Home Leadership Turn Archives Me RampUp Solutions Option Sanity
 


  • Categories

  • Archives
 

Entrepreneurs: Think Security from Day One

by Miki Saxon

https://www.flickr.com/photos/centralasian/8261449212

There are dozens of startups working on wiring everyday products to become part of the Internet of Things (IoT) and a few weeks ago I cited an article that raising money in that arena was tied to building security into a product from the beginning.

Security used to be a function to which consumers gave little thought, but that is rapidly changing.

Anything can be hacked, but awareness was heightened recently when security experts hacked a Jeep’s entertainment system and took control of vital driving functions.

The result of their work was a hacking technique—what the security industry calls a zero-day exploit—that can target Jeep Cherokees and give the attacker wireless control, via the Internet, to any of thousands of vehicles. Their code is an automaker’s nightmare: software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country.

And if none of this makes IoT startup founders rethink their cavalier attitude towards building tough security into their initial design, perhaps this comment from Colby Moore, a security research engineer at the cybersecurity firm Synack, will make them think twice.

“Really, the state of security on these things right now is pretty atrocious… A lot of these device manufacturers are just not security people and they really just don’t have security people on staff, especially when it comes to IoT start-ups. What they are doing is phenomenal with all of these new uses for technology. But security isn’t a concern for everybody. It’s ship now and patch later mentality.” (…)  If you are worried about it then don’t put yourself at risk. It’s kind of up to us to demand a higher security standard and hold the manufacturers to it.”

Flickr image credit: centralasian

6 Responses to “Entrepreneurs: Think Security from Day One”
  1. Andy WillinghamNo Gravatar Says:

    I am a security professional and this is something that we have been talking about for years. It happens in every industry when something new comes along. Everyone is in a hurry to get to market and they don't even consider security beyond the bare minimum and many don't even do that. Many of them know that security needs to be there but security requires more time and that delays their release. What most of them don't understand is that adding security later costs more and is rarely as effective as if it was there from the start. Also what many of them don't seem to understand is that security isn't that hard or time consuming to do early on. For most products everything that they need is already available it just needs to be incorporated into their product and tested. Sure it may delay their release by a couple of days but if they do their planning as they should they can still make their dates and have a better product.

  2. Miki SaxonNo Gravatar Says:

    Hi Andy,

    Do you think they don't understand or just don't care? The last founder I asked about hacking looked at me like I was nuts and then said he would deal with it if something happened.

    I've been around long enough to remember when both manufacturability and quality weren't part of the design function. I also remember how many years that took to change. We can only hope that security will happen faster — not that I think it will keep up with the black hats, but one can always hope!

    Thanks for adding your comments and credibility to the post.

  3. Andy WillinghamNo Gravatar Says:

    Hi Miki, I think it's both. There are those who don't care because the don't understand and those who don't care because they only care about market share and being an early player. It's people like that who are the fuel for the researchers that do things such as the Jeep hack. It takes sensationalism to get the attention of the manufacturers and software companies.

  4. Miki SaxonNo Gravatar Says:

    You're right, Andy, but I think the sensationalism needs to get consumers attention, too, so they will get scared enough to keep their wallets shut and vote with their feet. In general, most companies aren't particularly proactive; they are reactive, but the market has to scream loudly to get them to notice.

  5. MAPping Company Success Says:

    […] post I wrote after two researchers made headlines by hacking a Jeep and taking control of its vital […]

  6. MAPping Company Success Says:

    […] for tech, the public is waking up to the fact that it doesn’t give a damn about people’s privacy, security or even safety as long […]

Leave a Reply

RSS2 Subscribe to
MAPping Company Success

Enter your Email
Powered by FeedBlitz

About Miki View Miki Saxon's profile on LinkedIn

About Ryan ryanrpew

About Marc marc-dorneles-cpcu-b8b43425

About KG View KG Charles-Harris' profile on LinkedIn

About Ajo View Ajo Fod's profile on LinkedIn

Clarify your exec summary, website, marketing collateral, etc.

Have a question or just want to chat @ no cost? Feel free to write or call me at 360.335.8054

Download useful assistance now.

Entrepreneurs face difficulties that are hard for most people to imagine, let alone understand. You can find anonymous help and connections that do understand at 7 cups of tea.

Give your mind a rest. Here are 2 quick ways to get rid of kinks, break a logjam or juice your creativity!

Crises never end.
$10 really does make a difference and you'll never miss it,
while $10 a month has exponential power.
Always donate what you can whenever you can.

The following accept cash and in-kind donations:

Web site development: NTR Lab
Creative Commons License
This work is licensed under a Creative Commons Attribution-NoDerivs 2.5 License.