Thinking ahead about the types of cybersecurity risks that can occur is the best course of action to take, provided that measures are put in place to address the resultant risks. But where to start?
To gain an understanding of potential software related cybersecurity issues Digital Journal heard from John Smith, EMEA CTO, Veracode.
Smooth notes that as essential services become more integrated, then the risk to those services correspondingly increases. He notes: “Each year, software and applications are only becoming a bigger part of our lives. As this demand for better digital experiences continues to grow, it is imperative that businesses remember that the need for better security increases alongside it.”
This presents risks to all types of firms. Smith sees this risk as significant and one requiring an appropriate response: “To achieve success in 2023, businesses will need to set out on the right foot from the beginning and ensure their security strategy is considered from the first line of code.
It is important to consider what has happened before, says Smooth, noting: “If we have learnt anything from 2022, it is that no organisation is immune to cyber threats. Fortunately, however, we are seeing proactive new steps to help prevent risk, with the likes of the European Cyber Resilience Act (ECRA) and Digital Markets Act (DMA) both coming into play in the last year.”
The European Cyber Resilience Act aims to set the conditions for the development of secure products with digital elements. The DMA seeks to put an end to unfair practices by companies that act as gatekeepers in the online platform economy.
There are other factors propelling cybersecurity issues for businesses as well. According to Smith: “The increased demand for better digital experiences, seems to have reenergised the investment and prioritisation of cybersecurity by businesses. Many professionals expect further laws to be introduced in the coming years and want to get ahead of anticipated mandates by investing in better security practices and emerging technologies, such as automated, machine learning-driven remediation.”
Some progress has been made helping to secure the business landscape. However, threats remain. Smith encapsulates these as: “While we are seeing positive steps in the right direction as we enter 2023, it would be naive to think that we can ease up and pat ourselves on the back. Security is neither a tick-box exercise nor an end goal, but rather an ever-evolving journey.”
Smith’s recommendation is: “Now, more than ever, we should be ensuring that security is pervasive not invasive. Then, hopefully we’ll be able to reach a place where businesses truly have an always-on understanding and active role in mitigating cyber risk before disruption can occur.”
