Insider Threat | Breaking Cybersecurity News | The Hacker News

After decades of frustration, downstream users are about to get laws and regulations passed to force upstream IoT manufacturers to produce more secure IoT devices. This seems like a good thing, however, we are about to see an enactment of how new laws and regulations work to the advantage of big companies and to the disadvantage of small companies, eventually driving the latter out of business. As presented by Ruchir Sharma in his excellent book [1] , regulations tend to favor large companies for two reasons: (1) large companies can afford the necessary resources to conform to the new laws and regulations and (2) large companies have the necessary resources to shape the new laws and regulations to favor themselves. Although these may be well-intentioned, initially, the eventual result is that smaller companies are forced out of business and only the large companies survive. Are we about to see this scenario play out for IoT device manufacturers? That is the subject of this paper. The

Privileged Identity Management (PIM): PIM is described as a service within Microsoft Entra ID, designed to manage, control, and monitor access to crucial organizational resources, encompassing Microsoft Entra ID, Azure, and other Microsoft Online Services like Microsoft 365 and Microsoft Intune. In the cybersecurity landscape, Privileged Identity Management (PIM) emerges as a pivotal element, but its effectiveness in managing privileged access is subject to scrutiny. Integral to the broader identity and access management (IAM) framework, PIM's role in upholding the least privilege and just-in-time access principles is increasingly questioned amidst evolving digital threats. While theoretically vital for risk mitigation and regulatory compliance, the practical application of PIM, especially in complex cloud and IT environments, often reveals limitations in its ability to adapt to sophisticated cyber threats. This dichotomy between PIM's intended role and its real-world effica

Patching and updating is pretty much baked-in to the thinking, standards, and coming legislation of the device security community. Yet  isolation via partitioning  is another viable approach for security, and it comes with many advantages. Patching The primary advantage of patching and updating known vulnerabilities is that the vulnerabilities are usually permanently fixed. Hence the fix is demonstrable for standard and legal compliance. Some problems with this approach are: Modern IoT device firmware has tens, hundreds, even thousands of components, and components routinely come with dozens of their own dependencies [1] . Finding vulnerabilities in components of an SBOM is not an easy process. There are several databases, and component identification is not consistent [1] Achieving 100% complete and accurate SBOMs is still an elusive goal [1] . A high percentage of vulnerabilities in components are not exploitable [1] . Fixing non-exploitable vulnerabilities is, of course, a w