From social engineering to the growing deployment of AI, the tools and tactics deployed by cybercriminals are continuing to evolve – and organizations must adapt accordingly.
Proactive cybersecurity plays a crucial role. This means identifying and addressing gaps in an organization’s line of defense prior to an attack taking place, helping to lower the risk of an attack and improve overall protection.
Cybersecurity vendors have a responsibility to lead and support their customers in this adoption and empower organizations to build cyber resilience in the long-term. So how can this be done?
Regional Director, UK & Ireland, Fortinet.
Implementing ‘secure by design’, which incorporates cybersecurity into every stage of the development process, will ensure the systems vendors provide are secure from the very beginning.
Combining this with responsible disclosure, where vulnerabilities are addressed before exploitation and wider communication, can also increase user trust and transparency.
This will allow vendors to support customers in protecting their data, operations and wider business from the fast-changing cyber ecosystem.
The current threat landscape
Cyberattacks are continuing to grow in scale and complexity, largely due to the emergence of solutions like AI. According to Fortinet’s 2025 Global Threat Landscape Report, tools like FraudGPT and ElevenLabs are automating the generation of malware and phishing.
This is driving the development of increasingly effective threat campaigns while lowering barriers to entry. Attacks targeting specific industries – such as manufacturing, healthcare and financial services – are continuing to surge, while the underground economy for stolen credentials is also booming.
It’s clear the rate of innovation is outpacing the speed at which vendors and customers can protect themselves. Organizations need to be incorporating cybersecurity into their business strategies from the start – and this is where vendors can help.
The case for security by design
Making products secure by design is one way this could be achieved. This means embedding cybersecurity into every stage of the software development cycle (SDLC), from planning and design to deployment and decommissioning.
While this allows customers to adopt a more proactive approach towards cybersecurity, the responsibility lies with vendors to ensure security by design is implemented.
Fortinet is actively driving progress in this regard, including having signed the Cybersecurity and Infrastructure Agency’s Secure by Design Pledge last year.
This outlines how organizations can best-implement secure by design, including introducing security patches and default passwords.
Alongside these recommendations, introducing secure coding standards, including input validation and avoiding unsafe functions or outdated libraries, will also minimize vulnerabilities being introduced during the coding development stage.
Using a memory-safe programming language can also lower the risk of common vulnerabilities emerging due to unsafe memory handling.
Employing hardware-backed cryptographic key management offers another way of protecting sensitive data by storing encryption keys within dedicated hardware modules.
This can prevent keys from being exposed in software memory, reducing the risk of theft or compromise.
Alongside this, organizations should invest in testing frameworks that include static and dynamic code analysis and vulnerability scanning throughout the development process.
This can inform continuous improvement by making sure security measures are implemented correctly and subsequently fed back into future design.
This is where vendors can lead by example. Encouraging customers to adopt solutions that are secure by default means existing vulnerabilities can be contained and mitigated before impacting the wider business.
This will ultimately minimize the damage a potential attack could cause.
The need for trust and transparency
Alongside security by design, responsible disclosure can also inform a more proactive approach towards cybersecurity. By encouraging customers to acknowledge, document and communicate vulnerabilities in the event of a potential attack, vendors can support organizations in mitigating risk while building user trust and transparency.
Internal self-discovery through rigorous code analysis, penetration testing and fuzzing is one-way responsible disclosure can be implemented.
This can detect and remediate potential vulnerabilities within software before it is released and deployed across the wider organization.
An alternative approach is allowing third-party security researchers to report vulnerabilities via responsible disclosure policies, providing secure channels to co-ordinate communication through investigation and remediation.
This can allow your organization to contain an attack faster, while acting as a warning system for other related sectors at risk of being targeted.
Working with third parties can also foster greater collaboration between the public and private sectors, including customers, researchers and consultants operating within and around the cybersecurity industry.
This can encourage the sharing of threat intelligence and coordinate effective cross-industry responses to future threats.
In today’s threat landscape, simply reacting to the latest threat will no longer suffice – and this is where vendors can take the lead.
By embedding security into product development and encouraging customers to integrate responsible disclosure into existing cybersecurity policies, vendors can support organizations in adopting a more proactive approach towards cybersecurity.
Through this framework of shared responsibility, both customers and their respective vendors can stay one step ahead of future attacks.
We’ve listed the best DevOps tools.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
