This year’s recent wave of cyber attacks caught our industry completely off guard. We’ve been spectators instead of participants and should be ashamed of ourselves. Here’s our moment to shine, to inform and to participate in the conversation. Let’s take the opportunity to become proactive and get out in front of this extremely critical issue.
Cyberattacks are nothing new, but the most recent waves all exploited known vulnerabilities in common home technology devices. Earlier this year, 100,000 routers, Internet Of Things (IoT) devices, cameras, and printers with default passwords left unchanged were harnessed together to attack Dyn, a company handling the domain registrations for thousands of companies worldwide. The resulting Distributed Denial of Service (DDoS) attack paralyzed key parts of the internet for hours.
As an industry, we have no standardized threat detection capability or set of best practices for dealing with cyberattacks.
Experts agree this attack was on the smaller scale of what’s possible using similar exploits. As home technology professionals (HTPs), our clients look to us to proactively secure and protect their networks. Until recently, homeowners only considered physical security systems as necessary for their safety. Protecting physical perimeter openings like windows and doors makes sense, and better yet, are easily understood; they’re tangible. Digital doors and windows, on the other hand, are not as easy to conceptualize or explain as openings worth protecting without a clear danger, or pain point to relate to.
Our industry needs to begin its journey from reactive to proactive by educating homeowners and businesses on the importance of cybersecurity threat detection through the following set of steps:
1. Define the threat using a medicine vs. vitamins approach.
Illustrating and relating to pain points are critical first steps to raising awareness. By painting pictures of data loss, being an unwitting participant in a cyberattack or privacy breach, we can catch the attention of our busy clients. Using the opportunity to illustrate what you do as a technologist to protect their network will set you apart from your competition and go a long way to building trust.
2. Publicize our industry’s passion for cybersecurity threat detection.
By becoming involved with news organizations as subject matter experts or engaging in writing, blogging, etc., the CE world will fill a vacuum currently being occupied by traditional cybersecurity experts who don’t understand the specifics of catering to the residential or small and medium-size business (SMB) client. This second step starts on the local level, so don’t be afraid to reach out to outlets like Help A Reporter Out (HARO) or your local news stations with stories about your best practices in securing your client’s digital assets.
3. Develop products selling cybersecurity as a standalone or add-on to a physical security system.
It’s surprising that the traditional security industry hasn’t seized this opportunity yet, but it’s likely because they aren’t network experts. The HTP industry is well positioned to leverage its status as a network expert to add cybersecurity offerings to existing physical security businesses, offering physical and cybersecurity products, or by partnering with traditional security companies locally. In any event, cybersecurity as an add-on or standalone product is evolving rapidly. Position yourself initially using best practices like changing passwords, using reputable networking gear, and staying abreast of the developments in the field. True cyberattack monitoring solutions are few and far between, and the majority of cyberattacks are facilitated the same way physical security breaches occur: lack of adequate deterrence.
4. Deter, deter and deter.
Any physical security professional will tell you most criminals are lazy and not likely to strike if deterred properly. Simple steps like yard signs, window stickers, perimeter lighting, and strong locks are all relatable to the digital world. Encrypt passwords, use sites like ShieldsUp, the Consumer Technology Association’s (CTA) new cybersecurity assessment tool, and Bullguard’s IoT scanner to deter attackers. Since it’s still early days for cybersecurity in the CE space, you have a unique opportunity to define your own deterrents and use them as competitive differentiators.
As an industry, we have no standardized threat detection capability or set of best practices for dealing with cyberattacks. That’s the good news and bad news. With so much opportunity for innovation and product development, the next few years will be a wild ride for the CE world. Will you continue to sit in the bleachers or decide to get in the ring?