud storage, meaning that a security breach in one product can affect an entire organisation.

Even applications considered less critical by an organisation can lead to a breach of the entire system. With Statista estimating that cybercrime cost Germany €206 billion, and the global economy $8.15 trillion in 2023, the stakes are certainly high.

The Sunburst attack is a good example of why security considerations are so important for the design of software products. In 2020, malware was injected into SolarWinds’s Orion software as part of an update. This attack against a single software product managed to compromise over 18,000 customers, including the US Justice Department, which had its information stolen and its systems spied on. It demonstrates the extent to which modern connectivity has expanded the reach of cyberattacks.

New legislation is being passed to address these kinds of threats. The European Cyber Resilience Act is a legal framework that seeks to reduce the vulnerability of digital hardware and software products against cyber-attacks. It mandates cybersecurity requirements for digital products placed on the EU market and means that manufacturers are now obliged to think of security considerations throughout the life cycle of a product. This regulation will go some way to ensuring that all providers of security, communications and storage solutions provide robust technology and have backup and damage limitation plans in place to protect customer data in the event of an incident. However, for most organisations, compliance alone is not enough to ensure protection against an attack. 

To prepare and protect themselves in the battle against cybercrime, organisations must invest in greater prevention. But all cybersecurity resilient products are not made equal. So what considerations should suppliers take into account when designing software?

1: Secure From The Start

Security needs to be considered right from the start of the development process for network and connectivity solutions. The goal is to apply cybersecurity techniques as part of the secure software development life cycle (SSDLC), to ensure that applications are secure right from the get-go, i.e. security by design.

Before creating a new software product, security requirements should be mapped out and planned. 

Then, secure coding and architecture best practices should be followed, making sure that software components are isolated and that protocols such as encryption and authentication are implemented. Comprehensive testing and review will ensure that any potential vulnerabilities are detected. This process means that all features will be designed in a way where security is central to their functioning, rather than added as an afterthought.

2: Staying Up To Date 

Much like businesses are constantly investing in new security solutions, ransomware groups are consistently using the latest developments in IT to increase the sophistication of their attacks. Emerging technologies such as generative AI introduce new attack vectors, with the potential to exploit previously undiscovered vulnerabilities and self-evolving malware can often go undetected by existing security deployments. Quantum computing is also on the horizon and will create a new threat of cryptanalytic attack. Post-deployment support can monitor activity in the system and provide updates and patches that defend against new threats and keep the software secure, preventing any security incidents. For this reason, it is integral for security solutions to undergo constant development and reiteration to ensure they are protected from the latest tactics and technologies used by hackers. 

3: Flexibility Across Platforms

Most organisations operate using a patchwork of disparate third-party software which each have one, or a couple of functions. For example, there may be one system for emails, another for internal communications, and a third used for storing files and data.

This fragmentation can leave organisations at greater risk of attack because security teams lack a unified view of their IT system. Additionally, it only takes one partner with poor security to put an entire organisation at risk.

Enterprises need to look for flexible, adaptable security solutions that can be introduced to work across their applications, IoT devices and platforms to ensure water-tight protection of data across their networks. These solutions provide more thorough protection, while also being easier for a security team to manage.

Taking these three considerations into account when creating software and hardware applications will allow suppliers to go beyond compliance with EU legislation like NIS-2. 2024 will no doubt have its share of cybersecurity challenges, but by putting security at the core of their products, designers are best placed to provide their partners and customers with a secure, well-connected online environment.   

Vincent Lomba is Chief Technical Security Officer at Alcatel-Lucent Enterprise

Image: gorodenkoff

You Might Also Read: 

Under A Watchful Eye - Unified Observability:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Defending Your Supply Chain From Cyber Threats
Facing The Quantum Challenge »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Clearpath Solutions Group

Clearpath Solutions Group

Clearpath Solutions Group expertise covers virtualization and data storage technologies, networking, security and cloud computing.

European Internet Forum (EIF)

European Internet Forum (EIF)

EIF’s mission is to help provide European political leadership for the political, economic and social challenges of the worldwide digital transformation.

Get Cyber Safe

Get Cyber Safe

Get Cyber Safe is a national public awareness campaign created to educate Canadians about Internet security and the simple steps they can take to protect themselves online.

Cyber Risk & Insurance Forum (CRIF)

Cyber Risk & Insurance Forum (CRIF)

CRIF helps organisations understand cyber risks and the damage that might occur by supporting the development of effective insurance solutions.

Protiviti

Protiviti

Protiviti consulting solutions span critical business problems in technology, business process, analytics, risk, compliance, transactions and internal audit.

TI Safe

TI Safe

TI Safe provide cybersecurity solutions for industrial networks of main critical infrastructures in Latin America.

LinOTP

LinOTP

LinOTP is an enterprise level, innovative, flexible and versatile OTP-platform for strong authentication.

Slovenian Digital Coalition

Slovenian Digital Coalition

Slovenian Digital Coalition is a coalition working in the field of smart cities, e-commerce, e-skills, e-inclusion, cyber security, internet and other areas related to developing the digital society.

Rizikon Assurance

Rizikon Assurance

Rizikon Assurance is an Online System that improves Third-Party Assurance and Risk Management, through efficiency, automation and better visibility.

SilverSky

SilverSky

SilverSky offers a comprehensive suite of products and services that deliver unprecedented simplicity and expertise for compliance and cybersecurity programs.

Secmation

Secmation

Secmation are an agile engineering services firm providing advanced DoD level security design and consultation services for both commercial and defense hardware and software applications.

Stryve

Stryve

Stryve is a leading carbon-neutral provider of specialist cloud and cybersecurity services in Europe.

Anametric

Anametric

Anametric is developing new technologies and devices for chip scale quantum photonics, with a focus on cybersecurity.

BLOCX

BLOCX

BLOCX is designed to address the ever-growing challenges of managing and securing digital devices, from personal computers to corporate networks.

Abstract Security

Abstract Security

Abstract Security has created a revolutionary platform, equipped with an AI-powered assistant, to better centralize the management of security analytics.

Identifid

Identifid

Identifid offers a suite of fraud prevention and identity authentication solutions to businesses and governments using the latest advances in AI, vision processing, and biometric recognition.