Treading New Ground
Recent attacks on tech giants such as Twitter, Spotify and Reddit have shown how easily web services can fall prey to a cyber-attack. This applies to the different kinds of web-connected devices many of us have in our homes too, of course, such as TVs, smart thermostats or security cameras. What’s worse is that many of us who are device owners won’t even notice that we’ve been compromised.
Earlier this month, the Federal Trade Commission, launched a contest — aptly titled the ‘IoT Home Inspector Challenge’ — for members of the public to create a tool that combats vulnerabilities in out-of-date home IoT devices. It’s a great way to encourage everyday consumers to think creatively about the solutions that could resolve the security risks associated with such commonplace products.
The proliferation of IoT devices means the number of attacks will only increase the issue in coming months and years. That’s why it’s vital to open up the field to new entrants, to win the cyber security battle.
Room for all in the cyber security battle
Studies have shown that the weaponisation of IoT devices drove DDoS attacks up by 60% in 2016. With hackers developing more sophisticated techniques, it’s more important than ever to seek innovative strategies that will keep our data safe.
Government agencies and large businesses may come out on top when it comes to having the financial means of tackling security threats but they don’t hold the monopoly over it. There’s a plethora of IoT security start-ups developing new and exciting solutions that can definitely hold a candle to some of the bigger players.
Take ThetaRay for example, an Israeli company, founded in 2013. It specialises in anomaly detection through algorithms to identify unmatched, unknown threat rates with extremely low false-positive levels. Atlanta-based start-up Bastille, on the other hand, allows enterprise security teams to evaluate and mitigate the risk associated with the growing “Internet of Radios”. Its proprietary software and patented security sensors aim to bring visibility to devices, emitting radio signals such as Wi-Fi or cellular.
Yet, the most refreshing part of the FTC contest is that it doesn’t limit entries to companies but allows the average Joe to participate, taking the issue of cyber security beyond the boardrooms of corporate giants and government chambers.
Bringing IoT security to the masses
There are still minimal security standards in place for IoT devices and consumers are often blissfully unaware of the dangers unsafe devices can pose. A contest making headlines in mainstream media certainly has the power to catch the attention of a broader audience — maybe even more so than guidelines for manufacturers or new cyber security regulations.
Taking a proactive approach when it comes to security is just as much the responsibility of consumers as it is of organisations. The best way to promote IoT security is to educate consumers, employees and businesses on the importance of it. Today, cybercrime is a well-organised, well-run machine. For individuals and businesses to fight back, they must first understand what they can do to protect themselves — and their data. It’s no longer about just protecting access to the data, but is now about securing the data itself.
Most of us probably don’t choose the latest cyber security regulations as bedtime reading or share the latest cyber security research findings over coffee with friends. But perhaps a contest which encourages creativity may just bring us one step closer to educating the masses.
Article from Stephen Love, Security Practice Lead
