CSPs Have a Chance to Address Consumer IoT Security Needs
(The following article is reprinted from Brilliance Security Magazine)
Consumer cybersecurity needs have significantly changed over the past years. With the rising global dependence on smart devices for everything from waking up in the morning to dimming the lights at night, it is safe to say that smart homes are the new normal. However, there remains a glaring issue in this new connected reality. As is evident from the multiple headlines around security breaches that take place every day, bad actors are continuously on the lookout for opportunities to gain access to consumer devices and prey on their vulnerabilities. With the connectivity that IoT delivers, hackers have the opportunity to cast their nets further and deeper into the very centers of consumers’ lives.
Unfortunately, available end-point solutions are deemed ineffective when it comes to IoT security. While they address many security holes for common devices such as laptops and mobile phones, they fail to address the security of more recent IoT devices like connected toys or smart dishwashers. This, coupled with growing awareness around data privacy and security, has left IoT consumers searching for comprehensive solutions that can address their evolving security needs.
Security Threats Associated with Consumer IoT
Most consumer IoT devices, especially cheaper ones, lack built-in security, making them vulnerable to hacking and malware. Several of these devices also have underlying operating systems and firmware making them impossible to secure. It not only poses a threat to the devices but also to their network infrastructures. It also doesn’t help that it only takes less than 18 seconds for an IoT device to be attacked once it is open to the Internet.
The truth is, some of the largest known denial of service attacks (DDoS) were based on IoT devices. In these types of attacks, the network-connected devices are flooded with an overwhelming number of requests, making it impossible for the server to handle the load and process legitimate requests. In addition, 87% of bots are IoT-related.
Consumer IoT Security Awareness Quotient
With cybercrime and data privacy lately garnering a lion’s share of public attention, there is a growing concern among consumers around the security of their devices and the content they access and create. But, when it comes to IoT security, while many consumers know they have to be wary of the looming threats, they are still struggling to find methods to keep themselves out of harm’s way. Others, simply don’t understand the extent of vulnerability through common household appliances, connected cars, toys, even digital medical devices.
It also doesn’t help that the IoT security market isn’t growing at the rate to complement the growing consumer IoT market, which, according to Gartner, is estimated to reach $1 trillion in value by the end of this year.
According to a recent study published by Telecoms.com, 75% of the survey respondents, which included executives from telecom industry globally, said that consumers point out privacy as the key concern of consumers living in highly-connected smart homes, followed by identity theft, fraud, and vandalism through hacking into connected devices. The survey also found that 90% of all respondents thought consumers would be willing to pay for smart-home cyber-security services.
Service Providers’ Opportunity to be Leaders in Consumer IoT Security
With consumers more in tune about the imminent need to stop bad actors, in real-time, from wreaking havoc on networks and subsequently on their IoT devices, a network-focused solution is key.
This is where Internet Service Providers have an opportunity to cater to this growing consumer need for connected home security, by delivering targeted and network-based security solutions to secure both home networks and connected devices. Being their customers’ Customer Premise Equipment (CPE) providers means ISPs already enjoy the advantage of an existing relationship with their customers. As a result, these providers are uniquely positioned to offer a comprehensive security solution for the smart home, without requiring the end user to do anything. By simply deploying security agents directly on their CPE, service providers can offer their customers the peace of mind of knowing that they are protected at the network/ router level. Furthermore, most ISPs also serve as their consumers’ mobile operators, which allows them to deploy similar solutions on their network, resulting in a converged solution that protects the end users’ homes and mobiles without them having to take any action, such as installing an app.
In light of the growing security concerns, industry professionals are already planning to actively deliver IoT security services, according to the afore-mentioned Telecoms.com survey, where 56% of respondents saw IoT as an important driver to expand their service portfolio, and 46% saw it as a significant channel to deliver new revenues.
Clearly, service providers are uniquely positioned to lead the consumer IoT security market. The question is who will build the most sustainable business models to address this opportunity.