Latest News

Five Eyes partners unveil new edge protections

By staff reporter

The National Cyber Security Centre, along with its Five Eyes cyber security agency partners in Australia, Canada, New Zealand and the US, has issued new guidance designed to help counter sophisticated malicious attacks targeting edge devices.

The guidelines aim to encourage device manufacturers to include and enable standard logging and forensic features that ensure robust security by default, and simplify post-breach investigations.

Routers, smart appliances, IoT devices, sensors, cameras and other edge devices are particularly vulnerable to hackers as they often handle important data and connect directly to external networks.

Commenting on the announcement, NCSC technical director, Ollie Whitehouse, said that “in the face of a relentless wave of intrusions” the guidance sets what the Five Eyes partners collectively consider as the minimum standard required to meet the contemporary threat.

“In doing so we are giving manufacturers and their customers the tools to ensure products not only defend against cyber attacks but also provide investigative capabilities [required] post intrusion,” he added. “Alongside our international partners, we are focused on nurturing a tech culture that bakes security and accountability into every device, while enabling manufacturers and their customers to detect and investigate sophisticated intrusions.”

Commenting on the publication of the new guidelines, Juliette Hudson, CTO of cyber security management platform provider, CybaVerse, said that today “all businesses are digital businesses” expanding the enterprise attack surface.

“Having good visibility across network assets and running proactive monitoring for threats are essential, but device manufacturers also have a key role to play and it is essential they practice good security hygiene in the development process,” she added. “Device manufacturers must ensure their tools are manufactured with unique passwords and they should also offer users the ability to apply security patches to mitigate vulnerabilities.

“No products are ever made perfectly, so developers must take into account that vulnerabilities in their products could surface in the future, so customers must have the ability to apply timely patches when required.”


Share Story:

YOU MIGHT ALSO LIKE

Risk leaders cement influence on corporate strategy

CMC launches first ever cyber event severity scale

Accurex joins Charles Taylor’s adjusting network


BANNER

Resilience Rooted in Reality
In this podcast, CIR speaks to CLDigital’s Tejas Katwala about why organisations must move beyond checklist compliance to build living, data driven resilience. He explains how rethinking governance, risk and compliance, breaking down silos and focusing on value streams can create sustainable, real time resilience that is rooted in the way businesses actually operate today.

Building cyber resilience in a complex threat landscape
Cyber threats are evolving faster than ever. This episode explores how organisations can strengthen defences, embed resilience, and navigate regulatory and human challenges in an increasingly complex digital environment.

© 2019 Perspective Publishing     Privacy & Cookies