19 October 2018

IRM Weekly Cybersecurity Roundup: IoT Code of Practice and more

Each week, IRM gathers up (what we think) are the most interesting and important reads from the cybersecurity industry. The weekly roundup will include good and bad examples of cybersecurity practice and thought pieces from across the globe – all summarised in one handy place for your regular news top-up.

Department for Digital, Culture, Media & Sport releases IoT Code of Practice

The Department for Digital, Culture, Media & Sport (DCMS) has launched a Code of Practice to advise IoT manufacturers on how to improve security.

With an estimated 420 million IoT devices in use across the UK by 2020, the Code has been designed to ensure businesses strengthen the cybersecurity of their products at design stage. This includes eliminating the use of default passwords and keeping software updated.

HP Inc and Centrica Hive Ltd are the first organisations to sign up to commit to the code. Due to the difficulty in legislating this type of security best practice, it’s hoped that other organisations will follow suit.

You can read more here.

You can read the DCMS’ full report here.

UK Prime Minister calls for action on cyber-attacks

At the EU summit in Brussels, Theresa May urged other EU leaders to create new schemes aimed at finding those responsible for cyber-attacks.

With the understanding that malicious cyber activity causes “harm to our economies and undermines our democracies”, May called upon leaders to increase protection against attacks, as well as enforcing consequences for perpetrators.

Once the EU has finalised cybersecurity laws before the final session of EU Parliament in April, May plans to continue to co-operate closely with the EU on security matters.

You can read more here.

NCSC publishes report on publicly available hacking tools

In the first report of its kind, the UK’s National Cyber Security Centre (NCSC) has collaborated with the US, Australia, Canada and New Zealand to produce a publication on “publicly available hacking tools”.

The report is based on research from cybersecurity authorities across the different nations. The findings highlight five publicly-available tools which are commonly used by hackers. To help other cybersecurity firms, network defenders and system administrators, the report provides advice on how to limit the effectiveness of these tools.

The tools covered in the report are JBiFrost, China Chopper, Mimikatz, PowerShell Empire and HTran. Each tool comes with examples of use, capabilities and how you can protect systems from these tools.

You can read the report here.

Huawei accused of trying to steal semiconductor technology

CNEX labs, a Californian-based semiconductor and software company, has accused Huawei of stealing their technology.

Despite a lawyer for Huawei denying the claims, the legal battle has stemmed from a previous Futurewei (Huawei subsidiary) employee who went on to co-found CNEX Labs. CNEX and Huang accused Huawei and Futurewei of trying to obtain his intellectual property by hiring him and pressuring him to sign an employment agreement with unlawful terms as a way to steal CNEX’s secrets, according to the lawsuit.

You can read more here.

Global cyber skill gap estimated at 3 million

A report from (ISC)² has revealed that the World’s cybersecurity skills gap currently sits at near 3 million.

Around two-thirds of organisations questioned felt their business was at risk of cyber-attack due to the lack of skills available. In response to these concerns, over half of businesses seek to enhance their workforce by 2030. As more short-term solution, many businesses are seeking cyber security certification to enhance knowledge and skills.

The report comes at a time when even the National Cyber Security Centre are suffering from it’s own “digital skills shortage” when trying to recruit people with the required technical knowledge.

You can read more here.

To receive this blog post direct to your inbox every week, sign up to our newsletter.

If you’re looking to enhance the cybersecurity skills in your organisation, take a look at the IRM Academy. If you have any questions about this week’s roundup or want to know how IRM can support your cybersecurity strategy, get in touch.