Closeup women eye being futuristic vision for biometric authentication to unlock security, digital technology screen over the eye vision background, security and command in the accesses. Surveillance and safety concept
03 Jun 2025

Lessons from the Field on Closing Compliance Gaps

Even with a strong compliance strategy, gaps can emerge. Whether due to evolving threats, overlooked vulnerabilities, or misinterpretation of standards, manufacturers must be prepared to identify and address weaknesses proactively.

The Most Common Compliance Gaps

Through industry audits and real-world case studies, three major issues repeatedly surface:

Weak Encryption Practices: A significant number of devices still rely on outdated encryption methods. For instance, 35% of tested products continue using TLS 1.2 instead of the more secure TLS 1.3. This leaves them vulnerable to data interception and cyberattacks.

Insecure APIs: Many industrial IoT devices expose unprotected API endpoints, making them easy targets for attackers. Without strong authentication mechanisms, hackers can manipulate device functionality or exfiltrate sensitive data.

Lack of Multi-Factor Authentication (MFA): Despite the critical role of MFA in preventing unauthorized access, only 22% of consumer IoT devices enforce its use. Implementing standards like FIDO2 can enhance security without compromising user experience.

Possible Scenario

An industrial automation firm could find itself struggling with insecure APIs, leading to repeated system intrusions. A possible solution could come from implementing OAuth 2.0 and conducting routine penetration testing, to achieve full compliance and improved operational security.

How to Proactively Close Gaps

Manufacturers can adopt the following best practices to avoid costly compliance failures:

Regularly Update Security Protocols: Stay ahead of evolving threats by transitioning to industry standard encryption and authentication mechanisms.

Implement Security by Design: Ensure security is an integral part of product development rather than a post-market fix.

Adopt Continuous Monitoring Tools: Monitor network traffic for anomalous behaviour and to identify threats. This approach can help detection and identify potential vulnerabilities before they become compliance violations.

Final Thought

The key to RED compliance isn’t just meeting the baseline – it’s staying vigilant in an ever-changing cybersecurity landscape.

Joakim Mark headshot
Joakim Mark

Technical Manager

Joakim Mark joined Intertek in 2021 as the Technical Manager for the Common Criteria Lab in Kista, Sweden, progressively expanding his role as lab manager and member of the IoT cybersecurity team in Kista, Sweden. Overall, Joakim brings more than 30 years of IT industry experience spanning both technical and strategic roles.

You may be interested in...