Why Would Companies Care About Securing Embedded Devices Before Production?


January 04, 2017

Why Would Companies Care About Securing Embedded Devices Before Production?

Manufacturers, engineering firms and consulting companies come to us for answers on securing embedded firmware devices before they go to production. They're on a mission to find real tools and techniques that proactively secure their devices.

We agree with this mission -  but not just because we built training for embedded device security and the Centrifuge IoT Security Platform.

It's likely you've heard of IoT hacks, including the Mirai botnet that used remote cameras and home routers to launch attacks. These types of attacks happen because millions of IoT devices house insecure embedded firmware (the majority were never designed with security in mind).

IoT hacks will continue to create precarious and dangerous situations for all of us. Their potentially devastating effects are far reaching and, according to prognosticators, many more hacks are predicted for the indefinite future.

Companies with a conscience will find it impossible to ignore the priority of embedded firmware device security.

So, why would companies care?

1. Trust

By offering secure products and services, companies have the opportunity to build trust and belief with their vendors and clients. Trust and belief creates well-being, good press, continued relationships and repeat sales. But, trust is a delicate element and must be guarded and protected at all times. Attempting to secure devices after the fact may be too late, too difficult and too expensive.

2. Liability

The flip side of trust is mistrust. When there's a breach, there's consequences. Breaches can cause real damages and companies may be liable for those damages.

Securing embedded firmware devices before production offers companies a solid foundation on which they're proactively trying to avoid hacks.

3. Potential Financial Loss and Loss of Credibility

Liabilities may bring financial loss and loss of credibility. Consider what happened when "short seller Muddy Waters Capital, which holds a short position in St. Jude Medical Inc., claimed...for the second time that the medical device maker’s implantable cardiac devices are vulnerable to cyberattack."

Companies, owners, employees and stockholders may experience lost business and credibility when their devices are exploited.


But, let's end on a positive note. There are many ways for companies to secure their embedded firmware devices before they're produced. As more companies see that endpoint security may be too little, too late, they embrace the truism that an ounce of prevention is worth a pound of cure - especially in cybersecurity.