International. With cyber threats on the rise, a security approach focused only on individual protection measures is no longer enough, says Luis Bonilla, an executive at Axis Communications.
Bonilla, who serves as Business Development and Sales Engineering Manager for Latin America, says that collaboration between different actors (from device manufacturers to end customers) has become crucial to protect data and systems effectively.
"From hardware and software manufacturers to distributors, consultants and end customers, they have a critical role in building an environment. Manufacturers are primarily responsible for ensuring that products are developed with the best safety practices, implementing controls from design to distribution and maintenance," he says. "They must be transparent about the origin of devices and work to mitigate risk throughout the product lifecycle. This transparency is critical, especially when 20% of violations are due to supply chain compromises."
For their part, distributors play a key role in ensuring that products not only meet cybersecurity requirements, but also that they are installed correctly and that customers are advised on how to keep these devices protected. Finally, end customers must implement robust security policies and perform regular maintenance of devices, applying updates and patches whenever necessary.
Supply Chain and Zero Trust
Supply chain security is one of the main concerns in the current scenario. A compromised product at any stage of its lifecycle can create gaps that affect not only the company that acquires it, but also its customers' data.
An emerging concept in security is that of "Zero Trust" networks. In this model, no entity within the network is automatically trusted, whether it is a device or a person. Each access request must be verified, and devices must be configured to offer the least privilege necessary. This requires efficient permissions management and the use of tools that guarantee cryptography and authentication of devices on the network.
Collaboration to mitigate vulnerabilities
In this regard, Luis Bonilla comments that "human error and software vulnerabilities continue to be critical points for cybersecurity. Even if organizations implement sophisticated technologies, the human factor is still one of the main causes of security incidents. Mistakes such as the use of weak passwords, poor management of critical components and the lack of application of updates can open doors for attackers."
Manufacturers, such as Axis, use software development approaches that include risk assessments, penetration testing, and bounty programs for bug identification. In addition, they collaborate with researchers to discover and resolve vulnerabilities before they can be exploited.
The importance of continuous processes
Cybersecurity is not a one-time event, but an ongoing process that requires constant attention. In addition to implementing the right solutions, it is necessary to ensure that devices and software are updated regularly. Neglecting firmware updates, for example, can leave systems vulnerable to attack.
"Collaboration is the key to a robust defense against threats. From the early stages of product development to their final implementation, each actor must assume their responsibility in protecting the systems," concludes the expert.
