The cybersecurity landscape is continuously changing, with organizations increasingly adopting artificial intelligence (AI) and more complex software supply chains. In order to achieve true cyber resiliency, companies are recognizing the need for a proactive strategy that goes beyond traditional cybersecurity protocols.
The recent Building Security in Maturity Model (BSIMM) 15 report from Black Duck offers valuable insights into how organizations are responding to today’s cybersecurity challenges, emerging risks, and the most effective strategies for enhancing security programs. By examining the security practices of 121 organizations across different industries, BSIMM15 serves as a roadmap for understanding the biggest threats organizations face, meeting compliance requirements, and safeguarding the software ecosystem.
One of the key findings of the BSIMM15 report is the evolving state of software security. As AI-driven systems become more complex, new threats and vulnerabilities emerge, prompting organizations to establish dedicated research groups to study these emerging threats and develop defensive strategies. The report revealed a 30% increase in organizations forming such research groups, along with a doubling in the use of adversarial testing to identify potential exploits in AI models.
Securing the software supply chain has also become a top priority for organizations due to evolving regulatory requirements. There has been a significant increase in the use of software composition analysis (SCA) to identify vulnerabilities in open-source components, as well as a rise in the generation of software bills of materials (SBOMs) to provide greater visibility into deployed applications. However, the report noted a concerning decline in security awareness training, emphasizing the need for increased investments in educating employees on cybersecurity best practices.
To mitigate emerging threats, AI risks, and challenges in the software supply chain, organizations must refine their security strategies. Personalizing security protocols based on unique business needs is crucial, especially when it comes to AI security. Businesses should proactively gather intelligence on AI-related threats, establish secure design patterns for AI models, and embed AI security into existing governance frameworks.
Enhancing software supply chain security is another critical priority, with organizations increasingly adopting SCA and creating SBOMs to improve transparency into software dependencies. A “shift everywhere” approach to cybersecurity is necessary, integrating security across legal, audit, risk management, and vendor oversight functions. By embedding security throughout the entire software development lifecycle, organizations can better manage real-time security threats and compliance requirements.
As cyber threats grow in complexity and regulatory expectations evolve, organizations must take a proactive and strategic approach to security. Strengthening defenses against AI-driven threats, securing the software supply chain, reinvesting in security awareness, and integrating security across all business functions are essential steps in building a resilient security program. By staying ahead of the curve and adapting to the changing cybersecurity landscape, organizations can better protect themselves against evolving threats and ensure cyber resiliency.