RED Directive: The Cybersecurity Compliance Countdown – Part 5

03 Jun 2025
Lessons from the Field on Closing Compliance Gaps
Even with a strong compliance strategy, gaps can emerge. Whether due to evolving threats, overlooked vulnerabilities, or misinterpretation of standards, manufacturers must be prepared to identify and address weaknesses proactively.
The Most Common Compliance Gaps
Through industry audits and real-world case studies, three major issues repeatedly surface:
Weak Encryption Practices: A significant number of devices still rely on outdated encryption methods. For instance, 35% of tested products continue using TLS 1.2 instead of the more secure TLS 1.3. This leaves them vulnerable to data interception and cyberattacks.
Insecure APIs: Many industrial IoT devices expose unprotected API endpoints, making them easy targets for attackers. Without strong authentication mechanisms, hackers can manipulate device functionality or exfiltrate sensitive data.
Lack of Multi-Factor Authentication (MFA): Despite the critical role of MFA in preventing unauthorized access, only 22% of consumer IoT devices enforce its use. Implementing standards like FIDO2 can enhance security without compromising user experience.
Possible Scenario
An industrial automation firm could find itself struggling with insecure APIs, leading to repeated system intrusions. A possible solution could come from implementing OAuth 2.0 and conducting routine penetration testing, to achieve full compliance and improved operational security.
How to Proactively Close Gaps
Manufacturers can adopt the following best practices to avoid costly compliance failures:
Regularly Update Security Protocols: Stay ahead of evolving threats by transitioning to industry standard encryption and authentication mechanisms.
Implement Security by Design: Ensure security is an integral part of product development rather than a post-market fix.
Adopt Continuous Monitoring Tools: Monitor network traffic for anomalous behaviour and to identify threats. This approach can help detection and identify potential vulnerabilities before they become compliance violations.
Final Thought
The key to RED compliance isn’t just meeting the baseline – it’s staying vigilant in an ever-changing cybersecurity landscape.