Two U.S. government agencies have released security guidance documents focusing heavily on IoT security following a series of massive distributed denial-of-service attacks that leveraged IoT devices using default security settings. Both the Department of Homeland Security (DHS) and the National Institute of Standards and Technology(NIST) have released recommendations for how to approach security for the internet of things (IoT). Experts said the IoT security guidance from DHS focuses on the basics, while NIST offers more of a how-to for businesses.
[...] Jamison Utter, vice president at IoT cybersecurity firm Senrio, said "it's important at this phase for any governing body to set for things that are high-impact, but very achievable."
"For example, in the 'Incorporate Security at the Design Phase' section is to enable security by default," Utter told SearchSecurity via email. "This single recommendation of changing default passwords would have a profound impact on simple compromises -- and 90% are simple. Mirai, for example, uses default passwords."
Full Article
[...] Jamison Utter, vice president at IoT cybersecurity firm Senrio, said "it's important at this phase for any governing body to set for things that are high-impact, but very achievable."
"For example, in the 'Incorporate Security at the Design Phase' section is to enable security by default," Utter told SearchSecurity via email. "This single recommendation of changing default passwords would have a profound impact on simple compromises -- and 90% are simple. Mirai, for example, uses default passwords."
Full Article