The Internet of Things (IoT) means adding network connectivity and some form of “intelligence” to everything. Everyday items are now connected to each other and the Internet. We are seeing an accelerating trend of smart devices flooding personal spaces, creating smart homes.

Nearly all home goods can be bought with Internet connectivity. It doesn’t stop there: Security cameras, baby monitors, televisions, thermostats and heating systems are all connecting to the Wi-Fi network inside your house. The network is only protected from all the accumulated evil on the Internet by the firewall built into the broadband router, which you were given for free by your supplier.

Network Connectivity Brings Risks

That network is being used more and more by the physical controls and security systems for our home. Burglar alarms and even door locks can be connected to the Internet. That may be very useful for remotely giving your next-door neighbor access, but it’s an issue if they can be hacked. Even environmental control systems can pose a risk.

Imagine a scenario in which would-be burglars no longer have to walk around looking for opportunities. All they have to do is monitor your alarm or CCTV to identify your daily pattern, then they arrive while you are away, turn the security systems off and tell the environment systems to open a window — assuming they don’t just tell the front door to unlock itself.

Surely the developers behind all this new IoT equipment must be thinking long and hard about security, right? Wrong. In the race to be first to market and meet the need for zero-setup equipment, security on many IoT devices is woefully inadequate. As Bruce Schneier wrote in Wired, “These embedded computers are riddled with vulnerabilities, and there’s no good way to patch them.”

Smart Homes, Meet Smart Security

So your home network is no longer full of just laptops, tablets, smartphones and printers, but also all these other devices trying to make lives easier and more connected. The security capabilities of these devices, however, are not great. Many cannot be updated, and even fewer will be. Ask yourself, when was the last time you upgraded the firmware of your connected printer or broadband router?

Smart homes are here and are only going to get smarter. In effect, they are no different from a small corporate network, and as such, they need similar levels of security, especially considering the growing trend of working from home. However, most people don’t have the skills or the desire to run them securely — imagine having to enter a password to boil a kettle! The concept of anti-malware and secure configuration does not fit in a small, function-specific IoT device.

What is necessary for the smart home or office is a smart security device. For example, a customized security information and event manager (SIEM) can spot when devices are added to the home network, identify them, note what they should or should not be doing, correlate events and look for patterns. It learns what is normal for users and then provides alerts when something is wrong.

Security Recommendations

I would like my smart security device to work with the firewall in my broadband router, dynamically generating rules to keep my system safe. You could also consider a form of vulnerability or patch management. If smart security knows what is on your network, it could query manufacturer websites, find out if there is an update available and notify you if there is.

There are many corporate SIEM solutions available today that could do this, but the challenge is to produce something that is practically maintenance- and setup-free — and at a price people are willing to pay. However, with the march of technology turning our houses into smart homes, it’s time we rose to that challenge.

To truly enjoy the promise of the Internet of Things, we need to defend our homes and offices from cyberattacks. Similar to the lessons learned from corporate security systems, this security needs to be delivered in a package that does not need a dedicated team. It has to be automated, self-maintaining, adaptable and maybe even cognitive. You need smart security.

More from Endpoint

Deploying Security Automation to Your Endpoints

Globally, data is growing at an exponential rate. Due to factors like information explosion and the rising interconnectivity of endpoints, data growth will only become a more pressing issue. This enormous influx of data will invariably affect security teams. Faced with an enormous amount of data to sift through, analysts are feeling the crunch. Subsequently, alert fatigue is already a problem for analysts overwhelmed with security tasks. With the continued shortage of qualified staff, organizations are looking for automation to…

Threat Management and Unified Endpoint Management

The worst of the pandemic may be behind us, but we continue to be impacted by it. School-aged kids are trying to catch up academically and socially after two years of disruption. Air travel is a mess. And all businesses have seen a spike in cyberattacks. Cyber threats increased by 81% while COVID-19 was at its peak, with 79% of all organizations experiencing a loss of business operations during that time. The risk of cyberattacks increased so much that the…

3 Ways EDR Can Stop Ransomware Attacks

Ransomware attacks are on the rise. While these activities are low-risk and high-reward for criminal groups, their consequences can devastate their target organizations. According to the 2022 Cost of a Data Breach report, the average cost of a ransomware attack is $4.54 million, without including the cost of the ransom itself. Ransomware breaches also took 49 days longer than the data breach average to identify and contain. Worse, criminals will often target the victim again, even after the ransom is…

How EDR Security Supports Defenders in a Data Breach

The cost of a data breach has reached an all-time high. It averaged $4.35 million in 2022, according to the newly published IBM Cost of a Data Breach Report. What’s more, 83% of organizations have faced more than one data breach, with just 17% saying this was their first data breach. What can organizations do about this? One solution is endpoint detection and response (EDR) software. Take a look at how an effective EDR solution can help your security teams. …