Hackers are constantly exploring advanced techniques to penetrate cyber security systems. A new approach to combat this issue is security by design, where software engineers design software to be secure from the outset to reduce the likelihood of flaws compromising a company’s information security.
Security by design focuses on preventing a cyber security breach rather than repairing the issue and restoring systems after a company has been hit by a cyber security breach. It enables an organisation to automate its data security controls and formalise the design of its infrastructure so it can build security into its IT management processes.
An effective approach to cyber security risk management requires a complete cyber security lifecycle perspective. The security lifecycle is similar to the product development lifecycle as it starts with an idea and ends with delivery and support. Security by design ensures that an organisation continuously can manage, monitor, and maintain cyber security risk governance.
Security by design is important for developing software and hardware because it becomes more difficult to add security as a system develops. In addition, dealing with existing cyber security vulnerabilities and patching them in real-time can be difficult. And it will never be as effective as designing systems to be as secure as possible from the beginning.
The most obvious outcome of cyber-attacks is financial loss, whether as a result of fraud, being forced to pay ransoms, being subject to fines or through missed revenue and opportunity costs. Besides businesses being at risk, a growing part of government-run infrastructure in modern states is now managed online, deeply interconnected, and includes the same vulnerabilities as businesses. Attacks on these systems have the power to disrupt entire regions and countries, cause untold chaos, and may even result in actual physical harm to individuals.
A study from EY found that 65% of businesses only consider cybersecurity after it is too late. Security by design is a pragmatic and proactive approach that decreases risks within fields such as machine learning, where manipulated algorithms will lead to corrupted outcomes and the internet of things - where consumers trust their products with highly sensitive and personal information vulnerable to exploitation.
Taking cyber security into account already during the process of designing a product can potentially mitigate the risk of cyberattacks.
From the policy perspective, Israel has indeed set forth principles under their privacy and data protection laws that promote embedding privacy and security into the design of systems. Israel embeds security by design within its Privacy Protection Regulations mandating database owners to adopt security measures and procedures depending on four categories of databases, chosen by their perceived level of risk.
From the corporate perspective, Israeli companies are increasingly incorporating the security by design approach into their product design process. The companies are aided by the government’s Data Security Regulation, which provides a step-by-step guidance to developers on which security measures must be deployed, depending on the perceived (or assessed) vulnerability of a database.
From the academic perspective, students in high school go to the army and afterwards to the university in Israel with a focus on cyber security. This has created a hotbed for cyber security research in Israel, where security by design is amongst the focal areas.
From the entrepreneurial perspective, Israel is world-leading within cyber security startups and has the largest proportion of unicorns in the world. Security by design is becoming the mainstream approach amongst startups in Israel to enhance cyber security.
From the investment perspective, Israeli cyber security companies raised US$ 8.8B in 2021 - a new record for the country. Despite its small size in terms of population, Israel accounts for a staggering 40% of the total funds raised by cyber security companies in 2021. Security by design is becoming the primary approach amongst Israeli SMEs and corporations.
Please reach out to Lasse Vinther-Grønning at lasgro@um.dk for any inquiries. We offer our services to corporates, SMEs and academic partners looking to dive further into the area of green mobility.
Security by Design: Cyber Security
