From "OK Google" to "Hey Alexa", voice-activated home automation systems are all the rage this holiday season. But before unboxing these "smart" virtual audio assistants, consider the nuances of the recent cybersecurity breach where Internet of Things (IoT) devices enabled two widely publicized DDoS attacks.
In the October attack, hackers used web-based IoT connections through more than a million smart devices – unbeknownst to the owners of such connected cameras, DVR's and home automation systems – ultimately rendering Twitter, Spotify, Netflix and dozens of other major websites unavailable. To paraphrase Salesforce's head of security on the severity of the cyberattack: could a system designed to withstand a nuclear attack be undone by a toaster? Apparently so.
Distributed denial-of-service, or DDoS attacks are nothing new, but the impending threat is more recently on the rise. A report by content delivery network provider Akamai indicates such incidents are increasing in number, severity and duration, also noting a 125 percent increase in DDoS attacks year over year and a 35 percent jump in the average attack duration.
In response, the Broadband Internet Technical Advisory Group (BITAG) recently laid out its recommendations for the Internet of Things including security standards for connected devices, like timely, automated and secure software updates, password protection, and increased testing of customization options. Even though BITAG doesn't have any actionable power, the report could have some impact on regulatory discussions in the future.
As the number of connected devices on the market continues to increase and expand integration of the Internet of Things, it is the responsibility of companies to secure smart devices as well as provide guidance in order to protect its users and their private information.
Below are three ways technology companies and everyday users can proactively work together to secure the Internet of Things in connected devices and get ahead of potential cybersecurity risks.
Secure installation and setup
Proper setup and installation of connected devices and smart home systems is step one for protecting user information. But the complexity of properly installing, configuring and securing these systems and devices has the potential to either live up to the promise of a simpler, "smarter" experience, or cause further frustration when it comes to ongoing use and maintaining device security.
According to a survey of smart home owners and potential buyers, many people don't completely trust the Internet of Things, and others who already own smart home automation systems are somewhat skeptical of just how secure those connections really are. In fact, 46 percent of potential smart home buyers think that having more devices connected in their home could create an increased security and privacy risk and 25 percent of current owners do not actually trust that connected devices are adequately secure.
This skepticism means technology companies and communication providers must ensure IoT systems are properly installed and configured to protect private user information in the event of an attack, especially as more connected devices continue to enter the market this holiday season.
Ongoing updates and maintenance
Once connected devices are properly installed, the next step is to maintain smart system security by updating software and hardware regularly to prevent possible threats. The inherent complexity of the Internet of Things means technology users need even more confidence that their devices and systems are properly installed and operating securely and effectively all the time.
This means IoT providers and device manufacturers must keep customers updated on necessary system updates and security features accessible through either self-service options, live guided assistance or a combination of both. Some people prefer connecting with tech companies and IoT providers directly, while others would rather install, fix and secure connected systems and devices on their own.
With respect to ongoing updates and maintenance, consumers also need to have a clear understanding of which company or provider is responsible for securing their connected systems. Survey data shows that nearly half of those who don't currently own a smart home system are concerned they wouldn't know which company (service provider or device manufacturer) is responsible for providing secure customer support.
It is up to the technology companies, device manufacturers and IoT service providers to close the gap between the smart system promise and the reality of impending security risks for web-connected devices.
While DDos attacks can't be prevented entirely, proactive protection from both businesses and consumers is another way to safeguard privacy and sensitive user information.
Consumers can do their part by making sure their connected systems and devices are always updated with the latest software and security features offered by the technology company or device manufacturer. On the other hand, tech brands and IoT service providers need to integrate proactive support features with built-in software that uses device data to notify in advance if a problem exists, or even self-healing support that fixes issues automatically without any user interaction.
Technology brands, retailers and service providers must deliver proactive, guided tech support in the right context to enhance value for smart home systems and connected devices and ensure users' privacy and security, especially as the explosive growth in digital devices and interconnectivity in technology products continues.
As the volume and severity of cybersecurity breaches continues to increase with the adoption of new technology products, consumers and companies alike must take the necessary steps to properly install, maintain and protect connected devices to be more acutely aware of potential threats and take proactive steps on both ends to protect the privacy and security of the Internet of Things.