By Bruce Sinclair

It’s a no-brainer. Since it’s very unlikely your organization has cyber security expertise in network security and web/cloud security and app security and mobile security and, as importantly, system security that considers the interdependencies between these different security frameworks, you’re going to need some help.

For a relatively modest fee, an external security assessment and advisory firm will work with you to test the strength of your IoT product’s security. The predominant technique employed is penetration testing, otherwise known as pen testing, which is used to identify security vulnerabilities, prioritize them and then to provide suggestions for how to remediate them. This is done under the guise of a white hat or black hat approach.

Whichever hat or combination of hats worn, there are three main things you need to complete internally before engaging with one of these firms:

For $10K – $50K you can discover where your security vulnerabilities lie. This then needs to be followed up by putting a price tag on each of those vulnerabilities as part of the risk assessment process within your risk management program i.e. the process of quantifying the cost of the risk and its probability of happening. This will direct how much time and effort you should spend in fixing each of the vulnerabilities found.

When developing an IoT product be sure not to underfund or overfund your security. Finding the right balance starts with knowing what your vulnerabilities are.

Get the first chapter of Bruce’s book, IoT Inc.