This morning NPR broadcast an interview from CES that highlights the growing pains of security and privacy for health-related devices. It highlights the paradox: you can't bolt on security after the fact; you need to build it in. But what happens to a fledgling startup more worried about basic survival and getting their first customers? I think it's foolish to say one cannot think about cybersecurity at all just because a company is struggling to stay in existence. Instead, one must innovate and make frugal yet wise choices for cybersecurity risk management. A product's core architecture should not preclude security properties. A threat model is as essential as a specification of software behavior. Here's to 2014. May your product not become a cybersecurity admonition when it finally takes off in the marketplace. Be frugal, not cheap.
Startups Often Focus On Data Security Too Late, If At All