ISACA Now Blog

Knowledge & Insights > ISACA Now > Posts > As Smart Home Cyber Security Takes Center Stage, Practitioners Need to be Part of the Solution

As Smart Home Cyber Security Takes Center Stage, Practitioners Need to be Part of the Solution

Larry Alton, Writer, LarryAlton.com 
| Posted at 3:08 PM by ISACA News | Category: Security | Permalink | Email this Post | Comments (0)

Larry AltonCyber security gets a lot of discussion in terms of small business, but what few outside of the industry know is that many cyber attacks actually take close much closer to home. In fact, thousands of attacks actually occur in the home. Part of the role of security practitioners moving forward can be to educate homeowners and help them protect their households with stronger, more secure solutions.

Hackers target home “security” systems
The entire objective of a home security system is to keep threats out of the home. A security system is designed to be both a deterrent and a defense mechanism. But while most security systems are focused on physical threats – like burglars – the rise of internet-connected systems has created an entirely new risk category. With some basic hacking strategies, cybercriminals can gain access to security cameras, disarm alarm systems, and prey on homeowners and their families.

SimpliSafe and other Internet-connected systems have proven to be able to be manipulated – something that most homeowners aren’t aware of. It’s the job of the security community to be part of the solution and help educate homeowners and customers on the risks, while providing them with specialized guidance that helps them select security systems that are actually secure.

“The impression that I’ve got is that the home security product industry isn’t really actually putting any effort into security, whether it’s because they don’t realize the problem, or they don’t care, is not something I’m going to be able to tell you. It’s not just the SimpliSafe system that’s insecure,” Dr. Andrew Zonenberg, a security consultant, told Forbes. “These people are advertising security products that provide little to no actual security.”

While you may have an obligation to sell and drive revenue for your business, you shouldn’t be doing it at the expense of selling products that have loopholes and deep-seated issues. Believe it or not, there’s a lot of money to be made from telling the truth and establishing yourself as an authority figure in the industry. There are only a few people currently doing this, and you can make a name for yourself by opening up.

James Risley of Security Baron is the perfect example. He’s constantly publishing high-quality content that puts clients first and products second. One topic that he’s really passionate about is the hacking of cameras, which actually happens fairly frequently.

“If you’re looking for a camera, ensure that you’re buying from a company that updates its firmware in response to security flaws,” Risley tells his audience. “Many DIY systems make this a manual process, but more popular cameras like the Nest Cam or Logi Circle work in the background. Also, always update your passwords on your IoT devices as soon as you set them up. Ideally, you want a secure, unique password for each device you own.”

Whether it’s buying a used car or installing a smart security system in a million-dollar home, consumers want to understand the pros and cons of purchases and appreciate the transparency they receive from vendors. Be a part of the solution – not the problem.

Are you doing your part?
The worst thing about the loopholes found in security systems is that these systems are designed for protection. People install cameras and other connected devices in their homes with the purpose of being secure. The fact that they could actually be introducing more risk is rather alarming – no pun intended. The more honest you are with consumers – and the more you work to improve the integrity of smart security solutions – the better the industry will be.

Comments

There are no comments yet for this post.
You must be logged in and a member to post a comment to this blog.
Email