Major Concerns of Telecom Consumers in 2019

Cybersecurity is an arms race. Attackers constantly evolve their techniques, and in response, defenders continue to adapt their defenses. With each passing year, we witness the fallout from this in the form of data breaches, malware outbreaks, privacy infringements and other compromising scenarios that in the end affect telecoms customers, both consumers and businesses. These events continue to attract headlines, and rightly so, divert the public’s attention to the importance of cybersecurity in our ever-more connected world.

The exact events that will draw attention in 2019 are, like every year, impossible to predict and anyone’s guess. Cybersecurity is fast moving, always changing and often mysterious, given the anonymity of our adversaries. But overarching trends can be identified that will affect the course of the year in cyber.

Six experts at cybersecurity provider F-Secure, the leading partner to operators in value-added security solutions, shared their predictions for what to expect throughout the rest of 2019. From IoT to AI, organizational security to consumer concerns, here are the trends that experts predict will affect telecom customers this year.

Guide to Superior Cyber Security

Best practices and tips for protecting your business! 

Cyber security is simple enough on paper– maintain the integrity of your systems while keeping the attackers at bay. Things get much more complicated once you get down to practice, however. Limited budgets, lack of skilled personnel and low awareness on various security topics can all serve as barriers to achieving protection against modern cyber attacks.

One of the most pressing issues relates to visibility and clarity. Where are we currently with our security? What are we missing? Although most IT and security professionals are aware of the technologies and best practices in their field, it’s easy to lose sight of what’s important when you’re dealing with constantly changing digital environments and rapidly evolving external threats.

That’s why we’re here. If you need some tips – or want to refresh your memory – about how to get the essentials of cyber security right, this guide is for you. We go through the basic building blocks of a solid cyber security protocol, from risk assessment and endpoint protection to threat detection. Check how you’re doing – and start improving today!

 

Smart but Vulnerable IoT Devices Present an Opportunity for Home Broadband Providers

Internet-connected “things” are lacking in basic security protections, putting consumers at risk. Home broadband providers are in a unique position to protect their customers’ connected devices through value-added security solutions.

As the Internet of Things continues its advancement, our world is becoming smarter and smarter. Consumer televisions and security cameras are already connected to the internet. Adoption of connected thermostats, lights, security systems and voice assistants is growing fast, particularly in North America. Soon homes will have connected washing machines and toasters as well.

According to a 2018 PwC survey, ownership of smart devices in UK homes more than doubled in the previous two years. And according to a study from Parks Associates, more than 50% of US households with broadband plan to buy a smart home device in the coming year. A survey from Metova revealed that 74% of respondents think connected home devices are the wave of the future.

Vendor View image 1

No one is more aware of this trend than Mikko Hyppönen, Chief Research Officer at leading cyber security provider F-Secure. Hyppönen has been fighting computer viruses and defending cyber space since his tenure at F-Secure began in 1991, before most people even knew about the internet. The advent of connected “things” has opened up a new frontier of cyberspace in need of guardians like him to protect it.

“Everything is becoming a computer,” says Hyppönen. This matters because, as he says in an apt aphorism that he’s self-coined as Hyppönen’s Law, “If it’s smart, it’s vulnerable.”

“So here’s a smart phone—vulnerable phone,” Hyppönen says. “Here’s a smart watch—vulnerable watch. Smart car, smart city, smart grid…You get my point.”

The essence of Hyppönen’s Law is that anything that can be programmed can also be hacked. When we add connectivity to the appliances and gadgets around us, we open ourselves and our homes up to potential compromise by malicious actors from afar. Almost all these connected devices use the home gateway Wi-Fi password, yet all are lacking in basic security protections.

Home broadband providers are in the unique position of managing these gateways. Given the relationship of trust already established with customers, broadband providers are well positioned to help consumers deal with the growing complexities of the connected world. By partnering with a cyber security provider like F-Secure, home broadband providers can help consumers keep their living spaces secure, even as homes become smarter.

Connected and compromised

That the IoT has security challenges is being acknowledged by no less than the FBI and Interpol. Both agencies have issued statements in the past year warning about the dangers of connected things.

“Cyber actors actively search for and compromise vulnerable Internet of Things devices for use as proxies or intermediaries for Internet requests to route malicious traffic for cyber-attacks and computer network exploitation,” the FBI warned. “Cyber actors typically compromise devices with weak authentication, unpatched firmware or other software vulnerabilities, or employ brute force attacks on devices with default usernames and passwords.”

The warning echoes a similar finding in a 2018 F-Secure report, Pinning Down the IoT: “In its current form the Internet of Things represents a considerable threat to consumers, due to inadequate regulations regarding its security and use.”

According to the FBI, cyber criminals are leveraging compromised IoT devices for various nefarious activities, such as sending spam emails; generating click fraud activities; buying, selling and trading illegal images and goods; and conducting credential stuffing attacks, which involves testing stolen passwords on website login pages using an automated script.

In the wider context, they can also be used in distributed denial of service (DDoS) attacks on organizations to shut down servers or services. One of the most powerful DDoS attacks ever seen took place in October 2016 when a botnet targeted the systems of a major DNS provider, rendering the internet unavailable to users in many areas of Europe and North America. The ensuing investigation revealed that the botnet had been made up not of conventional computers, but of connected gadgets like IP cameras and baby monitors. The devices were infected with a special type of malware that targets IoT devices, exploiting devices on which the factory default login credentials had not been changed.

Closer to home, what impact can a compromised IoT device have on the average consumer? Device owners may notice spikes in internet usage and increased monthly bills or slow performance of a device or connection. There can potentially be even deeper, more personal effects. In recent years, stories have emerged of vulnerable webcams leaving consumers open to peeping tom hackers and vulnerabilities in critical technology like implantable cardiac devices and baby heart monitors.

Inherently insecure?

Compared with conventional computers, laptops and smartphones, connected “things” present their own unique challenges to security, an issue that begins with the very design of a product. Real world product companies, although they manufacture useful home appliances, toys and everything else you can touch and feel, often know little about information security. It’s no surprise that in their smart products, security is not given the priority it deserves.

These companies focus on how desirable and useful their product is, not on how secure it is. They worry about whether their product is easy to use, not about whether it can be remotely hacked. And to keep costs down and move products out the door, they often sell products built with chips that use outdated software. Such devices may have grave security flaws from the beginning.

Even if these companies were concerned about security, the miniature size of many IoT devices creates challenges. Limited size and processing power narrow the options for security measures. A given computer, smartphone or tablet can have third party security software installed to protect it; this is not the case with connected things. There is no way to install security onto a smart surveillance camera or a smart fitness tracker.

Compounding the problem is the difficulty with updating vulnerable software in IoT devices. Many smaller devices are low cost, and if a vulnerability is discovered on such a device it may be difficult to update the software and then to let customers know about a fix. Even if customers were notified, they would have to have the know-how to download and install the patch.

How smart is smart?

For consumers, there are already “smart” hairbrushes, luggage, even condoms. Almost half the homes in America have a smart TV. New F-Secure research confirms that the only thing preventing even faster adoption of smart devices that connect to the internet is the privacy and security concerns of the people who are most excited about this technology. While 89% of early tech adopters in the UK said they are excited about IoT, 66% also reported being concerned about malware and hacking.

For businesses, the move to connecting almost everything has been happening since before this decade began. To get a sense of how far along we are in the computerization of the world, Hyppönen advises visiting a factory, where companies rely on industrial control systems for billions if not trillions of dollars of commerce.

“When everything is becoming a computer, companies get hacked in surprising ways,” he says. For an example, he points to one of the largest credit card breaches in history—the 2014 hack of US department store retailer Target, which exposed the data of up to 70 million customers.

“In this case, the actual credit numbers were lost as customers were paying at the cashier desks…The shop’s own credit card terminals were stealing the credit card numbers.” The attackers had found a way in through the computers that controlled the ventilation systems, and had worked their way over to infiltrating the POS systems.

When everything is connected, everything must be protected

Anything that can be programmed can be hacked, and like the Target case, it may be hacked to get to something else that’s far more interesting than just the ventilation system.

“They are not hacking your washing machine or your fridges to gain access to your washing machine or to your fridge,” Hyppönen told Nasdaq’s Tomorrow’s Capital. “They are hacking those devices to gain access to your home network…The weakest link in the home network is an IoT device, and we have seen this multiple times. Company networks get breached because of ventilation-automation systems which have nothing to do with your laptops or your servers, but they are computers because everything is becoming a computer.”  In the same way, home networks can get compromised through the most innocuous smart device…smart, remember, meaning vulnerable.

There’s no easy solution for securing the Internet of Things. In order to experience all the benefits of the IoT without scary scenarios of cyber criminals accessing our data and controlling us via our Things, we have to begin by coming to grips with what it’s going to be like to live in a future governed by Hyppönen’s Law.

Home Wi-Fi security

The good news is the problem is recognized, and bold new solutions are available – and it’s up to home broadband providers to bring these solutions to their customers. According to an F-Secure survey*, 60% of consumers said they would purchase their security and privacy services from their internet service provider. Partnering with a cyber security partner to offer value-added IoT security solutions on top of broadband services is one way a broadband provider can secure their customers’ connected lives, and in doing so, enhance their own brand loyalty and trust.

Home Wi-Fi security from F-Secure gives broadband customers protection for every internet-connected device in their home – from smart TVs to gaming consoles, thermostats, wireless printers and baby monitors, to traditional computers and mobile devices. IoT devices are protected against malicious websites and other online threats with breakthrough SENSE technology from F-Secure. Consumers also receive notifications if their devices begin to exhibit odd behaviour. Home broadband providers can enhance their proposition and increase their addressable market with leading-edge, worry-free security for consumers and small businesses.

A more secure tomorrow

Everything is becoming a computer, so everything is vulnerable. This is already true for our businesses and it’s becoming truer and truer for our homes. Our personal sanctuaries where we live, work, and play need to be shielded from the dark underbelly of the internet. Home broadband providers are already providing the bandwidth that powers our connected home and all its devices; it just makes sense to also be part of the solution for protecting these devices, their owners, and the connected home.

*[F-Secure Consumer Research: 4 years-12 countries-20,000 consumer interviews-15 million data points]

The Early Adopter Paradox

The IoT revolution is actually the second of most our lifetimes, according to Mikko Hypponen, F-Secure’s Chief Research Officer. “The first one has already happened — the Internet revolution,” he wrote. “Every computer is already online.”

“Next, we will see everything else go online. That’s the second revolution, the IoT revolution. It’s already begun. Eventually, if it uses electricity, it will go online. Everything will be ‘smart.’ And you know what that means… If something is ‘smart,’ it’s vulnerable.”
And law enforcement agrees. Find out what are the most popular IoT devices and what we mean by the “Early Adopter Paradox”.

This report explores the main findings of a consumer survey and explains a phenomenon called the “Early Adopter Paradox”.

 

 

Pinning Down the IoT

In its current form the Internet of Things (IoT) represents a considerable threat to consumers, due to  inadequate regulations regarding its security and use. In many cases, the adoption of the technology is being driven by businesses eager to gain valuable data from citizens, with little concern for their privacy or the protection of that data.

Over the next two years, the number of IoT devices entering households is predicted to climb steeply from 9 devices per household currently, to 500 by 2022 according to the research house Gartner1, with IoT connectivity being bundled into products whether people want it or not. Some of the experts interviewed for this report such as Mikko Hypponen, chief research officer for the cyber security company F-Secure, which sponsored this report, said that in the future, devices without IoT capabilities may be more expensive because they’ll lack data that can be harvested by manufacturers.

For the purposes of this report, the authors interviewed politicians, a senior police officer, cyber security specialists, industry analysts, think tank observers and industry figures involved in developing technology for the IoT.

Find out:

  • How pervasive the IoT is
  • How are consumers reacting to it
  • and finally how are different bodies seeing the need for regulation