From the emergence of AI to the rise of ‘ransomware as a service’, the methods, tools and campaigns used by cybercriminals continue to evolve. Organisations must stay one step ahead, with cybersecurity critical to doing so – and essential for business survival.
Adopting a proactive rather than reactive approach towards cybersecurity – identifying and addressing gaps before an attack takes place – is crucial to minimising the risk of an attack and improving overall protection. But organisations can’t do this alone. Cybersecurity vendors have a responsibility to lead, making it easier for customers to adopt resilient strategies.
So how can this best be done? By executing ‘secure by design’, which incorporates cybersecurity into every stage of the development and design process, vendors can build security into the products customers rely on, making their systems secure from the very beginning. Also, integrating responsible disclosure, where vulnerabilities are identified and addressed before exploitation or public disclosure, increases trust and transparency while reducing the likelihood of an attack.
It’s essential that every vendor commits to these two approaches. Doing so allows them to support customers not just in protecting their data but also in safeguarding overall business operations and building long-term cyber resilience.
It’s clear that cyber attacks are continuing to grow in scale and complexity. Fortinet’s 2025 Global Threat Landscape Report found that tools like FraudGPT, BlackmailerV3 and ElevenLabs are automating the generation of malware, phishing websites and deepfake videos, leading to increasingly effective threat campaigns while lowering barriers to entry. The underground economy for stolen credentials and direct corporate access has exploded in the past year, while cloud environments – on which most organisations rely – remain a top target for cybercriminals.
Ultimately, cybercriminals are getting smarter, and the rate of innovation is outpacing the speed that vendors and customers can protect themselves. Cyber resilience now demands more than traditional firewalls and anti-virus software. Instead, it requires a proactive, multi-layered approach that makes cybersecurity an integral part of business strategy from the very beginning – an approach vendors must be accountable for.
One way this can be achieved is by ensuring products are secure by design. This means embedding cybersecurity measures into every stage of the software development cycle (SDLC), from planning and design to deployment, maintenance and decommissioning. While the benefits of this to customers include helping them adopt a more proactive approach towards cybersecurity, the responsibility lies with vendors to ensure products and solutions are secure by design.
Fortinet is committed to a secure-by-design approach and is actively driving progress towards industry-wide standards and innovations. This includes signing the Cybersecurity and Infrastructure Security Agency’s Secure by Design Pledge in 2024.
The pledge outlines ways organisations can implement “secure by design”, including security patches, multi-factor authentication (MFA) and default passwords.
Alongside these recommendations, implementing secure coding standards, including input validation, proper error handling and avoiding unsafe functions or outdated libraries, will play a role
by minimising vulnerabilities being introduced during development and ensuring every line of code is written with security in mind. Using a memory-safe programming language can also prevent common vulnerabilities related to unsafe memory handling.
Employing hardware-backed cryptographic key management provides another way to protect sensitive data by storing encryption keys within dedicated hardware modules, such as ‘hardware security modules’ (HSMs) or ‘trusted platform modules’ (TPMs). This helps to
prevent keys from being exposed in software memory, reducing the risk of key theft or compromise and enhancing system security.
In parallel, organisations should also invest in rigorous testing frameworks that include static and dynamic code analysis and vulnerability scanning throughout the development process. Testing supports continuous improvement by making sure security measures are implemented correctly
and fed back into design. Embedding security from the onset starts with cybersecurity vendors. Encouraging customers to adopt solutions that are secure by default means potential vulnerabilities can be identified, contained and mitigated before impacting the wider business, supporting organisations to stay ahead of evolving threats.
To learn more, download Fortinet’s 2025 Global Threat Landscape Report
Related
