IoT cybersecurity: Why not make it a business enabler?

November 6, 2017 at 14:06

A while back I was thinking of switching my old car to something modern and went to a car shop of one of the modern era’s most advanced car makers. There I got a great speech about how connected cars deliver more value throughout the car ownership cycle by delivering constant updates that positively affect safety, performance and overall driving experience without the need for additional investments. I also learned that I could buy new functionalities for the car from the company’s website and those would be downloaded and installed in the car overnight, which means I wouldn’t have to make decisions on some of the additional car features in advance, prior to buying the car itself.

IoT cybersecurity

The sales rep was able to calculate positive, fast RoI, compared to my current gasoline-feasting, air-polluting, tree-eating monster. As I was basically sold, which is not an easy accomplishment, a question popped into my mind; if this car gets updates that may affect the car’s performance and safety functions via internet, how can I be sure that the car can survive a potential hacking attempt, without threatening the passengers? Suddenly the highest value that the sales rep was proposing became a huge red flag to me. Although the sales rep tried to fix the situation, statements like “we take security seriously” and “we have the capability to patch the car remotely”, does not really make me trust one’s products, especially safety-critical ones.

I’m surprised by how uncommon it is for vendors, who really invest in security, to leverage it in terms of added value. With the disquieting experience in the car shop fresh in my memory, I’ve gathered some ideas on how one can really leverage cybersecurity investments to gain customer trust.

Let your customers know why you should be trusted

Of course, you have hired the best superstar security specialists or collaborating with a cybersecurity company to ensure that your products are secure today and tomorrow, so why not announce it?

Be proactive

Create a separate page on your website explaining in (preferably) human-comprehensible language, how you are actually making sure that the bad hackers won’t get into your customers products. Truthfully speaking, everyone knows that security can fail. By communicating your preparedness and potential measures to sustain or mitigate a cybersecurity breach, you will definitely show concern for your customer’s security and safety as well as enable trust by highlighting your preparedness.

Publicly reward people who help you make your products safe

There are a number of communities as well as individuals that are searching vulnerabilities in products during their free time just for fun or due to a higher calling. In addition to monetary rewards, give a shout-out to the public, thanking them for their efforts. Compete in different breach exercises and promote these events while also tending to your marketing channels.

Innovate

You know your products best, which enables you to create cybersecurity solutions not seen by the rest of the world, specific to your products. Promote your security innovations! Not only you will gain respect from your clients, those security superstars that I mentioned a few paragraphs back will be more interested in you as an employer, probably making your efforts of hiring them better, as the competition for the best cybersecurity professionals is hard nowadays.

What’s next?

If you are a Product Owner or a Marketing expert and like the ideas above or perhaps have some of your own, do not hesitate to establish a relationship with R&D and security organizations within your company. Although they seem to be working in their dungeons and are under heavy workload, I’m pretty sure that they are willing to contribute to your efforts to add value for your customers through cybersecurity. The value is most probably already there, it’s just the communication link to the outside world that needs to be established.

Some Examples

Why should you be trusted: https://techcrunch.com/2017/03/14/apple-hires-security-researcher-jonathan-zdziarski/

Proactiveness: https://transparencyreport.google.com/

Public awards: http://nordic.businessinsider.com/finnish-spare-time-bug-bounty-hunter-found-an-error-worth-a-$22000-reward-2016-10/ , also the hall of fame idea is quite cool https://www.tesla.com/fi_FI/about/security

Innovation: http://drives.danfoss.com/newsstories/drives/industrial-iot-innovation-receives-international-recognition/?ref=17179934118#

 

Related blogs