"Vast Majority of xIoT Devices Out of Compliance With Industry Best Practices"

Phosphorus Labs reported that 99 percent of Extended Internet of Things (xIoT) device passwords violate industry best practices. The study discovered that 68 percent of xIoT devices have high-risk or CVSS scores of 8-10. According to the report, 80 percent of security teams are unable to identify the majority of their xIoT devices. According to Bud Broomhead, CEO of Viakoo, the issues identified by Phosphorus are genuine, but the solutions are not so simple. Broomhead stated that knowing that IoT devices are functioning properly through service assurance is also a component of hardening and securing devices. Discovering IoT devices and assessing their vulnerabilities is critical, but it is also a problem that has already been solved by leading vendors such as Armis, Forescout, Nozomi, and others. More emphasis should be placed on adding unique IoT and IoT application data to discovery and configuration management database solutions, so that records of historical operations can be used to harden and secure IoT systems. Phosphorus Labs’ new findings should concern leaders from supply chain to engineering. The percentage of vulnerable devices is a direct result of designing without regard for security or lifecycle. Security requirements must sit alongside functional requirements and be considered when a product is conceptualized. This article continues to discuss xIoT devices being out of compliance with industry best practices.

SC Media reports "Vast Majority of xIoT Devices Out of Compliance With Industry Best Practices"