A WORLD FIRST
Zhero Cybersecurity & IT Support
London's #1 end-to-end business Cybersecurity & IT Support for SMEs.
LEGISLATION FORBIDS DEFAULT PASSWORDS
The UK has made history as the first nation to ban the sale of IoT devices with default passwords through new legislation effective April 29, 2024. This law encompasses a wide range of IoT devices and potential scenarios, with its primary provisions clearly outlined by the UK National Cyber Security Centre (NCSC). In an announcement which almost speaks for itself, the NCSC said :
“The manufacturer must not supply devices that use default passwords, which can be easily discovered online, and shared. If the default password is used, a criminal could log into a smart device and use it to access a local network, or conduct cyberattacks.”
The new UK law known as the Product Security and Telecommunications Infrastructure Act (PSTI) , will compel vendors and manufacturers to adopt a long-overdue security standard for IoT devices.
IoT SECURITY RISKS
IoT devices face significant security challenges . While the specific challenges are new, the overall problem of hackers is something we’ve dealt with since the Internet began. Here are the main IoT security risks that we need to contend with:
WHY UNIVERSAL AND WEAK PASSWORDS ARE A BAD IDEA
The first step in protecting IoT devices is through authentication , which verifies the identity of a user or process. Access to a device is granted using an identifier (such as a username) and is authenticated to prove the user’s identity. Authentication methods include:
Weak passwords pose a significant risk, emphasizing the importance of not using universal default passwords. Every device has attack surfaces, which are the points that unauthorised users can exploit to access or retrieve data from the device.
Weak passwords typically have the following vulnerabilities:
领英推荐
PSTI AND UNIVERSAL PASSWORDS
The fledgling PSTI act means that the days of weak or universal passwords for IoT devices are numbered, if not over altogether. According to the NCSC , the law will help consumers choose smart devices that have been designed to provide ongoing protection against cyberattacks. The law requires manufacturers to ensure that all their smart devices meet basic cybersecurity standards. Specifically:
WHICH DEVICES ARE AFFECTED?
The law aims to enforce a set of minimum security standards across various internet-connected products to prevent vulnerable devices from being exploited in DDoS botnets like Mirai. It applies to:
Companies that do not comply with the PSTI Act face potential recalls and financial penalties, with fines up to £10 million ($12.5 million) or 4% of their global annual revenues, whichever is higher.
CYBERSECURITY – A MUST-HAVE FOR IoT
The future is potentially a bright one for SMEs that incorporate IoT into their processes and strategies. Izak Oosthuizen, the Founder and CEO of Zhero , says in his latest bestseller, You Don’t Need a £1 Million Cybersecurity Budget :
“SMEs are starting to buy into IoT technology. In 2021, 70% of UK small businesses were already looking into using IoT platforms to optimise operations, improve customer experience, and monitor their inventory.”
That said whether an SME is simply dripping its toe into the IoT pool, or taking the plunge, cybersecurity should be at the forefront of every decision it makes. Zhero is London’s #1 end-to-end cybersecurity and IT support company for SMEs . Our cybersecurity and risk solution, Protect IT Better ,? has been carefully crafted and developed to proactively nurture and build a sustainable cybersecurity environment giving your business a competitive advantage. Reach out to us today and find out how we can crush your IT chaos.