How Operators can help to defend the connected home
The internet of things (IoT) is a seemingly ever-expanding market, with IDC predicting that it will grow to 41.6 billion connected devices by 2025, carrying more than 79 zettabytes of data. Connected devices have become a mainstay in industries including manufacturing and healthcare, and much of this growth is also driven by consumers purchasing connected devices such as smart speakers and TVs, to thermostats and kitchen appliances.
There is clearly a lucrative opportunity for vendors, however, these devices need to be robustly secured by manufacturers and service providers, otherwise they could leave the back door open for cybercriminals to enter the connected home.
IoT threats on the rise
The number of IoT threats observed by F-Secure Labs doubled in 2018, with most using predictable, known techniques to compromise devices. Nearly nine out of 10 observed threats (87 percent) targeted weak or default credentials and/or unpatched vulnerabilities.
Indeed, the FBI has said that threat actors are compromising IoT devices “with weak authentication, unpatched firmware or other software vulnerabilities, or employ[ing] brute force attacks on devices with default usernames and passwords”.
While these vulnerabilities would allow a threat actor to hijack a device, clearly threat actors are not breaking into the connected home with the aim of controlling the central heating. Instead, IoT devices are generally used as the gateway for further attacks.
Many of the new threats observed relate to threat actors using the computing power of connected devices to mine cryptocurrency. There is also the risk that, as smart homes are ecosystems of interconnected devices, one connected gadget with weak security could enable a threat actor to compromise the entire network. This could have implications for the privacy of those living in the connected home, with cybercriminals potentially able to find out almost anything about a family’s homelife – for example determining when the home is unoccupied and vulnerable to burglary. Attackers may also use IoT devices as a stepping-stone to data on laptops and mobile devices. Such interconnectivity also means that one infected device could also greatly reduce the efficiency of others.
These obvious security risks are creating a sense of urgency that a comprehensive cyber security solution is required to defend the connected home.
Opportunities for securing the connected home
Aside from the likes of Google, Amazon and other experienced tech giants, many vendors of IoT devices have little or no prior experience in creating them, meaning that they often overlook security. Until recently a lack of regulations has meant that manufacturers were not held to account for poor security. Fortunately, law makers are catching up, with California having introduced legislation to force manufacturers to install security from 2020 and the UK now considering similar measures.
Manufacturers, however, should not simply build in security because they are compelled to by law. Instead, they should be providing greater security in their devices as a selling point. Privacy concerns have come to the forefront for consumers following scandals such as Cambridge Analytica, and they are showing an appetite for tech that protects their personal data.
Manufacturers can begin to produce devices that are able to withstand cyber attacks by following code of practices such as the UK’s Secure by Design. This contains 13 practical guidelines to help manufacturers protect the privacy and safety of consumers, while making it easier for them to securely use their products.
There is also a significant opportunity for ISPs to provide security to protect all devices within the connected home. By providing a comprehensive set of security solutions such as secure routers, parental controls and apps, ISPs can help protect a network, regardless of the security measures on individual devices. This is likely to be a key selling point for security-conscious consumers.
Consumers want to be safe when they use connected devices, but they do not want to have to do anything overly complicated to do this. By offering easily secured devices and straightforward solutions, vendors have the opportunity to secure the trust of consumers and protect their reputations, both of which will stand them in good stead as the connected home market continues to grow.
By Tom Gaffney, Security Consultant at F-Secure
Microsoft: Building a secure foundation to drive NASCAR
Microsoft is a key partner of The National Association for Stock Car Auto Racing (NASCAR) and together they are driving ahead to create an inclusive and immersive new fan experience (FX).
These long-term partners have not only navigated the challenges posed by the COVID-19 pandemic with the use of Microsoft Teams and Microsoft 365, but are now looking to a future packed with virtual events to enhance the FX, well beyond NASCAR’S famous Daytona racetrack.
“Together, we've created a secure environment that's allowed for collaboration, but the future is all about the fans”, said Melinda Cook, General Manager for Microsoft South USA Commercial Business, who cited a culture of transparency, passion, adaptiveness, and a growth mindset as to why this alignment is so successful.”
“We've partnered to create a fluid, immersive experience for the users that is supported by a secure foundation with Microsoft in the background. We are focused on empowering and enabling customers and businesses, like NASCAR, to reach their full potential. We do this with our cloud platform which provides data insights and security.”
“Our cloud environment allows NASCAR to move forward with their digital transformation journey while we are in the background,” said Cook who highlights that Microsoft is helping NASCAR
- Empower employees productivity and collaboration
- Improve fan engagement and experience
- Improve environment security and IT productivity
- Improve racing operations
Microsoft Teams, which is part of the Microsoft 365 suite, enabled employees to work remotely, while staying productive, during the pandemic. “This allowed people to provide the same level of productivity with the use of video conference and instant messaging to collaborate on documents. Increased automation also allows the pit crews, IT, and the business to focus on safety, racing operations, and on the fan experience,” said Cook.
“We have started to innovate to create a more inclusive fanbase, this includes using Xbox to give people the experience of being a virtual racer or even leveraging some of the tools in Microsoft Teams to have a virtual ride along experience.”
“These environments are how we create a more inclusive and immersive experience for the fans. We're working on a virtual fan wall which allows people from new locations to participate in these events,” said Cook, who pointed out Microsoft was also helping bring legacy experiences alive from NASCAR’s archives.
“At Microsoft we can take it one level further by letting fans know what it's like to see the pit crew experience, the data and all the behind-the-scenes action. We will continue to improve automation with machine learning and artificial intelligence, from marketing to IT operations to finance to racing operations,” said Cook.
Christine Stoffel-Moffett, Vice President of Enterprise Technology at NASCAR, said: “Microsoft is one of our key partners. They have been instrumental in helping the NASCAR enterprise technology team re-architect our Microsoft systems to ensure an advanced level of security across our environment, contribute to our business outcomes, and focus on fan experience.”