National infrastructure in almost every Western country has come under attack by threat actors in the last few years. These attacks have grabbed the attention of businesses, the public and politicians because the attackers have not held only the victim companies to ransom, but also wider society.
While cybersecurity firms are often the first port of call for business leaders desperate for answers, the crucial role of software providers should not be overlooked. These companies, whose technology and software often underpin all the crucial operations of industrial businesses like Colonial Pipeline and JBS, design and are responsible for much of the digital landscapes that hackers target.
As such, their expertise and advice should not go unheeded. The recent meetings between the US administration and some of the world’s largest technology companies shows progress in this area. However, a still greater understanding of software vendors’ place in the cybersecurity ecosystem will be an important step in countering the looming specter of hackers to every business, company, and government.
The first step to understanding the importance of industrial software providers is realizing their central role in the cybersecurity ecosystem. Unlike endpoint security providers, who focus primarily on protecting the digital surface, software providers encounter every stage of the technology stack and the employees who interact with it. This means providing the digital infrastructure for everything: offices, the machinery and sensors in the factory or pipeline, the customer’s control center, and so on.
This central role puts software providers in the unique position from which they can influence the entire internal cyber ecosystem, on both a digital and personnel level. In the case of the former, they can design the entire digital infrastructure of the industrial facility with cybersecurity front of mind. This means building zero-trust architecture and other solutions directly into the system, rather than tacking it on at the end. The result: stronger systems designed to repel attacks, without compromising functionality.
Secondly, software providers’ interactions along the supply chain means that they are well placed to spread important training and information to every employee that interacts with their software (and therefore poses a potential risk).
With great influence comes great responsibility
Industrial software providers’ position in the security ecosystem not only has direct benefits for training and awareness, but also offers the chance to influence customers to make better decisions.
This applies from the very beginning of the relationship – you must think carefully before choosing who you partner with. Does this potential customer have a cybersecurity strategy in place? Do they have dedicated executives ensuring their own ecosystem is secure? These and many other questions should be in the front of your mind, as they won’t only stop you from partnering with a liability but can also lead to positive change for the customer.
By highlighting cybersecurity concerns, you may be able to convince customers that they need to be putting greater emphasis on their defenses and digital culture as a condition of partnership. Some will take the advice, some won’t. Either way, you’ll be better off without the latter, who could have compromised your systems as well as their own.
However, software providers’ role as advisor doesn’t end there. Throughout the relationship, it is their role to bring up important questions about cybersecurity. As the architect of their entire digital infrastructure, software providers are in a position of authority to offer this expert advice. This is what we call being a critical friend. Inevitably, the customer will thank you in the long run.
Every building starts with strong foundations
If there is one takeaway to glean from all this, it is that neither customers nor industrial software providers themselves should forget or overlook the latter’s crucial role in building and maintaining the cybersecurity ecosystem.
By leveraging their position to build security into the architecture from day one and to provide critical advice, software providers can be an important bastion for every company’s cybersecurity strategy.