In today’s increasingly digitalised world, the risk of cyberattacks has risen dramatically and so, consequently, has demand for improved security. Rather than tackling problems after the fact by tacking on often-costly solutions, cybersecurity experts are now building in more protection from the start of the product life cycle.

Cybersecurity by design is like when an architect draws up plans for a building. The main security features are there from the outset. Requirements may vary - a jeweller’s shop will normally need more alarms and reinforced doors than a residential property - or change over time, but the aim is the same: protection in line with the level of perceived risk.

“There is a very strong analogy between cybersecurity and safety, in other words, the protection of equipment and people against unintentional damage,” says Alexandre Bouteille, Thales Technical Director of critical information systems and cybersecurity. “While there’s no such thing as zero risk in the digital world, nor in the safety critical systems sector, risk analysis is essential, and integrating security from the start is a must-have. Otherwise, major problems can arise.”

In the event of an attack, security measures that were not incorporated at an early stage can end up costing 10 or 15 times more, not to mention the reputational damage that such failures can cause.

A graduated and proportionate approach

Bouteille advocates a “graduated and proportionate” approach, inspired by safety practices in domains such as aerospace or nuclear power, where protection measures are designed according to the level of consequences and probability of an incident.

Much is at stake, since cybersecurity is key to the success of “digital transformation” in a world that is increasingly fast moving and ever more connected. It is not only about banks or defence; all sectors, including healthcare and e-commerce, are looking to protect their data and digital assets. And the need is likely to continue growing as the Internet of Things (IoT) creates a significant increase in the demand for secure connected objects.

“Cyberattacks often exploit software behaving in an unexpected or non-specified way to gain entry to a system. One of the objectives of secure development is, therefore, to ensure that programmes behave exactly and only as planned”, explains Bouteille.

One characteristic of cybersecurity is the need to maintain the level of protection over time. “Since new vulnerabilities may appear during the software lifecycle, one major requirement is to integrate secure and effortless update capabilities. In addition, Artificial Intelligence is increasingly being used to detect abnormal behaviour and flag anomalies as possible attacks,” says Alexandre Bouteille.

Thales is well positioned to design systems that precisely meet customers' needs and requirements, especially since the acquisition of Gemalto, highlights Bouteille. “We can offer solutions that fully understand what our customers need, and which deliver the most suitable and tailored solution,” he says.