"Rethinking Software and Risk to Protect the Public Sector"

The current approach to cybersecurity in the public sector appears to be ineffective, as indicated by the continued growth in the sophistication and frequency of cyberattacks, in addition to the increase in spending on cybersecurity. More than $173 billion dollars have been spent on cybersecurity in 2020, which is twice the amount spent ten years ago. Financial losses associated with cybersecurity incidents have surpassed $1 trillion. Jonathan Moore, the Chief Technology Officer at the software company SpiderOak, calls on developers to rethink their approach to software. Moore emphasizes the importance of building security into the design of programs. The current approach involving the use of firewalls, antivirus, and other mitigations, while essential, does not have a significant impact on cybercrime economics. More attention is required in reducing vulnerabilities in software in order to strengthen the security of federal agencies and the nation's most sensitive data against potential cyberattacks. According to Moore, malware should be considered a business with business-like incentives and disincentives. Adversaries are always looking for a return on their investment. One way to raise attacker costs is to disrupt the exploitation phase of the malware lifecycle by reducing software or system weaknesses. This article continues to discuss the increase in cybersecurity spending and costs, and how software development should be approached to reduce attacker value and cyber threats. 

NextGov reports "Rethinking Software and Risk to Protect the Public Sector"