May 17, 2016 By Gavin Kenny 3 min read

The Internet of Things (IoT) means adding network connectivity and some form of “intelligence” to everything. Everyday items are now connected to each other and the Internet. We are seeing an accelerating trend of smart devices flooding personal spaces, creating smart homes.

Nearly all home goods can be bought with Internet connectivity. It doesn’t stop there: Security cameras, baby monitors, televisions, thermostats and heating systems are all connecting to the Wi-Fi network inside your house. The network is only protected from all the accumulated evil on the Internet by the firewall built into the broadband router, which you were given for free by your supplier.

Network Connectivity Brings Risks

That network is being used more and more by the physical controls and security systems for our home. Burglar alarms and even door locks can be connected to the Internet. That may be very useful for remotely giving your next-door neighbor access, but it’s an issue if they can be hacked. Even environmental control systems can pose a risk.

Imagine a scenario in which would-be burglars no longer have to walk around looking for opportunities. All they have to do is monitor your alarm or CCTV to identify your daily pattern, then they arrive while you are away, turn the security systems off and tell the environment systems to open a window — assuming they don’t just tell the front door to unlock itself.

Surely the developers behind all this new IoT equipment must be thinking long and hard about security, right? Wrong. In the race to be first to market and meet the need for zero-setup equipment, security on many IoT devices is woefully inadequate. As Bruce Schneier wrote in Wired, “These embedded computers are riddled with vulnerabilities, and there’s no good way to patch them.”

Smart Homes, Meet Smart Security

So your home network is no longer full of just laptops, tablets, smartphones and printers, but also all these other devices trying to make lives easier and more connected. The security capabilities of these devices, however, are not great. Many cannot be updated, and even fewer will be. Ask yourself, when was the last time you upgraded the firmware of your connected printer or broadband router?

Smart homes are here and are only going to get smarter. In effect, they are no different from a small corporate network, and as such, they need similar levels of security, especially considering the growing trend of working from home. However, most people don’t have the skills or the desire to run them securely — imagine having to enter a password to boil a kettle! The concept of anti-malware and secure configuration does not fit in a small, function-specific IoT device.

What is necessary for the smart home or office is a smart security device. For example, a customized security information and event manager (SIEM) can spot when devices are added to the home network, identify them, note what they should or should not be doing, correlate events and look for patterns. It learns what is normal for users and then provides alerts when something is wrong.

Security Recommendations

I would like my smart security device to work with the firewall in my broadband router, dynamically generating rules to keep my system safe. You could also consider a form of vulnerability or patch management. If smart security knows what is on your network, it could query manufacturer websites, find out if there is an update available and notify you if there is.

There are many corporate SIEM solutions available today that could do this, but the challenge is to produce something that is practically maintenance- and setup-free — and at a price people are willing to pay. However, with the march of technology turning our houses into smart homes, it’s time we rose to that challenge.

To truly enjoy the promise of the Internet of Things, we need to defend our homes and offices from cyberattacks. Similar to the lessons learned from corporate security systems, this security needs to be delivered in a package that does not need a dedicated team. It has to be automated, self-maintaining, adaptable and maybe even cognitive. You need smart security.

More from Endpoint

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today