sb-au logo
Story image

Secure Logic calls on Federal Govt to introduce IoT regulation

07 Nov 2018

Secure Logic CEO Santosh Devaraj has called on the Federal Government to follow the lead of the United States and United Kingdom by introducing regulation that mandates security practices for Internet of Things (IoT) device manufacturers (both products made in Australia and imported).

Devaraj said Australia is at risk of falling behind other nations in relation to IoT security and a lack of action is sending a clear message to global hackers that we are an easy target.

In September, the Californian Government legislated IoT device security and earlier this month, the UK Government introduced a voluntary ‘Code of Practice’ for IoT device manufacturers.

Devaraj says, “From improving our health to increasing productivity and fixing pollution, connected devices have a huge role to play in society, but this shouldn’t come at the cost of our privacy and personal information.

“The vast majority of people are not aware of the significant risks posed by unsecured IoT devices, and government and the cybersecurity industry must work together to empower Australians to take more control of their data security.”

Secure Logic has noted an approximate 600% increase in IoT-related attacks detected via its 24/7 cybersecurity monitoring platform over the last 12-months.

In certain instances, these attacks are undertaken to obtain sensitive information or instigate ‘zombie’ distributed denial of service (DDoS) attacks.

A compromised IoT device can allow hackers access to the entire network, enabling them to bypass existing security controls, and leverage these IoT devices to plant and execute more attacks.

Historically, these attacks have come from East Asia and Eastern Europe, but in recent months Secure Logic’s systems have increasingly identified intrusion attempts from emerging hacking communities in the Middle East, Brazil and Chile.

Specifically, Secure Logic is calling on the Federal Government to introduce:

  • A requirement for manufacturers to give each device a unique password, rather than offering a default password that comes with every device (which is more susceptible to hackers).
  • A mandated process around software updates that ensures customers are prompted when key patches are available.
  • Investment in a nation-wide education program to illustrate the simple steps people can take to protect their personal information when using connected devices. 

Devaraj says, “At the top of the Government’s list should be mandated password protection. Too often manufacturers are letting customers use a blanket password which is easily side-stepped by hackers.

“There is also work to do in terms of manufacturers monitoring for risks and issuing software updates to better protect customers. If the proper investment is made in the product development phase, security can be managed without a detrimental impact on cost or customer experience.

“With documented cases of baby monitors, share bikes and pacemakers being hacked, the stakes are high. It’s not in anyone’s interest to create a scare campaign around this issue,” he says.

“However, more education is pivotal in driving improved security outcomes and more action from manufacturers,” he continues.

According to Telsyte data, the smart home automation market is forecast to grow from $231 million in 2015 to more than $5 billion next year, with an adoption curve resembling that which made technology like the internet and mobile phones a ubiquitous presence in everyday life.

Devaraj says regulation will also become a focal point for corporations in the years ahead as Industrial IoT (IIoT) becomes a mandatory part of a business and the technology controlling the nation’s factories, farms and trucks. 

Secure Logic will be engaging with the cybersecurity industry to build support around the measures and eagerly awaits the findings of the Federal Government-funded research paper ‘The Internet of Things: Maximising the benefit of deployment in Australia’ being conducted by the Australian Council of Learned Academies.

Download image
Think your emails are safe from cybercriminals? Think again
In the coming year, only 60% of organisations believe an attack will come from an email - but the reality is much different.More
Story image
Why DX is not complete without a transformed security architecture
Secure Access Services Edge (SASE) is the process by which core WAN edge capabilities like SD-WAN, routing, and WAN optimisation at branch locations are integrated with cloud-based security services like secure web gateways, firewall-as-a-service, cloud access security brokers, and more.More
Story image
Fortinet resolves to help communities through new Corporate Foundation
“Through the establishment of a Corporate Foundation, we are extending investments in security training and education, employee community engagement and disaster relief efforts to empower and protect our communities, as well as positively impact our business, employees, customers and shareholders.”More
Link image
Don't be fooled: Cyber risks haven't slowed down
Cyber attackers become smarter and more efficient every day. Here's why it's more important than ever to invest in remote security tools.More
Story image
Okta, CrowdStrike, Netskope and Proofpoint create shared zero trust security strategy
Okta, CrowdStrike, Netskope and Proofpoint have joined forces to develop and launch an integrated, zero trust security strategy, stating that this is crucial for today’s digital and remote working environments.More
Story image
54% rise in gaming-related cyber attacks recorded in April
Social isolation measures, widely implemented throughout the world during March and April, has been linked to both the increase in engagement for gaming and a corresponding boom in game-related cyber attacks.More