The key trends in cybersecurity
28 January 2022
The average cost of a data breach rose from USD 3.86 million to USD 4.24 million in 2021. With the increasing prevalence of connected devices in consumer markets, SGS expert Thomas Jorgensen, Chief Commercial Officer, explores the drivers impacting security.
In the first quarter of 2021, a UK government survey found 39% of business experienced some form of cyberattack. In many cases, there was significant damage that had multiple knock-on negative effects. In November 2021, the Irish government acknowledged that an attack on its Health Service Executive system in May had cost EUR 37.5 million to repair and improve. This figure did not include associated costs.
Cybersecurity is a global issue. As the world becomes ever more connected, cyberattacks are now a problem that affects everyone, from governments to individual consumers.
Internet of Things (IoT)
In an increasingly connected world, there is growing reliance on smart technology in the workplace, home and even on the road. Consumers can buy smart televisions, smart refrigerators, and even smart coffee machines.
Connecting these devices to the online world does make them susceptible to cyberattack. A test conducted in July 2021 found that a smart home could expect to be subjected to more than 12,000 scanning or hacker attempts in one week. In most cases, security measures built into the smart technology were able to resist the attacks, but a security camera was hacked and then used to spy on the homeowners.
Turning smart devices against their owners isn’t the only objective of the hacker. In 2016, tens of millions of home smart devices were used to orchestrate a cyberattack on popular websites. Individually, each device contains minimal processing power, but collectively they can become a formidable weapon.
Where do the problems exist?
Innovation and entrepreneurship have sparked rapid advances in smart technology. In the next generation of must-have IoT products there may be a start-up that is only a few months old, but this dynamism comes at a cost. To succeed, these companies need to get a product to market quickly and, while they can instantly see tangible benefits to spending money on development, there is less incentive to focus on security. In many instances, the product is created, and security is added on as an afterthought. It is only as the business matures, and has a reputation to protect, that security considerations will become a clear part of the organisation’s risk mitigation strategy.
The habit of overlooking the importance of security also stems from the fact that any problem with the product will initially impact the customer and not the company. Companies may also be experienced in the technology required to build, for example, a coffee machine, but that doesn’t mean they have the knowledge needed to make their product ‘smart’ and secure.
Without this knowledge, there can be confusion over how to approach cybersecurity. Businesses will need access to experts who can focus their attention on threats, solutions, and ways of ensuring cybersecurity remains a central part of the development process. To add to this complexity, there are an increasing number of standards available to manufacturers but finding the right standard for a particular product can be difficult.
Where does security start?
Around the world, standards for cybersecurity are rapidly being developed. These offer baseline protection against most attacks but, in terms of more specialist protection, developers will need to talk to cybersecurity experts to ensure they are utilising the right standard for their product.
Part of the problem may be classification. The smart coffee machine is a consumer product but, if it is used in an industrial setting, it may require more advanced security because the implications of a hack may be far greater. Focusing on security at the infrastructure stage remains important, but companies also need to be sure that entry points, such as the smart coffee machine, are also protected. As the 2016 attack shows, criminals can exploit consumer products.
There are industries with a long history of cybersecurity protection, e.g., the payments industry. Consumer product manufacturers can learn a lot from the way they approach cybersecurity. They focus their attention on constant evolution, building ever more robust solutions on the back of already advanced systems.
This approach may not directly be applicable to the coffee machine manufacturer who is developing its first smart device, but it does provide a model for success. They can use components certified to an applicable standard to ensure their products are secure.
Security by design
Security evaluations are now a vital part of any product’s development. Product security certification is a mandatory requirement before a product can be launched, and developers will be looking for a valid proof of compliance to help them to manage risk and differentiate themselves in a competitive market.
Cybersecurity should be considered from the earliest stage of a product’s development life cycle. It is no longer enough to just test the finished product. Instead, engineers should focus on developing a product using certified components.
Ultimately, this is a question of trust. Developers, manufacturers and consumers all want to be able to trust the products, systems and components they buy. Independent assessment and certification against recognised standards create trust and help build customer loyalty. This approach to developing secure products also gives manufacturers direct access to industry specialists, enabling them to constantly improve the security of their products/systems.
SGS Brightsight offers security evaluation services against more than 50 internationally recognised standards. Its solutions cover a wide range of product areas, including payment technology, automotive, medical, industrial, government and IoT. With accredited testing facilities in all corners of the world, the company has the capabilities in place to help ensure products are ready for a connected world.
Learn more about SGS Brightsight.
Contact Details and Archive...