Even after the devices are sold, manufacturers still have a role in supporting the customers' cybersecurity needs and goals for their IoT devices. For instance, they can respond to vulnerability reports and provide critical updates.
Most important post-market phase activities can be divided into two groups:
- Defining approaches for communicating to customers
- Deciding what and how to communicate to customers
To help define communication approaches, manufacturers can answer questions like the following:
- What terminology will be most understandable to the customer?
- How much information will the customer need?
- How/where will the information be provided?
Topics that manufacturers might want to use in their communications can be:
- Cybersecurity risk-related assumptions
- Support and lifespan expectations
- Device composition and capabilities
- Software updates
- Device retirement options
As pressure is put on manufacturers to roll out new products, securing IoT devices is becoming more and more challenging. While businesses can't eliminate all IoT attacks, organizations that have their IoT security in check can focus back on their primary goals - optimizing processes, improving quality of service, and reducing costs.