By Shane McCarthy, COO of Irdeto
Imagine all of your connected devices have short, simple passwords. How long do you think it would take a cyber-criminal to hack into them? A matter of seconds? Minutes? Or longer?
According to research we conducted recently; the average American thinks it takes over eight and a half hours for a new connected device to be targeted by hackers. Unless you’re using an eight-character password with a mix of numbers and lower-case letters, you’re sorely underestimating a hacker’s ability. We’re talking a matter of milliseconds or seconds if the password is short and only contains lower case letters.
This general lack of awareness of cybersecurity hygiene poses a huge risk in today’s new normal, in which we have become more dependent on technology, and also provides an opportunity for hackers to take advantage, if the right security tools, resources, and education are not in place.
In this article, we explore the new normal we find ourselves in, sparked by COVID-19, and how this has had an impact on cybersecurity. We’ll also look at the concerns Americans share about the online world, and the steps we should take in battening down the hatches of our connected homes to prevent hackers’ idle hands from grabbing our personal information.
A new normal
COVID-19 has transformed the way we live and work. While our homes were previously a retreat from the hustle and bustle of the everyday grind, they’ve now become a jack of all trades – makeshift office, virtual gym, entertainment complex, and education center for our children. Our couches have become classrooms; our kitchen tables now boardrooms, and our TV screens a faux-silver screen for binge-watching movies.
With our personal freedoms reduced and physical lockdowns imposed on many citizens, we’ve turned to technology to keep our worlds turning. And stats from US online data providers highlight just how personal technology use has changed in light of the pandemic – daily Netflix traffic is up 16%, and popular videoconferencing service Zoom has experienced more than six million daily app sessions at its peak. However, there’s a double edge to this technology sword – the more time we spend on our devices, the more we’re inadvertently beckoning hackers to take advantage of our time online.
Beware the opportunistic hacker
A joint advisory, published in April 2020 by the UK’s National Cyber Security Centre (NCSC) and US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA), indicated that cybercriminals were capitalizing on the COVID-19 crisis by targeting individuals and organizations with a host of attacks. The advisory provided information on how hackers were using phishing campaigns, disguised as ‘official emails’ from authorities such as the World Health Organization, to trick citizens into divulging personal information. Similarly, cybercriminals have turned their attention to scanning for vulnerabilities in software and remote working tools as more people work from home. The Russian hacking group Evil Corp is alleged to have launched a number of ransomware attacks against at least 31 US companies, via the companies’ employees working remotely. With our homes becoming ‘branches’ or extensions of our employers’ organizations, every network – personal or corporate – is a veritable target in these times.
Sentiments towards cybersecurity
According to a 2020 survey, the average American has access to more than ten connected devices in their household. The greater number of connected devices being added to a network, the larger the threat surface in connected homes, especially as many are low-cost consumer devices with little or no built-in security.
The current COVID-19 situation has therefore raised some questions around the quality of service and security of the internet services we’re accessing at home – for personal or professional use. To better understand the perception of these cybersecurity threats, in April 2020, we conducted some research – in tandem with Censuswide – of more than 1,000 American households. Given the column inches dedicated to cybersecurity stories in the mainstream press, it’s not surprising that 73% of the Americans we surveyed feared cyberattacks at home. When it comes to the type of attack feared, more than half of US respondents (56%) cited online fraud (identity theft and loss of money) as their main concern. In addition, over a third (35%) said risks to their children would make them take their household cybersecurity more seriously.
The biggest child-related concern for parents and guardians in the US was children being subjected to inappropriate approaches while online (33%), followed by exposure of their children to adult material (28%). Given the fact that over half of children in the United States now own a smartphone by the age of 11, access to internet services is easier than ever before for the younger generations. But without the appropriate controls, this access isn’t so much a blessing as a curse.
Taking back control
While our research did highlight a general lack of awareness into the more technical aspects of security and the risks it could pose to households, encouragingly, there was a call to arms from American citizens. Almost two-thirds (65%) of respondents said they wanted to have much more control over their home network; an additional 55% agreed that manufacturer-level security on home devices was currently insufficient. But what does more control look like?
Households can take simple steps to reduce the risk of becoming a cybercrime victim, including the use of unique passwords for each device, investing in anti-virus software and regularly updating device software. Device manufacturers also have a part to play by ensuring more robust built-in security protocols. However, it’s internet service providers (ISPs) that are in a unique position to address the new cybersecurity challenge and optimize network security in the home.
It’s not enough to simply provide basic connectivity services to subscribers. As the gatekeepers of home networks, ISPs are perfectly positioned to become trusted providers of cybersecurity solutions, as part of the service they already provide. What could this look like? Think of a connected home management service, which acts as an extra defense against attacks, including outbound DDoS or inbound from malware pre-installed on a device. Think wi-fi performance checks at the device level, control over family browsing, content filters, and parental controls to manage how long children spend online and the sites they access.
While all of these services would transform connected homes for the better, they can’t be introduced to the detriment of user experience. Everyone in the family – from grandma to dad, down to the youngest child – needs to feel empowered to use the system, while still taking advantage of all the benefits that internet connectivity can offer, safely and smartly. Control shouldn’t be intrusive, but rather reassurance from harm while citizens continue to navigate the online realm in our new normal.
Shane McCarthy, COO of Irdeto is a seasoned industry executive with over 20 years’ experience within the media and technology industries. A developer by background, Shane has a strong track record in business growth.