Sponsored: Our homes are targets for cyber crime writes Michael Schachter
Every device in every home that is connected to the Internet through a router is vulnerable to malware infection, phishing and ransomware attacks, botnets and privacy intrusions.
These can lead to anything from an annoyance to loss of valuable data and money. But the situation is not static. We are making it worse by converting our homes into smart homes. That’s not to say that we are at fault for the attacks.
But we are opening the door to more attacks by providing more and more devices that can be attacked on our networks. For sure, smart homes will make our lives easier. But without proper attention to security, our own homes can turn against us.
When it comes to security, many smart devices are not that smart. Devices such as light bulbs, surveillance cameras and household appliances are often designed around very basic computing architectures that are robust enough to execute their primary tasks. But they do not have the resources to support cybersecurity software. Even if some do have basic security built-in, most end users do not make the effort to change default passwords or to use settings that could prevent attacks.
What’s worse is that with a growing number of smart devices attached to the network, each one acting as a doorway into the network, the likelihood of an attack increases along with the likelihood that one of those doorway devices will infect other devices in the network. Our home is supposed to be our fortress, but not if we leave all the doors and windows open and unprotected.
Smart Homes and IoT are already big business and they are going to be huge. According to Statista, the global Smart Home market is expected to reach $139B in 2023, increasing by 60% by 2027 to nearly $223B. Frost & Sullivan estimates that by 2025, a family of 4 in developed markets will own an average of 47 devices.
Despite the worldwide penetration of smart devices in homes, it is unlikely that most manufacturers will take security into serious consideration when designing their new products. And why should they when their end users are not likely to activate security features in most cases? Regulation could eventually require smart home device manufacturers to incorporate more security features in their devices. But the ultimate decision whether or not to be protected falls into the hands of the end users. Not an optimal scenario.
Lots of devices to protect and lots of vulnerabilities
On lists of ‘Steps you can take to protect yourself from cyber attacks’, one recommendation that inevitably appears is ‘educate yourself about cyber attacks’. This is advice given to people who do not change their default passwords or update their operating systems.
Endpoint cybersecurity solutions have their merits, as long as the end user is able and willing to install, configure and maintain the definitions and updates on each device they want to protect – which is a rare occurrence. In a smart home, or even in a home with connected computers, phones and perhaps a few smart devices, endpoint solutions are unwieldy. And what’s worse, many smart devices do not have the capacity to run endpoint security software. For example, while your smart TV or surveillance cameras are connected to the home router, and thus to all of the other devices on the network, there is no way to individually protect each device with software-based endpoint solutions.
Consumers need to be very tech savvy to be their own CISOs
Installing and maintaining endpoint security and firewall protections in the home is not a simple task for most, but without those protections, laptops; tablets; smartphones connecting to Wi-Fi; and IoT devices, such as smart speakers, smart TVs, networked appliances, surveillance cameras, and even solar panel installations, are at great risk of compromise. Most home networks include devices with software, firmware, or operating systems (OSs)—iOS, Android, MacOS, Linux, Windows, etc.—that users have not updated in months and some devices are so old that manufacturers no longer provide security updates.
What does a network-native security service look like?
All is not lost. Broadband providers can step in and offer their subscribers a set of cybersecurity services that operate directly within the operator’s network. A network-native solution can be easily provisioned to subscribers who can then easily configure the service to protect the devices connected to the router, via a single unified interface such as an app or the operator’s portal. Even without special configuration, they are immediately protected from many threats because the default settings already deliver upgraded security.
This can empower consumers and small offices to set a higher security standard for all devices, regardless of the OS. For customers who have home internet and mobile internet from a converged network operator, the solution ensures smartphones, wireless telecom-capable tablets, and laptops connected to both smartphone hot spots as well as the home router, will have the same clean incoming and outgoing network traffic everywhere, regardless of location.
Network operators are uniquely positioned to offer cybersecurity that protects the whole home network and all the devices connected to the home router. This also holds true for small businesses using a CPE business router in addition to mobile connectivity.
This set of circumstances offers the network operator a unique opportunity to be the primary provider of cybersecurity to consumer and small business customers. They manage all the traffic to and from the customer’s router, smartphones and other connected devices.
They already have a relationship with their customers and have multiple touchpoints making it easy to onboard customers to a new security service and, according to a consumer survey by Allot, 82% of respondents believe that the internet provider should manage security for subscribers’ home and small business networks, either for an additional fee or as a premium connectivity/security bundle.
Network operators have a number of options when it comes to offering cybersecurity to their consumer customers. For mobile service providers, software running in the core network can protect individual mobile users by isolating suspicious and known malicious sites and URLs so that they can be blocked when end users try to link to them.
This, in practice, makes it impossible for attacks to get started. Phishing, ransomware, viruses and other types of malware often rely on human error. When that avenue is blocked, attacks cannot get off the ground and subscribers are, therefore, protected. These types of service can be offered as part of the core offering to act as a differentiator for consumers who are increasingly aware of dangerous internet traffic.
For fixed broadband providers, the home or small business router plays an important role in protecting the subscriber and all the devices connected to their network. In addition to the core network element in the cybersecurity solution, the network provider can also insert a thin client into the router which is regularly updated ‘over the air’ with definitions from a cloud-based resource which itself is frequently updated from multiple sources of threat definitions. The router can then identify and protect the devices connected to it from attacks, rendering the whole network protected from cyber threats.
For both mobile and fixed broadband solutions, content filtering controls can also be a part of the package. This gives parents and office managers the peace of mind that their children/employees are protected from malicious sites and content that should not be accessed. When a network operator implements both mobile and fixed cybersecurity solutions, they can offer a powerful service that protects their customers at home, at work, and on the go.
Not only can cybersecurity be a consumer service that satisfies the demands of customers. It can also be a new source of recurring revenue. And because onboarding requires no effort on the part of the subscriber, adoption rates can be exceptionally high. Best of all, surveys and real world deployments convincingly show that consumers will pay for built-in network-native security. It turns out that, for network operators, consumer security pays.
About the author