Q&A: Why Do Companies Care About Securing Embedded Firmware Devices Before Production?


January 04, 2017

Q&A: Why Do Companies Care About Securing Embedded Firmware Devices Before Production?

Q: Why Do Companies Care About Securing Embedded Firmware Devices Before Production?

A: Manufacturers, engineering firms and consulting companies are coming to us for answers on securing embedded firmware devices before they go to production. They've begun a mission to find the right tools and techniques that will proactively secure their devices.

We agree with their mission -  but not just because we offer training for embedded device security and the Centrifuge IoT Security Platform.

You've heard of IoT hacks, including the Mirai botnet that used remote cameras and home routers to launch its attacks. These types of attacks are viable because millions of IoT devices include unsecured embedded firmware - and the majority were never designed with security in mind.

Cyber attacks like these have and will continue to create precarious and dangerous situations for us all. Their potentially devastating effects are far reaching and, according to prognosticators, more are predicted for 2017 and beyond.

Companies with a conscience and a desire to protect their business will find it impossible to ignore that embedded firmware devices must be securely built before production.

What are the top reasons why companies care?

1. Trust

By offering secure products and services, companies have the opportunity to build trust and belief with their clients and consumers. Trust and belief creates well-being, good press and repeat sales. At the same time, trust is a delicate element and must be guarded and protected at all times. Attempting to secure devices after the fact may be too difficult and expensive.

2. Liability

And the flip side of trust is mistrust. When there's a breach, there may be consequences. Sometimes, a breach causes true damages and companies may be liable for those damages.

Securing embedded firmware devices before production can offer companies a solid foundation on which they're proactively trying to avoid hacks.

3. Potential Financial Loss and Loss of Credibility

Liabilities may bring financial loss and loss of credibility. Consider what happened recently when "short seller Muddy Waters Capital, which holds a short position in St. Jude Medical Inc., claimed...for the second time that the medical device maker’s implantable cardiac devices are vulnerable to cyberattack."

Companies, owners, employees and stockholders may experience lost business and credibility when devices are exploited.


But, let's end on a positive note. There are many ways for companies to secure their embedded firmware devices before they're produced. Taking a proactive approach is one of best paths to create true security.

As more companies understand that endpoint security may be too little, too late, they embrace the truism that "an ounce of prevention is worth a pound of cure."