printer friendly version

A shared responsibility

Nothing man-made is ever 100% secure. Intentional backdoors are bad design and show a significant lack of understanding around the basics of a cybersecure world. In addition, programming mistakes can not be avoided completely.

Cybersecurity is a shared responsibility, none of the stakeholders in the market can fight cybercrime alone, we all need to work together to get ahead in the cyber game. Let’s take a look at the different responsibilities of the different stakeholders.

The user

The main responsibility of the user is to pay for cybersecurity measurements. This can either be done in a ‘DIY’ way, meaning the IT department applies fixes themselves, or to pay an integrator/installer to look after maintenance. A system’s lifespan is easily 10-15 years. Assuming that nothing needs to be done to keep the system in good shape is very short sighted.

The integrator/installer

This stakeholder plays an essential role in the cyber game. The integrator/installer needs to ensure that all his/her own devices, laptops, mobile devices etc. are patched with the latest updates for the OS and run a sophisticated virus scanner. Selected passwords should be complex enough and individual at least per customer and site. The general habit to use one master password to make the service of the devices easier has to be avoided.

Remote access to installations should be limited and all devices being connected to the customer’s system should be checked very carefully for viruses to avoid any kind of infection.

Without maintenance the cybersecurity will very likely decrease over time. The probability is almost 100% that a vulnerability will be found in the system’s context, meaning the OS, the software or the hardware.

The consultant

Another essential component is the work of the consultants, the ones specifying the components for security systems. They need to not only specify the right product features and properties, they also have the responsibility of specifying ongoing maintenance.

The distributor

For a pure distributor, the topic of cybersecurity is very simple. They are just handling the logistics and do not touch the product itself. However, value-add distributors need to consider the same aspects as integrators or installers do.

First and foremost, transparency is key: They need to let their customers know what they are buying. Without this transparency it is typically the price which influences the customer’s buying decision the most. They also need to guarantee to supply firmware upgrades in case of vulnerabilities from their original supplier. The habits of the industry show that a detected vulnerability in the original suppliers’ devices is typically, not fixed in the devices of their many OEM partners.

The manufacturer

Manufacturers’ responsibilities are relatively simple to understand:

• Do not include any intentional aspects, like backdoors, hard coded passwords etc.

• Supply the right tools to make cyber management for many devices as simple and affordable as possible.

• Record relevant aspects in hardening guides or other documentation.

• Enable the use of standard mechanisms make devices as secure as possible.

• Inform the partners and channel about vulnerabilities and available patches.

The consumer

Our own behaviour is also a key aspect to a cyber mature mindset. How often do we change the router’s password? How complex are our own passwords? Do we use different passwords or one master password for most of the applications? Lazy user behaviour is still one of the biggest benefits for hackers. Simple to guess passwords and ones that are used across all logins put consumers at risk of having their accounts hijacked.

One stakeholder alone cannot accomplish the mission to make and keep a system cyber secure. Only by having all stakeholders take responsibility for keeping data safe will we be successful in fighting cybercrime.

Share this article:

Further reading: