The UK Government has released a draft code of practice designed to help manufacturers and end users better safeguard their Internet of Things (IoT) devices.

These practices have yet to be finalized, but this step by the government proves that if no action is taken, then Parliament will be forced to enforce legislation. The increased adoption of IoT devices poses a significant threat to both commercial and critical infrastructure and has left the government with no other option but to intervene.

The rapid pace of IoT device production and adoption has resulted in basic security safeguards being blatantly ignored. Gartner predicts that by 2020 there will be over 20 billion connected devices in the world, the vast majority of which being riddled with security vulnerabilities. Unlike our familiar computing platforms like regular operating systems, tablets, and smartphones where manufacturers are responsible to factor in security to their design, IoT devices are seldom, if ever patched, upgraded or hardened against misuse.

Both the internet-enablement of more devices, combined with the increased adoption of more function-rich application runtimes/environments, including full operating systems, has rendered these things much more vulnerable to misuse. And in a meshed-network world where everything has access to everything else, the potential for harm has increased exponentially, as the rapid and widespread of WannaCry showed.

A seminal moment where the IoT threat became real was the infamous Mirai malware attack which took down some of the most popular websites including Twitter, Spotify, and PayPal. From connected security cameras to DVRs and Smart TVs, the Mirai attacks were perpetrated by millions of cheap connected devices.

This advice is long overdue and signifies that the government is fully aware of the very evident risks IoT presents to both individual and public safety. While these best practices are still in draft form and the UK government hoped the free market would make these changes itself, inaction will force their hand, “if this does not happen, and quickly, then we will look to make these guidelines compulsory through law.”

Dealing with the potential threat posed by IoT devices first requires understanding what you have. Regularly scan for all network-connected devices and identify what they are. Anything new must be checked for how it operates, what its functions/capabilities are, and how it can be secured.

Changing default username and passwords is always a good first step in any successful hardening program, but disabling UPnP services where possible and firewalling where not, should be key. Thereafter System Integrity Monitoring is a key practice in determining if any suspicious activity has taken place that could represent an IoT based attack.

The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

Netwrix
6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)


[email protected]
 

United Kingdom

Netwrix
5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023


 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2023, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.