Welcome to the November 2023 edition of IoT Insider, your go-to source for the latest news and trends in the world of Internet of Things. In this edition, we bring you a curated selection of news and regulations to keep you informed and empowered in the digital age.

1.    Cyber Threats on the Rise | Protect Your Digital Fortress!

As technology advances, so do the risks. We highlight the latest cyber threats making headlines, from sophisticated ransomware attacks to data breaches affecting millions.

• A security researcher has published a Proof of Concept (PoC) exploit for Wyze Cam v3 assets, offering the ability to open a reverse shell and possibly takeover of that asset
• During the Pwn2Own Toronto 2023 hacking event security researchers targeted mobile and IoT devices
• This article "Sandworm Disrupts Power in Ukraine's Operational Technology" discusses a recent cyberattack carried out by a notorious hacking group known as Sandworm. The attack targeted Ukraine's Operational Technology (OT) systems, specifically the country's power grid

2. Global Cybersecurity Regulations | Navigating the Compliance Maze

Governments worldwide are tightening their grip on cybersecurity regulations. Stay updated on the latest compliance requirements, privacy laws, and data protection regulations that can impact businesses and individuals alike. We decode complex jargon and provide practical insights to help you navigate the compliance maze effortlessly.

• The Proposal for a Regulation laying down harmonized rules for artificial intelligence AKA as the EU AI Act will be finalized by the end of the year. The proposed EU AI Act aims to provide a legal framework for the development and deployment of AI systems in Europe. It includes provisions related to cybersecurity, transparency and accountability to ensure the safe and ethical use of AI technologies. In example what does this mean for IoT devices? The act will likely be adopted in early 2024 (before June 2024 European Parliament elections).
• EU Cyber Resilience Act (CRA), the Council removed explicit references to highly critical products mandated by the EU cybersecurity certification scheme. They now insist that impact assessment should be conducted before mandatory certification. Besides that, the product life time has change. The ITRE (Parliamentary Committee on Industry, Research and Energy) voted that compliance responsibility should be shifted to the product manufactures. The Council suggested and proposed assigning national CSIRTs. This is currently debated as it might pose a risk as it gives insight in national organizations weaknesses.
• The NIS2 requires adaptation of Zero Trust principles, overcoming shortcomings in implicit trust setups. Given rising IoT adoption, erosion of the corporate perimeter due to work-from-everywhere and increasingly sophisticated threats that exploit “trusted” users and subsequent devices for malicious purposes, leads to an expanded attack surface of an organization. Additionally, the NIS2 regulations also focus on securing the supply chain of operators of essential services.
• Digital Operational Resilience Act (DORA): The European Commission is working on the Digital Operational Resilience Act (DORA), which aims to establish a comprehensive framework for the operational resilience of the financial sector. This regulation will address cybersecurity threats and incidents impacting financial entities. As a result, DORA is expected to be adopted and into force early 2025.
• The Digital Markets Act (DMA) was legally implemented on November 1, 2022. The majority of its regulations became effective in May 2023, while the gatekeepers were officially appointed on September 6, 2023. These gatekeepers are required to comply with the DMA by March 6, 2024.
• The UK Cyber Security Council has announced the country's first cohort of chartered cybersecurity practitioners following the launch of its Cyber Security Governance and Risk Management and Secure System Architecture and Design professional standard pilot schemes last year.
• UK Parliament and committee have launched an inquiry into the cyber resilience of UK CNI. I will explore the progress of UK CNI toward achieving recently announced resilience targets by 2025, and what support the sector needs to achieve those targets and efforts to make computer hardware architecture more secure by design to protect CNI
• Did you know that 5G and healthcare assets do not fall under the RED directive? The RED directive has been postponed 1st of August 2025.
• Lastly an interesting read: UK Risk Register

3. Industry Spotlight | Cutting-Edge Innovations in Cyber Defense

Discover groundbreaking advancements and innovative technologies in the world of cyber defense. From artificial intelligence and machine learning to blockchain and quantum computing, we explore how these game-changing technologies are revolutionizing the fight against cyber threats. Get inspired by success stories and learn how to implement these solutions in your own digital ecosystem.

Blockchain-based Identity Verification

In traditional identity verification systems, personal information is stored in centralized databases that are prone to security breaches and unauthorized access. Blockchain, on the other hand, ensures the privacy and security of user information through cryptography and distributed consensus. With blockchain-based identity verification, decentralized identity verification system are being used to securely authenticate and validate user identities, reducing the risk of identity theft and unauthorized access. Read more about how blockchain can stream line manufacturing processes here.

4. Expert Interviews | Insights from Cybersecurity Gurus

Gain exclusive access to interviews with industry experts, thought leaders, and cybersecurity gurus. Uncover their strategies, predictions, and best practices to protect yourself, your organization, and your loved ones from the ever-evolving cyber landscape. Stay updated on emerging trends, emerging threats, and expert tips to stay cyber resilient.

Read this interview with Miri Ofir and Gili Yankovitch and learn why IoT assets are a very attractive targets, the threat landscape and how you can mitigate risks. Understand why firmware needs to be assessed to and why embedded security is "key" for maintaining a very strong security posture throughout the complete IoT device fleet!

5. Cybersecurity Awareness Corner | Empowering You with Knowledge

Knowledge is power! Our cybersecurity awareness corner equips you with practical tips, best practices, and actionable advice to enhance your online safety. Learn how to spot phishing attempts, secure your passwords, protect your personal information, and stay safe in the digital world. Be the cybersecurity champion your friends envy!

Want to know your national cyber security strategies? Check out Enisa’s interactive map and get familiar!

We hope you find this edition of The IoT Insider both informative and engaging. Stay tuned for more exciting updates in the next edition, where we'll dive deeper into the world of cybersecurity. Remember, vigilance and knowledge are key to staying safe in our interconnected world.

Stay secure, stay informed, and stay one step ahead!