WOMEN IN SECURITY
Managing Cybersecurity threats with Security By Design The costs of adding security as an ‘afterthought’ far outweigh those associated with baking it in from the start. Security by Design just makes sense, writes Vanessa Leite CISSP, CCSP.
Cybercrime is growing exponentially and is consistent with the growth of technology adoption. Criminals have moved their operations into cyberspace and have been working on developing and enhancing their practices at a concerning pace.
Vanessa Leite CISSP CCSP is a senior cybersecurity manager with over 10 years of experience leading security initiatives across different sectors. Most of her career has been in technical security positions, and she is currently in an executive role leading ANZ’s NZ Advisory and IAM functions.
28
NZSM
Security experts have been observing a significant increase in sophistication with regard to Tactics, Techniques and Procedures (TTPs), which are patterns of activities associated to specific attacks or hacking groups. No organisation is completely safe from cybersecurity threats nowadays. Although there is no doubt there has been a significant increase in attack sophistication, the majority of successful compromises are still due to poorly developed, configured and maintained information systems, which in reality do not require any sophisticated exploitation techniques. According to the IBM 2020 X-Force Threat Intelligence Index, of the top ten vulnerabilities exploited in 2020, only two of these were actually disclosed in the year of 2020, suggesting organisations encounter significant difficulties with performing basic security controls such as vulnerability and patch management. The Veracode State of Software Security v11 report states that the vast majority of applications analysed by
them (76 percent) had some sort of security flaw, indicating that this is an inevitable issue and emphasising the need for strong and consistent collaboration between development and cybersecurity teams. Making cybersecurity a core part of business strategy and the foundation for the development of applications (or any new solution) is key for managing cybersecurity threats that take advantage of these vulnerabilities. Security by Design can help organisations build more secure solutions and manage cybersecurity threats. What is Security by Design? Security By Design is originally a principle related to the Software Development Life Cycle (SDLC) where security is intended to be designed into very early stages of a software development process. However, its concepts and applicability can be easily extended and used more broadly for the development and creation of any new solution, including business processes. The benefits of embedding controls for protecting confidential, integrity and availability of information into early phases of a solution development process are significant. This approach has the potential of enabling organisations to implement more integrated, effective and efficient security controls. Security by Design is not a new
April/May 2021
