IoT devices can be made cheaply and quickly. But as a result, they may lack adequate security features. The Atlantic Council is proposing regulations that would require technology retailers to sell devices that meet security standards, which would, in turn, put pressure on IoT component makers.
This edition of the ISMG Security Report analyzes whether IoT devices will outlive their security updates. Also featured: Why security spending needs to shift further upstream; could banks be custodians of identity?
Without labelling or standards, consumers and enterprises face challenges when buying IoT devices. Brad Ree of the ioXt Alliance describes work underway to harmonize the security environment.
The Sodinokibi ransomware gang is targeting point-of-sale payment device software after infecting networks with its crypto-locking malware, according to Symantec.
Enterprises need to move away from manual threat detection methods to leverage artificial intelligence, which can help boost defenses, says Dr. Jassim Haji, president of Artificial Intelligence Society, Bahrain Chapter.
Many ransomware gangs hell-bent on seeing a criminal payday have now added data exfiltration to their shakedown arsenal. Gangs' extortion play: Pay us, or we'll dump stolen data. One massive takeaway is that increasingly, ransomware outbreaks also are data breaches, thus triggering breach notification rules.
Integrating IoT devices into OT systems brings a raft of security concerns. Microsoft's acquisition of CyberX, which offers a specialized IoT/OT security platform, may give some organizations more confidence to tackle what can be a messy business of securing and monitoring IoT controls across a network.
If you've managed to equip your home with smart devices and appliances that work properly, you probably think you're all set. But there are no regulations around how long manufacturers must provide security updates, which could mean a smart device could become a risk.
Britain's failure to contain COVID-19 - despite Prime Minister Boris Johnson promising a "world-beating" effort - now includes a failed digital contact-tracing app. A new version, built to work with Apple and Google APIs, may be released by winter. Really, what's the rush?
An Australian IoT alliance is developing a certification program designed to raise security standards for connected device manufacturers and give consumers more confidence that they're buying secure devices. The program, slated to start in September, could expand globally.
The Maze ransomware gang is continuing to exfiltrate data from victims before crypto-locking their systems, then leaking the data to try to force non-payers to accede to its ransom demands. Don't want to play ransomware gangs' latest games? The only way to opt out is by planning ahead.
Time for another internet of things update nightmare: Researchers have found that a little-known but widely used TCP/IP software library built into millions of internet-connected devices has 19 flaws that need fixing. Developer Treck has issued fixes, but how many vulnerable devices will end up patched?
The Trump administration's continued press against China snared an unintended victim: America's own influence over 5G standards development. But the U.S. Commerce Department says a new rule will free U.S. firms to work with any company, including China's Huawei, on developing new telecommunications standards.
A new research paper describes a side-channel attack technique that could enable hackers to eavesdrop on a conversation by tracking vibrations in a hanging ligh bulb.
Southeast Asia has become a hotbed for cybercrime activities, says Anthony Bargar, former deputy CISO of the U.S. Department of Defense, who says enterprises in the region need to take a collaborative defense approach to respond to this new threat environment.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.