2017 was the year when awareness about the need for greater cyber security went into the mainstream. Terms like ‘global ransomware attack’ made headline news, and each month reports of data breaches at companies such as Equifax, Uber, and e-Bay came out. Businesses and consumers started to really recognize the importance of privacy and security. They also started to see that security these days needs to be strong not only on a corporate level – but also within the home network.
Because of course, networks these days are no longer the preserve of just the business world. Even though the owners often don’t think of them as such, most consumer homes are now mini-LANs with multiple devices and device-types connected to a Wi-Fi router typically provided by the internet service provider or telephone company.
Today, the average middle-income family household in Europe or the USA is likely to have a mix of laptops, tablets, smartphones, televisions, set top boxes, games consoles, and all-in-one printer/scanners hooked directly or via wifi onto the home LAN. And it doesn’t end there because there are also other devices, such music players and fitness trackers for example, that link via Bluetooth to the LAN-connected devices as well.
Indeed, according to survey data from US company CUJO AI (www.cujo.com), the typical American household has an average of 21 connected devices on the home network. The Internet of Things is here, and it’s in homes all over the country.
Rogue ones – the dangers of unprotected devices
In fact, those are pretty much just the standard devices. In our gadget-centred society, video doorbells, connected refrigerators, home heating and energy control systems, baby monitoring devices, and virtual assistants are all sitting on home networks. In many cases these devices are largely unprotected – the laptop camera that can be used to snoop, or the virtual assistant that is listening and reacting to your conversations even when you are not ‘addressing’ it.
Indeed, most of the time, homeowners don’t know exactly what devices are connected to their LAN at any given moment, and they certainly don’t know whether any of them are subject to an attack. And the scary part is, that if someone or something attacks your home network via one unprotected device, there’s a strong chance they could infect other devices on the network or monitor your traffic and steal vital personal and financial data.
“The explosion of IoT devices into the consumer market has created a massive security hole,” says CUJO AI co-founder and CEO Einaras Gravrock. “But it also creates an opportunity for internet service providers – an opportunity to differentiate their network offering not just by price, but by the added value of greater, visible, security.”
And security is a service that consumers show a willingness to pay for – according to global consulting firm PWC. In its 2017 report ‘Smart home, Seamless life’ PWC found that 75 percent of smart-device owning consumers were willing to pay more for add-on security features, and that a similar number believe it is business, not government, that is best placed to provide the protection. In the same year, identity management company Gigya published a report on the state of consumer privacy and trust with a headline statistic that 69 per cent of all consumers are concerned about the security and privacy of smart home devices.
A fear among consumers, a willingness to pay more for protection and a belief that businesses are best placed to provide it, looks like a perfect storm for service providers. The evidence for that perfect storm was underlined by a report that showed some 52 percent of consumers would pay more for a network provider that offered better data security.
Machine learning – a new hope
That service provider opportunity led CUJO AI to develop a cloud-based platform that would help ISP’s analyse home network data, provide increased security from cyber threats, and deliver valuable services to consumers via a dedicated service provider App.
Enabled by a simple firmware update to the existing home router, the platform can analyse the traffic the router is seeing, identify the devices that are live on the network, and monitor anonymized data to see which services are being accessed. Using machine learning models and applying artificial intelligence in the cloud, the platform can then provide proactive security that draws on all the data it is seeing and interpreting.
“Our platform gets the big picture,” says Gravrock, “which means it can spot trends and identify threats as they occur. But it can also translate that down to individual actions for any of the connected homes – even down to isolating or restricting a device that is compromised.”
While the cloud-based platform crunches the data across all the home networks for big picture intelligence, the consumer app gives the lead householder real time data on home network usage. It uses recognisable names for devices – Suzy’s smartphone; Josh’s tablet; family room games console etc – and provides advanced parental controls such as a lights-out curfew.
It seems clear that home network security shouldn’t just be left to the consumer and their devices; the network itself needs to be the focal point guarding against attack. Service providers that add security to their portfolio can establish and trade off the trust engendered to sell, for example, device security add-ons to protect a smartphone when it’s not at home.
The dark-side hacking community are nothing if not resourceful and will always seek the weakest link. By protecting it at source, service providers can ensure the force is strong in the home network as well.