Page 115 - Cyber Defense eMagazine September 2023
P. 115
Similar to the aftermath of the Great Earthquake of San Francisco, cybersecurity is currently undergoing
a transformation. With the increasing frequency and sophistication of cyberattacks, organizations must
take a proactive approach to stay ahead of the evolving threat landscape.
A Different Kind of Disaster
In the rapidly evolving landscape of cybersecurity, organizations face an escalating array of threats that
can jeopardize their valuable assets, sensitive information, and overall reputation. Despite this, many
application design teams prioritize functionality and speed of development over security. As a result,
security considerations are often treated as an afterthought. This can lead to vulnerabilities that attackers
can exploit.
These vulnerabilities can come in many forms, including insecure data storage and transmission and
poorly designed third-party integrations. For data storage and transmission, weak encryption practices,
inadequate access controls, or using insecure protocols (e.g., HTTP instead of HTTPS) can compromise
data confidentiality and integrity. Further, modern applications often integrate with third-party services or
APIs that are not thoroughly vetted or securely implemented, which can introduce vulnerabilities, expose
sensitive data, and provide an entry point for attackers.
To effectively safeguard against these risks, a comprehensive and proactive cybersecurity strategy is
essential.
Secure by Design
When designing buildings in San Francisco today, architects and structural engineers rely on computer-
aided design (CAD) and other specialized software to ensure their buildings are structurally sound and
able to withstand seismic events. By assessing the structural integrity of buildings and identifying potential
weak points before construction, engineers can design reinforcements and implement preventative
measures to mitigate risks.
Much as an architect cannot earthquake-proof their building once an earthquake is in progress, it is not
enough to be reactive to security threats. Organizations must prioritize security during the design process
itself to ensure comprehensive protection. By embracing the secure-by-design approach cybersecurity
organizations can lay the foundation for secure, resilient systems that can withstand the challenges posed
by malicious actors.
A ‘CAD’ Solution for Cybersecurity
Threat modeling is to cybersecurity what CAD is to building design and earthquake-proofing. Threat
modeling emphasizes a secure-by-design approach that identifies security concerns at the initial stages
of development to create robust and resilient systems. By providing visibility into an environment's attack
Cyber Defense eMagazine – September 2023 Edition 115
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.