More than 250 companies have signed the promise of “Safe Safety by Design” (SBD) of the cybersecurity and infrastructure security agency (CISA). By committing to voluntary commitment, software manufacturers promise to increase multifactor authentication (MFA) for products; Better allow customers to make their own patch; reduce predetermined passwords; and reduce vulnerabilities, among additional proactive protection practices.
By integrating cyber defense since the beginning of product development and system architecture, SBD is intended to transform cybersecurity of late occurrence to an essential element of central design. Companies that do not adopt this approach run the risk of being behind the expiration of safety and compliance, while losing consumer's confidence. They could also find some very expensive problems, since the average cost of data violation has increased to $ 4.88 million, compared to $ 4.45 million in 2023.
Co -founder and Cto in Secure Code Warrior.
Implementation of an SBD strategy
So how do an SBD strategy effectively implement? They can begin by looking at the financial services sector, which is often more willing to invest in innovative approaches for safety reduction and additional preventive measures than other industries. These institutions are taking such steps because, frankly, they have to do it, given the immense challenges they face:
Increased and more expensive threats
If the story has taught us something, it is that cybercounts always follow the money. Financial organizations are experiencing 1,115 infractions per year, which occupies the number 4 among all verticals.
Regulatory pressures
The data security standard of the payment card industry (PCI DSS) and the General Data Protection Regulations of the European Union (GDPR) require that financial organizations achieve higher levels of governance and safety. As part of the ongoing compliance process, industry developers must bring verified skills to properly configure the confidential databases, payment catwalks and portals.
The critical and fragile state of consumer confidence
Clients of financial services companies expect no less than the absolute fortification of their personal data and transactions. If an institution suffers an attack that compromises some of this, runs the risk of losing consumer's confidence with potentially devastating market/income consequences, if not extinction.
SBD developer preparation
Fortunately in our research, we have discovered that the financial industry is doing exceptional positioning work for the preparation of the SBD developer. There is no quality that is more to “make or break” with importance that the update of the skills and tools of people who innovate, develop and disseminate the code in the heart of our digital systems.
In fact, when observing more closely what these companies are doing, we have a better idea of the level of developer risk management that this industry is looking for, and we can help raise other industries as they “change to the left” to try to do good in the commitment of the CISA.
Investments in improvement
On average, in organizations, there are less than four specialists in the software security group (SSG) for every 100 developers. Given how few of these specialists are on board, it is not surprising that vulnerabilities at the code level continue to affect most verticals.
This speaks of the urgency of the improvement of the developer, with an approach to flexible and dynamic dynamic training programs that align learning within the context of “real life” threats, a “learning” approach. The financial sector is considered one of the first to adopt these and other initiatives aimed at developing safety in the software development life cycle (SDLC), and has achieved high expiration rates here as a result.
Evaluation margin
To ensure that qualification initiatives work, organizations must establish baselines and reference points to assess whether SBD is recognized as an indispensable part of their DNA. This comparative evaluation must cover the status of developer security skills, consciousness and measurement of their success profile against other members of the industry. With this, these leaders will really know if their teams have earned a “license to encode” and that the inherent risk of developers with low security skills are being handled and improved effectively.
Modeling and tests of proactive threats
Financial service providers are quite good for regularly performing threats to address risks sooner rather than later, preferably before an attack has the opportunity to attack. The industry is also based on code reviews, tests and strict audits to reveal vulnerabilities and additional areas of concern.
Following the leadership of financial institutions in the establishment of a baseline for developer risk management activities and implement the best practices described, organizations of the entire board will cultivate a winning security culture promoted by the developer. This environment will prepare developers to implement a robust and safe code from beginning to end, to the point where this arises as a habit they can perform at speed.
It is then that companies of all kinds will demonstrate that they are doing much more than simply signing CISA's promise: they are fulfilling their promise to make SBD a universal norm now acting to defend the future.
We qualify the best school coding platform.
This article was produced as part of the Techradarpro Insights Expert Channel, where we present the best and most brilliant minds in the technology industry today. The opinions expressed here are those of the author and are not necessarily those of Techradarpro or Future PLC. If you are interested in contributing, get more information here:
