What is security?
A security analysis of a system will consider the assets that need to be protected and the likely threats that are considered in scope. This threat analysis will inform a set of security requirements that require parts of the system to be protected in confidentiality, integrity or authenticity. For example, cryptokeys might need to be kept secret, an identity might need to be protected against modification, or software must prove that it is the genuine version from the OEM.
Why is it important?
If you connect a device to the internet and it is a successful product, you can expect it to be hacked. Where the device has value or can be repurposed, for example to support a denial of service attack, people will spend time and money looking for exploitable vulnerabilities. Poorly designed products can end up causing reputational and financial damage to companies.
Goals of security
An internet connected device might be attacked for many different reasons. An attack might be attempted to extract a ransom or other monetary gain, or it might be an interesting target for researchers or for enabling a botnet to disable websites. A goal of system security is to make attacks on a system uneconomic. By increasing the cost, time and difficulty of attacks it is likely that fewer will succeed. For many companies having devices with robust security is an important part of their brand image.