Product Cybersecurity in a Changing World
Interview with Alexander Tollet, HiQ
In a world where digitalization and connected systems are growing at a rapid pace, product security and cybersecurity are becoming increasingly crucial. We sat down with Alexander Tollet, an expert in the field and senior security consultant at HiQ, to gain his insights into what companies need to consider regarding product security.
What are the biggest challenges in product security and
cybersecurity today?
– The biggest challenge is getting companies to understand that cybersecurity is not just about technical solutions or individual products – it needs to permeate their entire organization. Cybersecurity must be integrated into every aspect of how the company develops products, manages its suppliers, and supports its customers. It’s essential for companies to realize that security is not an isolated part of the development process but a continuous, strategic issue that requires all parts of the organization – from management to development teams – to work with a unified security mindset.
It’s not just about protecting software, but about securing the entire ecosystem – from hardware and cloud services to networks and third-party components. Companies need to build security into every step, ensure suppliers meet the same security requirements, and support customers in using the products safely.
Are there other aspects companies need to consider?
– If a company’s customers are subject to cybersecurity legislation, or if they themselves have well-established cybersecurity practices, they will also require their suppliers to have effective security routines in place. This is crucial for continuing to supply these customers and maintaining business relationships.
Not having a comprehensive security approach can have serious consequences for a company if a security incident occurs. A lack of integrated security can lead to significant financial losses, damage to the brand, and legal repercussions. Therefore, a proactive and systematic security approach is vital for a company’s survival and success.
“Security by Design” is often mentioned in this context.
What does it mean concretely for companies
developing products?
– Security by Design is a method where security is a fundamental part of the entire product development process, from concept to delivery and throughout the product’s lifecycle.
With this approach, security becomes a central part of product development from the very beginning. For companies developing products, it means that security cannot be something added later; it must be an integrated part of the entire process. This involves systematically identifying and managing potential security risks early on, whether it’s about protecting data communication, securing user access, or ensuring that all components in the product are secure.
A central tool is the ISA/IEC 62443 standard, which we often work with. It’s used to ensure that the company’s organization and products meet security requirements. By implementing security in both internal processes and product development, companies cover the basic security requirements needed to protect both their operations and products. This way, they can avoid the difficulties and costs that arise when trying to add security retrospectively.
How does HiQ support companies in their security efforts?
– HiQ can support companies throughout the development process regarding product security and cybersecurity. The best approach is to take a comprehensive view, starting by analyzing both the company’s organization and its products to understand where they currently stand. We map out which cybersecurity standards, frameworks, and legal requirements apply to the company and perform a GAP analysis on the organization to identify any shortcomings relative to these requirements.
Once we have a clear picture of the company’s current situation, we work together to develop a prioritized plan for how best to implement cybersecurity within the organization and in their products. HiQ then provides support throughout the implementation process to ensure that all measures are introduced correctly and effectively.
HiQ can support companies throughout the development process regarding product security and cybersecurity. The best approach is to take a comprehensive view, starting by analyzing both the company’s organization and its products to understand where they currently stand.
Alexander Tollet, Senior Security Consultant, HiQ
For those who cannot take a comprehensive approach
from the start, where should they begin?
– Indeed, many companies do not have the luxury of addressing the entire company and all products at once. In such cases, it’s best to identify one or more key products to focus on. We can then conduct threat modeling on these products and ensure cybersecurity is implemented there first. In parallel, we perform a GAP analysis on the projects developing the products to ensure a secure development process. This gives the company a solid foundation for its most important products and projects, which can then be expanded to cover the whole organization and other products.
HiQ can also provide resource consultants who strengthen your organization in various areas of cybersecurity, such as GAP analysis, process implementation, threat modeling, security testing, and security certifications. This allows you to build internal expertise while advancing your security work in a structured and effective way.
We also offer training to the company’s staff in relevant security standards, frameworks, and legislation, such as IEC 62443, NIS2, and CRA, among others.
How do you view the future of cybersecurity
and product security?
– I believe we will see an even stronger link between legislation and cybersecurity. Upcoming directives, such as NIS2 and the Cyber Resilience Act, will force companies to take security issues seriously. These laws will place higher demands on companies to secure their products and to report incidents quickly. If companies do not meet the requirements, it can lead to both financial penalties and brand damage.
And as I mentioned, if a company has customers who are subject to these regulations, it must comply with the requirements if it wants to continue supplying products to the customer.
At the same time, we’ll see more and more connected devices and systems, which means cybersecurity will become even more complex. It will therefore be important to have a holistic view and ensure that not just the product, but the entire chain – from suppliers to the end customer – is secure.
Thank you for your time, Alexander.
Is there anything final you’d like to add?
– Thank you! I would just like to emphasize that security is not a project with a beginning and an end; it’s an ongoing process. Continuous monitoring, testing, and updating are required to keep products secure over time. And above all – educate your employees. The human factor is often the weakest link, so having personnel who understand the security challenges is crucial.
A well-functioning security approach is not only a safeguard for the company but can also be a significant competitive advantage. In a time when customers and business partners are placing increasing demands on security, strong security work is an opportunity to differentiate in the market and build trust with both existing and new customers.
Would you like to learn more about product security and how your company can proactively address cybersecurity? Contact us at HiQ or read more in our knowledge hub.