Cybersecurity to Improve Profitability

  /  ICS Security   /  Cybersecurity to Improve Profitability
Security

Cybersecurity to Improve Profitability

Cybersecurity has financial benefits, offers product differentiation, and smooths out the patching processes both for product manufacturers and their customers. The importance of cyber defense will go up over time. Cyber defense and security for embedded systems is justified using a total cost of ownership approach, as quantifying economic benefits will help justify faster adoption.

Scanning and Patching Software

Scanning and patching are major cost drivers in the development and maintenance of products. That’s the aspect cyber defense proposals can attack. Effort is put into code scanning/review, penetration testing, subsequent remediation, and then coordinated release of patches to customers. These issues spawn lengthy retesting cycles and gobble up R&D resources that would otherwise be able to work on new features and products.

However, even scanning and patching are not enough. A recent study by North Carolina State University shows that for Linux operating system software over a 10-year period, only 2.5% of memory vulnerabilities were identified in vulnerability scanning tools. Which shows us that scanning, a widely adopted practice, leaves one vulnerable.

Reduce Patching and Remediation Costs

The reduction of patches means the additional benefit of controlling patch timing and better communication. For a product manufacturer, there is a delicate balance between announcing vulnerabilities and managing expectations on the time required to issue a patch for the vulnerability identified. When done well, security can be a differentiator to drive sales adoption. When done poorly, makers are scrambling to research a vulnerability, consuming scarce resources that could be applied to new product features.

Other benefits include improved customer relationships (no one likes patching) and improved engineering team experience (no one likes chasing down someone else’s vulnerability). Some of these soft benefits could be quantified as well, but the math gets more complicated and that reduces the impact.

Read the full post from RunSafe Security to see a total cost of ownership (TCO) example completed for an embedded product manufacturer.