At Valkyrie we provide clients with both physical and technical/cyber reviews at residential and corporate properties. In the past year we have seen a rise in the number of cyber security reviews conducted and experienced first-hand how breaches and cyber related issues affect clients. It was interesting to see, therefore, a press release (29 April) entitled, ‘Starting gun fired on preparations for new product security regime’ from the Dept. for Science, Innovation & Tech on the govt website. It’s an interesting article concerning Cyber Security, informing us that a Product Security and Telecommunications Infrastructure regime will come into effect on 29 April 24.
What does the plan include? Requirements for manufacturers to implement minimum security standards on all consumer products with internet connectivity such as smartphones, smart speakers, games consoles, and smart doorbells before they can be made available for purchase.
What are the benefits of this? Our Director of Cyber Security, Gurpreet Thathy explained that this is a step in the right direction and is a long time coming. He said that manufacturers would think about security by design rather than as a bolt-on post manufacturing, which is excellent as the former, although sometimes challenging, will mean security features are built in rather than an afterthought. This, in turn, will enhance customers’ trust in the products. He explained that when a user feels confident that the privacy and security of their data has been thought about and is secure, they are more likely to use and recommend the product.
What does this mean? The new measures will introduce, amongst other things, the banning of universal default passwords. Only last week, when Gurpreet was on a security review in France, he was able to gain access to more then 45% of the devices on the client’s network by searching for the default passwords. He also came across several devices which were not patched. However, the reason for these not being patched was due to the devices being out of support. With this new regime, manufacturers will have to inform the consumer of the support period at purchase so they will be able to plan ahead.
In summary, the regime will be the first anywhere in the world to require minimum cyber security requirements before consumer connectable products are made available for sale and will provide several advantages, including growing trust, protecting users’ privacy/data and preventing reputational damage and loss. However, like all legislation it will be difficult to get right especially in the ever-evolving cyber-attack arena where new vulnerabilities appear on a near daily basis, this needs to be constantly looked at, updated and improved on to minimise the risk of breaches.