Tag: Security

Security by design is not a product. Nor a simple straight through process. Security by design can be viewed as a core philosophy to do the right things from a cyber security perspective in every action performed when developing and producing a new product. Too many organisations are depending on vulnerable vendor solutions for security protection that over promise but under deliver. Cyber security is a wicked problem, so learn from mistakes already make by others.

Good cyber security is still a cost factor for companies. For too long we refuse to create simple systems for simple problems that can be easily adjusted and are resilient for common cyber security threads. We, security experts, are trained and brainwashed by commercial vendors to advocate for complex, expensive cyber security solutions that are costly to implement and lack transparency. Most cyber security improvements programs end with more paperwork and more new fancy software tools, without increased security resilience. We need to break out of this cycle.

Automation has changed our lives. Computers and all kinds of software enabled devices make our daily lives easier. Every year computer devices get more powerful, less expensive but also get more vulnerable to cyber security risks. Too often cyber security breaches have a severe impact on our safety and privacy. But most cyber security accidents are hidden from the public eye.

There are many myths about security, and how difficult it is. Cyber security is a complex domain. There is no perfect solution. Never. However there are simple solutions that do work. Often the best cyber security solutions are open well known solutions which everyone can use. Good solutions are not subject to a hype. Open solutions are transparent, so everyone can use and improve these solutions. 

There have been more than 900 publicly reported automotive security incidents since 2010. Security anchored in hardware needs the highest level of protection. Hardware security certifications are a minimum requirement but are never enough. Risks remain. Especially within human transportation systems like cars, trains, elevators and buses safety needs better cybersecurity.

Cyber security is not a solved problem. As technology continues to advance, so do the methods and techniques used by cyber criminals to breach security systems and steal sensitive information. I love new technology and love solving new cyber challenges that come with new technology. So I asked GPT-4 what kind of security challenges we need to manage in the near future. I was surprised by the accuracy of the answer:

“GPT-4 could be used to generate highly convincing phishing emails, fake news articles, deepfake videos which could be used to deceive individuals and organizations into divulging sensitive information or taking harmful actions. This could result in data breaches, financial losses, or reputational damage. Most cybersecurity issues with GPT-4 are not yet known.”

So think if a good cyber awareness course is on your agenda for this year. GPT-4 generated hacks and content will harm you sooner or later. Be prepared!

Complexity has become a significant issue for cyber security. Senior engineers and experts in the cyber domain with years of experience have developed a troubled sight on what is simple and what is complex. My personal core believe is that hard to solve security problems should be fixed through simple solutions. But remember: Simple is not easy. But finding a simple solution is one of my core principles when solving problems. Elegantly simple designs don’t happen by accident. They’re the result of difficult decisions and discussion. A good cyber simple solution does not reinvent the wheel.

Threats develop constantly as criminals advance their techniques and new vulnerabilities are discovered every day. Therefore, mitigation measures should be continuously developed and updated. However many organisations are depending too much on vulnerable vendor solutions that over promise but under deliver. Taking simple measures at scale, such as applying a security by design approach for all new projects is often lacking. There are no silver bullets when it comes to cyber security. It’s just doing the hard work. Daily.