The combination of technological advancement and rising cybercrime has resulted in contradictory implications affecting the smart home market. We will discuss the actions that need to be done by both consumers and vendors to improve cyber security in order to deal with one of the greatest challenges in our industry today. This post is the second part of a series in which Essence experts shed light on the different smart home cloud-based services available for service providers who are looking to leverage their IoT network.
We live in an era where everything is open and easily accessible. With the continuing rise of social media and the growth of IoT, people are sharing personal information without giving much thought about the potential risks lurking in cyberspace.
Unsurprisingly, we are also witnessing the rise of cybercrime, including identity theft, ransomware, and the leakage of personal information due to data breaches as demonstrated by the graph below.
Data Breaches and Records Exposed, 2007-2016[1]
Many of us are aware of the multiple cyberattacks from recent months such as the 412 million user accounts exposed in the FriendFinder Networks hack, or the massive global ransomware attack that shut down work at 16 hospitals across the UK. One of these recent cyberattacks is especially relevant for the smart home industry: the Mirai attack.
The Mirai attack was a distributed denial of service attack (DDoS) on DNS provider Dyn which took place last October and managed to disrupt an array of the internet’s biggest websites, including Spotify, Twitter, and PayPal[2]. This attack is infamous for targeting connected household consumer products and using them as a botnet: a collection of internet-connected devices that are infected and can be remotely controlled by a third-party, without their owner’s knowledge. It affected cameras, alarm systems, and personal routers, and spread quickly. The damage was quite substantial. People might not even realize that their internet-enabled webcam was responsible for attacking Netflix[3].
The combination of technological advancement and rising cybercrime has resulted in contradictory implications affecting the smart home market. On the one hand, there has been an increase in the use of IoT devices, and the recognition by consumers that a smart home can really help to make their life easier. On the other, hand media coverage of cybercrime has raised awareness about the importance of protecting privacy and personal information, causing potential customers to fear IoT, which in turn has slowed the penetration of such devices into our homes.
This situation is one of the greatest challenges in our industry today and leads to the question:
How do we prevent cyber-crime from happening, or at least minimize the risk of its occurrence?
The good news is that we can deal with this challenge. But dealing with it effectively requires action from both consumers and vendors.
Consumers connect many different types of IoT devices from multiple vendors in their homes. All of these open their own pathways to the network and have different degrees of security levels. It is important that consumers manage each one of these device as if they are the critical point of danger to their home network. Users must ensure that they take the highest level of care for each device. As a consumer, there are many things that we can do to enhance and increase the security level. We can keep our personal systems and equipment safe and secure with some basic precautions:
- Passwords – change the default password for your devices
- Make sure the software in all your devices is up to date – this ensures that all of the vendors’ latest security measures are activated
- Configure security levels of your mobile phone to the highest settings
- Have a cybersecurity policy- For example avoid using links or answering e-mails from an unknown source, don’t share personal information.
- Use parental controls
- In the absence of a holistic solution, use an IoT security device to protect your network
However, it is incumbent on the industry to conform to the highest standards and not leave the security up to the consumer.
As a vendor, we design our products to be secure, by adding security layers and mechanisms that prevent the exploitation of these products, IoT devices, and consumers’ personal information. Connected home platform vendors provide an ecosystem that combines many of these devices within an umbrella of an end-to-end home management system. This includes local connectivity with both proprietary wireless protocols and industry standard protocols such as WiFi, Bluetooth, Z-Wave, and ZigBee.
Therefore, vendors are in a crucial position to integrate built-in cybersecurity solutions that will protect the entire system in all its connectivity channels and interactions. The advantage of these platforms is that they have transparency to every element connected to the system. These platforms can therefore provide users with alerts when any part of the system has been breached or shows a weakness.
Here at Essence, as a company with over 20 years of experience and proven capabilities in the virtual and physical world, we already have solutions that embed our experience and advantage of combining solutions from the worlds of IoT and physical security world into a single user experience, providing a safe zone for our users. We believe that the future of security of home networking lies in effectively detecting and managing all threats – from the physical world, cyberspace, or the IoT – to provide a unified, holistic solution to customers.
The writer of this post is Yehuda Kaufman, Essence Cyber Director, responsible for cyber security developments and roadmap definition.
———————
[1] http://www.iii.org/fact-statistic/facts-statistics-identity-theft-and-cybercrime
[2] https://www.symantec.com/connect/blogs/mirai-what-you-need-know-about-botnet-behind-recent-major-ddos-attacks
[3] https://www.incapsula.com/blog/how-to-identify-a-mirai-style-ddos-attack.html
