“Moving fast and breaking things” has never created trust. Start-ups must build customer trust from early days by embedding sound security and privacy practices in the products and in their culture.
For regulated industries (which isn’t in the age of GDPR?), blind trust will never be enough and being able to demonstrate a sufficient degree of due-diligence on key vendors will always be essential to defend against any liability in case of a data breach.
Security products consolidation and integration become key factors, as the “when-not-if” paradigm around cyber attacks takes centre-stage with senior executives and their focus shifts away from risk and compliance, towards execution and delivery.
Instead of being treated as another box checking exercise and a quick win, cyber resilience must be embedded into the right corporate structures and used to channel a different culture from the top down around cyber security.
Many large organisations now assume that breaches are simply inevitable, due to the inherent complexity of their business models and the multiplication of attack surfaces and attack vectors which comes with it. This realisation changes fundamentally the dynamics around cyber security.
The security of any IoT product should be seen as a functionality, not an add-on, and treated as an inherent component of any use case. Basic security good practices will vary depending on the usage of the product but should be part of any MVP.