Securing the home network used to be about restricting access and setting up firewalls. Now it’s about fighting elusive black hat hackers attacking the autonomous Internet of Things (IoT) devices that keep cropping up in households.
Traditional vendors offering high-speed connectivity need to adapt to the new reality or face the consequences.
Security for IoT devices
A security audit of 28 leading home routers by Cyber Independent Testing Labs in December 2018 had some concerning findings: none of the tested devices used even the basic software hardening features present in desktop environments for the last 15 years.
In the age of IoT, a poorly secured router, coupled with a vulnerable baby monitor or connected thermostat can expose the whole network and all its connected devices to hackers.
By enabling “backdoor” access into home networks, these routers can lead to much worse results if hackers use unsecured IoT devices attached to poorly secured routers to access computers or phones on the network to access personal data or passwords.
Ideally, a router should “know” what kind of device is attached to it, and allow or block traffic to and from it, based on the kind of device, without user intervention – but very few routers do this today.
Home networking security
So far, this dire situation in home networking security has led to a new generation of security specialist vendors, which started to deploy their own secure home routers with some success. But most router vendors and operators have largely continued to offer higher and higher speeds for their home broadband devices – without much regard for security.
The solution to the problem is relatively straightforward but requires a fundamental shift in thinking by most players in the market.
First, router vendors and broadband service providers must acknowledge that security is equally important to the connectivity performance of home routers. This also means that router vendors will need to partner with security vendors to provide products that are inherently more secure and capable of securing IoT devices in the household.
For service providers, it means that they will need to expand their cloud-based security offerings with security resident on home routers and conduct more rigorous security audits of devices they install as a part of their broadband packages.
Ultimately, the industry must shift to a recurring revenue model in which customers pay to use a broadband router but also receive continuous monitoring and updates to router security. For router vendors, moving to a new business model will be profound and painful. However, the alternative is slowly fading into irrelevance, which is certainly a less attractive option.