Creating Successful Cybersecurity Solutions

Uploaded on 2024-04-25 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Digital hardware and software products represent the biggest entry door when it comes to successful cyberattacks. In a digital environment, everything is connected, from internal communications systems to IoT devices, to cloud storage, meaning that a security breach in one product can affect an entire organisation.

Even applications considered less critical by an organisation can lead to a breach of the entire system. With Statista estimating that cybercrime cost Germany €206 billion, and the global economy $8.15 trillion in 2023, the stakes are certainly high.

The Sunburst attack is a good example of why security considerations are so important for the design of software products. In 2020, malware was injected into SolarWinds’s Orion software as part of an update. This attack against a single software product managed to compromise over 18,000 customers, including the US Justice Department, which had its information stolen and its systems spied on. It demonstrates the extent to which modern connectivity has expanded the reach of cyberattacks.

New legislation is being passed to address these kinds of threats. The European Cyber Resilience Act is a legal framework that seeks to reduce the vulnerability of digital hardware and software products against cyber-attacks. It mandates cybersecurity requirements for digital products placed on the EU market and means that manufacturers are now obliged to think of security considerations throughout the life cycle of a product. This regulation will go some way to ensuring that all providers of security, communications and storage solutions provide robust technology and have backup and damage limitation plans in place to protect customer data in the event of an incident. However, for most organisations, compliance alone is not enough to ensure protection against an attack. 

To prepare and protect themselves in the battle against cybercrime, organisations must invest in greater prevention. But all cybersecurity resilient products are not made equal. So what considerations should suppliers take into account when designing software?

1: Secure From The Start

Security needs to be considered right from the start of the development process for network and connectivity solutions. The goal is to apply cybersecurity techniques as part of the secure software development life cycle (SSDLC), to ensure that applications are secure right from the get-go, i.e. security by design.

Before creating a new software product, security requirements should be mapped out and planned. 

Then, secure coding and architecture best practices should be followed, making sure that software components are isolated and that protocols such as encryption and authentication are implemented. Comprehensive testing and review will ensure that any potential vulnerabilities are detected. This process means that all features will be designed in a way where security is central to their functioning, rather than added as an afterthought.

2: Staying Up To Date 

Much like businesses are constantly investing in new security solutions, ransomware groups are consistently using the latest developments in IT to increase the sophistication of their attacks. Emerging technologies such as generative AI introduce new attack vectors, with the potential to exploit previously undiscovered vulnerabilities and self-evolving malware can often go undetected by existing security deployments. Quantum computing is also on the horizon and will create a new threat of cryptanalytic attack. Post-deployment support can monitor activity in the system and provide updates and patches that defend against new threats and keep the software secure, preventing any security incidents. For this reason, it is integral for security solutions to undergo constant development and reiteration to ensure they are protected from the latest tactics and technologies used by hackers. 

3: Flexibility Across Platforms

Most organisations operate using a patchwork of disparate third-party software which each have one, or a couple of functions. For example, there may be one system for emails, another for internal communications, and a third used for storing files and data.

This fragmentation can leave organisations at greater risk of attack because security teams lack a unified view of their IT system. Additionally, it only takes one partner with poor security to put an entire organisation at risk.

Enterprises need to look for flexible, adaptable security solutions that can be introduced to work across their applications, IoT devices and platforms to ensure water-tight protection of data across their networks. These solutions provide more thorough protection, while also being easier for a security team to manage.

Taking these three considerations into account when creating software and hardware applications will allow suppliers to go beyond compliance with EU legislation like NIS-2. 2024 will no doubt have its share of cybersecurity challenges, but by putting security at the core of their products, designers are best placed to provide their partners and customers with a secure, well-connected online environment.   

Vincent Lomba is Chief Technical Security Officer at Alcatel-Lucent Enterprise

Image: gorodenkoff

You Might Also Read: 

Under A Watchful Eye - Unified Observability:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Defending Your Supply Chain From Cyber Threats
Facing The Quantum Challenge »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Team Cymru Research NFP

Team Cymru Research NFP

Team Cymru Research is a group of technologists passionate about making the Internet more secure and dedicated to that goal.

Rohde & Schwarz Cybersecurity

Rohde & Schwarz Cybersecurity

Rohde & Schwarz Cybersecurity provide solutions for Secure Networks, Secure Communications, Network Analysis, and Endpoint Security.

International Telecommunication Union (ITU)

International Telecommunication Union (ITU)

ITU is the United Nations specialized agency for information and communication technologies – ICTs. Areas of activity include cybersecurity.

Assured Information Security (AIS)

Assured Information Security (AIS)

AIS is committed to providing our customers with critical information security products, services, and training. We support diverse needs throughout business and industry.

Synelixis Solutions

Synelixis Solutions

Synelixis Solutions is a high-tech company founded to provide complete telecommunications, networking, security, control and automation solutions.

Ntirety

Ntirety

Ntirety Managed Security Services offer enterprise businesses the advanced tools, processes, and support to ensure your infrastructure, networks, and mission-critical applications are secure.

HancomWITH

HancomWITH

Hancomwith is an information security company. We provide optimized blockchain solutions in areas including next-generation authentication, security and digital asset transaction.

SessionGuardian

SessionGuardian

SessionGuardian (formerly SecureReview) is the world's first and only technology which ensures second-by-second biometric identity verification of your remote user, from log on to log off.

Otorio

Otorio

OTORIO delivers industrial cybersecurity and digital risk-management solutions and services. We help our customers to keep their revenue-generating operations resilient, efficient, and safe.

Lupovis

Lupovis

Lupovis is an AI-based deception solution that deploys active decoys turning your network from a flock of sheep to a pack of wolves where the hunter becomes the hunted.

Plante Moran

Plante Moran

Plante Moran is a leading audit, tax, consulting, and wealth management firm. Areas of consulting expertise include cybersecurity.

Mindsprint

Mindsprint

Mindsprint (formerly Olam Technology and Business Services - OTBS) are a leading edge technology and business services firm.

Vector Choice Technologies

Vector Choice Technologies

Vector Choice Technology Solutions has a long standing reputation in cyber security consulting since 2008.

coc00n

coc00n

coc00n secures the devices of high-value and high-interest individuals against cyber attacks.

CloudGuard

CloudGuard

CloudGuard is an AI-driven XDR platform that helps organisations to proactively detect and automatically remediate threats in real-time.

FOSSA

FOSSA

FOSSA is a leading SBOM (software bill of materials) and software supply chain risk management platform.