Cybersecurity in Focus This October

Cybersecurity Throughout the Product Development Process

Alexander Taschke primarily works with product security within the industrial sector. He explains how he ensures that companies follow relevant guidelines and standards to create secure products from start to finish.

“My work includes everything from risk assessments and design to testing and releasing products. I ensure that security is integrated into every step of the product development process so that we can be confident that the products meet all security requirements when launched on the market,” Alexander explains.

He emphasizes the importance of continuous monitoring even after launching a product.

“It’s about ensuring the product remains secure throughout its entire lifecycle. By implementing security measures and following established standards, we protect both companies and users from cyber threats.”

When it comes to common security flaws, Alexander points out that the human factor is often the biggest vulnerability.

“Lack of awareness and a reluctance to prioritize security are major issues. There are often no clear and consistently applied security routines. Cybersecurity training is frequently neglected,” he says, stressing that training staff, particularly management, is key to building a security culture.

Putting Security to the Test

Jesper Blomström, who is the Security Testing Lead at HiQ, works to coordinate and develop the company’s security reviews—often called penetration tests or pentests.

“My role is to meet with clients, understand their needs, and expand our capabilities, tools, and working methods for security reviews,” says Jesper.

He often sees how password management shortcomings and cloud service misconfigurations create major security risks.

“The problem has shifted from on-prem solutions to cloud services, but there are still many companies that don’t have control over the configuration of their cloud environments,” Jesper explains, adding that exposure of vulnerable services and poor control of API keys are common problems.

To minimize these risks, he recommends that companies eliminate password dependency, apply the Principle of Least Privilege, and maintain close monitoring of their cloud environments.

Governance, Risk, and Compliance as a Line of Defense

Lovisa Göransson Ording works in the area of Governance, Risk, and Compliance (GRC) and helps companies build resilience against cyber threats by identifying and managing security risks.

“By implementing and ensuring compliance with regulations like GDPR or NIS2, we strengthen public trust and make society more resilient against cyber threats,” says Lovisa.

She also sees that many companies fail to train their staff or create a security culture. This leads to human errors, such as phishing or poor password management, continuing to be common causes of breaches.

“Security work must become a natural part of operations, not just a technical issue. By applying a risk-based approach and regularly evaluating their processes, companies can better adapt to new threats and changing regulations,” she explains.