Why the importance of product cyber security continues to grow
Products with digital elements and IoT (Internet of Things) - devices have become the norm in industrial companies and everyday life. Whether smart home devices, production facilities or logistics systems: many products are connected to the internet or other networks, which enhances their functionality but also offers attack surfaces for cyber criminals and other malicious actors.
The complex, unique architecture of each individual product and other factors, such as scarce computing power and memory, make it difficult to implement security measures. The variety of devices and protocols, combined with their longevity and often lack of security updates, increases the risk of security vulnerabilities. In addition, they often have to interact with other systems and devices, which can open up additional security gaps. Embedded software in IoT devices is difficult to update and many of these devices collect personal data, making them attractive targets for attacks.
Successfully exploiting a vulnerability in a product may enable further malicious actions, such as circumventing a pay-per-use rule and activating a chargeable function. Intellectual property may also be at risk, as is a backend server communicating with a compromised product, potentially enabling access into a corporate network. In such a way, a compromised product not only damages a company's image, but may also lead to financial losses or even a danger to human life (functional safety and security).
To address such issues in a holistic manner, the EU introduced the Cyber Resilience Act (CRA). It ensures that all products with digital elements offered in the EU market will meet strict security requirements.
