Industry oracle Gartner predicts almost 21 billion IoT connected devices in a mere three years, which is borne out by smart device manufacturers rushing connected devices to market as though it's a new gold rush.
It is good to know that we can remotely crank our smart thermostat up as we hurry home from work on a chilly winter evening. Smart devices are perhaps even more attractive when we monitor our home while we're lying on a sun-drenched beach a thousand miles away, all from a smartphone app.
But smart devices are also dumb. They can't fend off cyber-attacks, they won't alert us if somebody is probing our device from the Internet, and they won't raise a red flag if suspicious activity is detected on our network.
Smart devices simply do not have the capacity to incorporate powerful and sophisticated cyber security software, nor even simple security tools that are now standard for home and business computing.
Bluntly put, device manufacturers often overlook security in the face of economic pressures to bring their IoT products to market quickly. This leaves consumers in a precarious position:
- Consumers simply don't have the knowledge to secure smart devices and it's unrealistic to expect them to do so. A carmaker doesn't sell a car and expects the driver to adjust brake linings and carburettor settings, so why do smart device manufacturers expect users to secure the appliances they sell?
- People leave default passwords in place not understanding how vulnerable connected devices are. It's frighteningly easy for hackers to discover default passwords and develop malware designed to exploit and gain control of these devices
- Some devices don't have passwords, while others have passwords embedded into the firmware that operates the device so they can't be changed even if a user wants to do so
- Some devices don't encrypt data that travels between the device and its cloud-based service -enabling hackers, and even manufacturers, to invade a person's home and completely dismember the concept of privacy
These dangers are not theoretical; they are very real. We've already seen a swathe of high-profile websites taken down in the recent DDOS attack launched from the Mirai botnet of compromised IoT devices. Another attack used smart TVs and refrigerators. Hacked smart devices have also already been discovered for sale on hacker forums.
What can be done? Some security vendors have begun bringing smart security products to market, but these are basically pre-existing technologies that have simply been repackaged in a new hardware. They generally consist of a basic firewall and web filtering proxies.
But these features alone don't guarantee security. What's needed is an enterprise-grade network security service delivered in a way that is easy for consumers to use. Here are the five things needed to ensure consumers have the highest level of multi-layer protection:
- Automatic Device Discovery and Categorization to discover all the devices on a home Wi-Fi network and provide a tailored security policy for each device to enable constant monitoring and mitigation of both internal and external attacks
- Smart Firewall capabilities, keeping home networks and smart connected devices secured from malicious activity and hacking attempts
- Smart Intrusion Detection and Prevention Systems that are constantly updated by the latest threat detection policies specifically designed to address and detect IoT vulnerabilities
- Secure Web Proxy that provides secure web access to all smart connected devices on a user's network
- Network Behaviour Anomaly Detection which uses a cloud-based security engine that continuously analyses every device on the home network and uses advanced proprietary algorithms to detect anomalous network behaviour - and crowdsourced data from the security community to ensure the latest vulnerability and attack signatures are updated in real-time
These features may seem a little technical for the average user, but together they deliver the most powerful smart home protection available today. More importantly, this deep protection can be disarmingly simple to use.
This level of security is very high and more akin to what is being used by a large enterprise, and it also frees up people to enjoy their smart devices (whether kettles, toasters, thermostats, lighting systems, locks, baby cameras and more) with peace of mind.
Yes, the IoT gold rush is on - which is all the more reason that it's time to keep the bad things out and demand the highest level of privacy and security that the smart device market so desperately needs right now.
Get it right and those times on sun-drenched beaches can be enjoyed as they should be; without the worry that our smart homes are being broken into as we enjoy our holidays or commute on a cold winter evening