Your home is becoming smart and connected, but who is responsible for its cybersecurity?
In the span of a few short years, connected devices have entered the homes of millions. Human intervention is no longer necessary to operate the devices — they know when and how to act. While disrupting every corner of the home, who is responsible for the cybersecurity of smart home devices?
With the increasing number of network connections, the need for cybersecurity is becoming more and more important. For example, when looking at home surveillance cameras and video intercoms, an attacker could gain access to homes with little technical experience. Consumers are also becoming increasingly sensitive to the issues of data protection and information security. Eventually, this could influence consumer behavior into being willing to spend more on security features – which in turn justifies a higher price for a higher-quality approach. In doing so, consumers will have more control over how much they want to spend on additional safety. However, consumers can’t check every product they want to buy for potential risks so protecting against common risks needs to be a focus for the manufacturer.
What is new with connected devices is that manufacturers are responsible for the ongoing security during the entire lifecycle. Software updates for networked products are a must when it comes to cybersecurity. Possible cyberattacks range from opening electronic locks and triggering fire alarms to cyberespionage and Distributed Denial-of-Service (DDOS) attacks. Currently, attacks are still rare — but possible risks must be considered now by manufacturers. They must ensure information security, by correctly using hash functions to store passwords, selecting suitable cryptographic algorithms to create confidentiality, or using firewalls and packet filters, for example.
The most common reasons for the vulnerability of smart devices
When it comes to cybersecurity of smart home devices, both the manufacturer and users share some responsibility. Let’s dive into some of the most common reasons why connected devices are vulnerable:
- Security measures were not implemented or sufficiently tested during product development.
- Local networks such as WLAN and Bluetooth are often considered trustworthy by the manufacturer, although they have comparatively weak security features depending on the configuration. Due to the assumption that communication takes place over short distances, authentication is not sufficiently important.
- There is a lack of system updates that could fix known vulnerabilities
- Inadequate configuration of devices by users
With these four steps, users can increase the resilience of smart home devices:
- Router, cloud services and smartphones should be provided with secure passwords.
- Perform regular software updates and allow firmware of devices and routers to be updated
- Create different home networks for work, guests, entertainment and smart home (the keyword is network segmentation)
- Use cloud-based solutions
Six steps for manufacturers to improve the cybersecurity of IoT products
So, how can manufacturers provide more security for smart devices? Here too, we see that it's the mix that makes the difference. The security of smart home products has a lot to do with network challenges. But also internal processes that the manufacturer must play their part to ensure security.
- Require authentication
Strong authentication and access control mechanisms ensure that only authorized users have access to networks and data.
- Lifecycle monitoring
Device monitoring tools can help verify the health of firmware and software at startup, during operation and during difficult upgrade phases. Automatic updates should be enabled by default.
- Use encryption
Encryption at the network and transport level is indispensable for the protection of data. Various network-based attacks can thus be prevented.
- Secure APIs
Application Programming Interface (API) security is essential for the secure exchange of data between devices within a local area network (LAN), but also across network boundaries to backend systems.
- Detect threats
Analysis techniques for monitoring network traffic can help detect anomalies and vulnerabilities early on.
- Strengthen processes
Technology is a cornerstone of IoT security — yet internal processes must also support security. Security guidelines and training procedures should be clearly defined, regularly updated, and consistently implemented.
Dynamic certification for smart products
Possible attacks can be reduced with methodical risk analysis and security assessments by manufacturers, as outlined above. These steps can help make IoT products safer and are part of the information security and risk management that every smart device manufacturer should have. Safety and security certification organizations regularly train their employees internally on how to meet security requirements and test the cybersecurity of products. With a functioning security and risk management system, nothing stands in the way of providing a secure product and demonstrating security posture to the marketplace.
At present, manufacturers don’t have to prove much; the legislative and certification framework for cybersecurity is voluntary. Creating clear test criteria that also guarantee the security of digitized products is also a challenge due to the ever-changing cyber risks. So, it is crucial for manufacturers to understand the potential threats their connected products face, train their internal staffs to build in security by design, assess their products to best practices, frameworks or standards, and demonstrate the cybersecurity strengths of their product to the marketplace to empower consumers to incorporate security into their purchasing decisions.
For guidance and support on how to best protect your smart home devices as a manufacturer, contact us today