The financial losses associated with damage to your brand can be devastating, sometimes in the millions of dollars. According to an IBM study, 66% of threats impacting brand damage can be attributed to IT system failures and 46% can be attributed to cyber security breaches.
Depending on your industry and markets, protecting your brand identity can be as simple as a solid and responsive social media presence or as complex as a series of security measures that will keep your product’s integrity intact. In many industries, specifically those that deal directly with government or regulated industries, brand integrity is a big deal. The same is true for other consumer driven areas, like the automotive and health care industries, in which advances in technology leave organizations open to new threats that can leave consumers questioning their credibility.
Third Party Solutions and the Risk to Your Brand
Since 2013, there have been significant security breaches that impacted companies of various backgrounds, exposing sensitive consumer information and breaking valuable bonds of trust. Healthcare (Anthem, Premera Blue Cross), finance (JP Morgan), retailers (Target), and online entities (Google, Linkedin), as well as their users/customers, have all been the victims of vicious cyber-attacks, and there is no sign that these attacks will stop in the near future.
Perhaps, most notably is the 2014 Heartbleed Bug, which was a catastrophic vulnerability found in the OpenSSL implementation of SSL and TLS. This vulnerability made it possible for anyone on the internet to steal information that was typically protected by encryption.
Since OpenSSL is an open source library, nearly 17% of all secure websites that implemented it became vulnerable. In a “heartbeat”, all companies that utilized OpenSSL became victims, in their own right, and though the Heartbleed Bug became widely known in 2014, it was actually committed to two OpenSSL versions 2 years earlier. For brands that relied on OpenSSL, this represented 2 years where consumer information was in jeopardy.
These brands were left vulnerable at a single fail point that existed for two whole years — one that no one anticipated.
Certification & Validation: The Path to Brand Security
When a client comes to Corsec to begin their journey towards obtaining a Common Criteria certification, a FIPS 140-2 validation, or listing on the DoDIN APL, their reasons may vary, but typically clients want to achieve certification so that they can expand within or access markets that were previously out of reach. And while getting that box checked is a driving reason for many certifications, there is a hidden yet powerful benefit to security certifications – they make your product, and therefore your brand, more secure. When it comes to the relationship between security certifications and brand reputation, it’s important to keep the following points in mind:
Certifications assure that your product meets rigid security requirements that mitigate the threat of breaches and other security based risks that could cost your brand long term, irreparable damage.
As we guide clients through the certification process, we make sure that their products, and the company as a whole, are meeting or exceeding these requirements. Corsec works with clients to implement changes and updates to secure a product at various entry points, including everything from supply chain management to source code and encryption.
A fully validated product means your organization is in full control of your brand. As was pointed out above, in the case of Heartbleed, organizations tethered to a single threat outside their means to fix or control could face disastrous circumstances.
When an organization chooses to rely on their own fully validated product, they are securing every single point of entry within their product. This measure mitigates risk more effectively and keeps a product above the curve.
Security validations require compliance maintenance (learn more here). However, failure to do so can mean your product is no longer up to date and even worse, could be removed from government approved product purchasing lists. This was the case for many products that had gone through FIPS validation but used outdated Random Number Generators (RNG).
At Corsec, we recognize the importance of certification maintenance and make it our goal to care of our clients long after certifications and validations are achieved. We can work with your organization to make sure your product continues to stay market ready and assist you as you determine which path will keep your product, your consumers, confidence, and your brand secure.
Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe