Creating Successful Cybersecurity Solutions

Uploaded on 2024-04-25 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Digital hardware and software products represent the biggest entry door when it comes to successful cyberattacks. In a digital environment, everything is connected, from internal communications systems to IoT devices, to cloud storage, meaning that a security breach in one product can affect an entire organisation.

Even applications considered less critical by an organisation can lead to a breach of the entire system. With Statista estimating that cybercrime cost Germany €206 billion, and the global economy $8.15 trillion in 2023, the stakes are certainly high.

The Sunburst attack is a good example of why security considerations are so important for the design of software products. In 2020, malware was injected into SolarWinds’s Orion software as part of an update. This attack against a single software product managed to compromise over 18,000 customers, including the US Justice Department, which had its information stolen and its systems spied on. It demonstrates the extent to which modern connectivity has expanded the reach of cyberattacks.

New legislation is being passed to address these kinds of threats. The European Cyber Resilience Act is a legal framework that seeks to reduce the vulnerability of digital hardware and software products against cyber-attacks. It mandates cybersecurity requirements for digital products placed on the EU market and means that manufacturers are now obliged to think of security considerations throughout the life cycle of a product. This regulation will go some way to ensuring that all providers of security, communications and storage solutions provide robust technology and have backup and damage limitation plans in place to protect customer data in the event of an incident. However, for most organisations, compliance alone is not enough to ensure protection against an attack. 

To prepare and protect themselves in the battle against cybercrime, organisations must invest in greater prevention. But all cybersecurity resilient products are not made equal. So what considerations should suppliers take into account when designing software?

1: Secure From The Start

Security needs to be considered right from the start of the development process for network and connectivity solutions. The goal is to apply cybersecurity techniques as part of the secure software development life cycle (SSDLC), to ensure that applications are secure right from the get-go, i.e. security by design.

Before creating a new software product, security requirements should be mapped out and planned. 

Then, secure coding and architecture best practices should be followed, making sure that software components are isolated and that protocols such as encryption and authentication are implemented. Comprehensive testing and review will ensure that any potential vulnerabilities are detected. This process means that all features will be designed in a way where security is central to their functioning, rather than added as an afterthought.

2: Staying Up To Date 

Much like businesses are constantly investing in new security solutions, ransomware groups are consistently using the latest developments in IT to increase the sophistication of their attacks. Emerging technologies such as generative AI introduce new attack vectors, with the potential to exploit previously undiscovered vulnerabilities and self-evolving malware can often go undetected by existing security deployments. Quantum computing is also on the horizon and will create a new threat of cryptanalytic attack. Post-deployment support can monitor activity in the system and provide updates and patches that defend against new threats and keep the software secure, preventing any security incidents. For this reason, it is integral for security solutions to undergo constant development and reiteration to ensure they are protected from the latest tactics and technologies used by hackers. 

3: Flexibility Across Platforms

Most organisations operate using a patchwork of disparate third-party software which each have one, or a couple of functions. For example, there may be one system for emails, another for internal communications, and a third used for storing files and data.

This fragmentation can leave organisations at greater risk of attack because security teams lack a unified view of their IT system. Additionally, it only takes one partner with poor security to put an entire organisation at risk.

Enterprises need to look for flexible, adaptable security solutions that can be introduced to work across their applications, IoT devices and platforms to ensure water-tight protection of data across their networks. These solutions provide more thorough protection, while also being easier for a security team to manage.

Taking these three considerations into account when creating software and hardware applications will allow suppliers to go beyond compliance with EU legislation like NIS-2. 2024 will no doubt have its share of cybersecurity challenges, but by putting security at the core of their products, designers are best placed to provide their partners and customers with a secure, well-connected online environment.   

Vincent Lomba is Chief Technical Security Officer at Alcatel-Lucent Enterprise

Image: gorodenkoff

You Might Also Read: 

Under A Watchful Eye - Unified Observability:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Defending Your Supply Chain From Cyber Threats
Facing The Quantum Challenge »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Bowbridge

Bowbridge

Bowbridge provides anti-virus and application security solutions for SAP systems.

CloudMask

CloudMask

CloudMask patent technology provides Dynamic Data Masking (DDM) that masks sensitive data, structured or non-structured, in real-time.

Center for Research on Scientific & Technical Information (CERIST)

Center for Research on Scientific & Technical Information (CERIST)

CERIST is a scientific and technical research centre with activities focused in the area of networks, information systems and IT security.

iFluids Engineering

iFluids Engineering

iFluids Engineering is a leading engineering consulting and risk management firm providing a full range of services including Cyber Security for Industrial Control Systems.

Cynexlink

Cynexlink

Cynexlink offers Managed IT Services with Security, Network, Storage & Cloud solutions for all size of business.

CyberSecurity Non-Profit (CSNP)

CyberSecurity Non-Profit (CSNP)

CyberSecurity Non-Profit (CSNP) is a 501(c)(3) non-profit organization dedicated to promoting cybersecurity awareness and education.

Cyberstarts

Cyberstarts

Cyberstarts’ vision is to become the leading platform for amazing teams of entrepreneurs to solve the next big problems of the cybersecurity world.

SecSign Technologies

SecSign Technologies

SecSign Technologies delivers user authentication, messaging, file sharing, and file storage with next generation security for company networks, websites, platforms, and devices.

Twingate

Twingate

Twingate help organizations secure and manage access to their technology resources in a world where people work from anywhere.

NetApp

NetApp

The NetApp portfolio includes intelligent cloud services, data services, and storage infrastructure that helps organizations manage applications and data everywhere across hybrid cloud environments.

Allot

Allot

Allot are a global provider of leading innovative network intelligence and security solutions for Service Providers and Enterprises worldwide.

Incode

Incode

Incode is the leading provider of world-class identity solutions that is reinventing the way humans authenticate and verify their identities online.

Qryptonic

Qryptonic

Qryptonic pioneers next-generation cybersecurity by leveraging the unparalleled capabilities of quantum computing to defend against evolving threats.

Karthik Consulting (KC)

Karthik Consulting (KC)

Karthik Consulting is a technology service provider specializing in IT services for the U.S. federal government.

8kSec

8kSec

8kSec is a cybersecurity company specializing in training, consulting, and research.

Labyrinth Technology

Labyrinth Technology

Labyrinth Technology is an IT support company based in London specialising in cyber security for small to medium sized businesses.