In 2021, the average cost of a data breach increased to USD 4.24 million.1 As the world becomes ever more connected, what are the key drivers impacting cybersecurity?
In the first quarter of 2021, a UK government survey found 39% of business experienced some form of cyberattack. In many cases, there was significant damage that had multiple knock-on negative effects.2 In November 2021, the Irish government acknowledged that an attack on their Health Service Executive system in May had cost EUR 37.5 million to repair and improve. This figure did not include associated costs.3
Cybersecurity is a global issue. As the world becomes ever more connected, cyberattacks are now a problem that affects everyone, from governments to individual consumers.
Internet of Things (IoT)
Our world is increasingly becoming connected. We now rely on smart technology in the workplace, home, and even on the road. Consumers can buy smart televisions, smart refrigerators, and even smart coffee machines.
Connecting these devices to the online world does make them susceptible to cyberattack. A test conducted in July 2021 found that a smart home could expect to be subjected to more than 12,000 scanning or hacker attempts in one week. In most cases, security measures built into the smart technology was able to resist the attacks, but a security camera was hacked and then used to spy on the homeowners.4
Turning smart devices against their owners isn’t the only objective of the hacker. In 2016, tens of millions of home smart devices were used to orchestrate a cyberattack on popular websites.5 Individually, each device contains minimal processing power, but collectively they can become a formidable weapon.
Where do the problems exist?
Innovation and entrepreneurship have sparked rapid advances in smart technology. The next generation of must-have IoT product may come a start-up that is only a few months old, but this dynamism comes at a cost. To succeed, these companies need to get a product to market quickly and, while they can instantly see tangible benefits to spending money on development, there is less incentive to focus on security. In many instances, the product is created, and security is added on as an afterthought. It is only as the business matures, and they have a reputation to protect, that security considerations will become a clear part of their risk mitigation strategy.
The habit of overlooking the importance of security also stems from the fact any problem with the product will initially impact the customer and not the company. These companies may also be experienced in the technology required to build, for example, a coffee machine, but that doesn’t mean they have the knowledge needed to make their product ‘smart’ and secure.
Without this knowledge, there can be confusion over how to approach cybersecurity. They will need access to experts who can focus their attention on threats, solutions, and ways of ensuring cybersecurity remains a central part of the development process. To add to this complexity, there are an increasing number of standards available to manufacturers but finding the right standard for your product can be difficult.
Where does security start?
Around the world, standards for cybersecurity are rapidly being developed. These offer baseline protection against most attacks but, in terms of more specialist protection, developers will need to talk to cybersecurity experts to ensure they are utilizing the right standard for their product.
Part of the problem may be classification. The smart coffee machine is a consumer product but, if it is used in an industrial setting, it may require more advanced security because the implications of a hack may be far greater. Focusing on security at the infrastructure stage remains important, but companies also need to be sure that entry points, such as the smart coffee machine, are also protected. As the 2016 attack shows, criminals can exploit consumer products.
There are industries with a long history of cybersecurity protection, e.g., the payments industry. Consumer product manufacturers can learn a lot from the way they approach cybersecurity. They focus their attention on constant evolution, building ever more robust solutions on the back of already advanced systems.
This approach may not directly be applicable to the coffee machine manufacturer who is developing their first smart device, but it does provide a model for success. They can use components certified to an applicable standard to ensure their products are secure.
Security by Design
Security evaluations are now a vital part of any product’s development. Product security certification is a mandatory requirement before a product can be launched, and developers will be looking for a valid proof of compliance to help them to manage risk and differentiate themselves in a competitive market.
Cybersecurity should be considered from the earliest stage of a product’s development life cycle. It is no longer enough to just test the finished product. Instead, engineers should focus on developing a product using certified components.
Ultimately, this is a question of trust. Developers, manufacturers and consumers all want to be able to trust the products, systems and components they buy. Independent assessment and certification against recognized standards create trust and help build customer loyalty. This approach to developing secure products also gives manufacturers direct access to industry specialists, enabling them to constantly improve the security of their products/systems.
SGS Solution
SGS Brightsight offers security evaluation services against more than 50 internationally recognized standards. Our solutions cover a wide range of product areas, including payment technology, automotive, medical, industrial, government and IoT. With accredited testing facilities in all corners of the world, we have the capabilities in place to help you ensure your products are ready for a connected world.
Learn more about SGS Brightsight.
For more information, please contact us here.
Thomas Jorgensen
Chief Commercial Officer
SGS Brightsight
Connectivity & Products
References
1 Cost of a Data Breach Report 2021 | IBM2 The cost of a cyber attack in 2021 - IT Governance Blog
3 HSE spend to remedy cyberattack harm tops €37m, says Minister
4 How a smart home could be at risk from hackers
5 'Smart' home devices used as weapons in website attack