In October 2016, the technology world was jolted awake when millions of poorly secured consumer devices were compromised and subsequently used in a malicious attack on popular web services like Soundcloud and Twitter.
This incident, which came to be known as the Mirai botnet attack, utilized a form of malware to take control of devices and effectively turn them into an army of zombie robots. The attack, which affected millions of connected cameras, routers and other devices, illustrated just how vulnerable our world of connected devices can be. And while the Mirai botnet didn’t create massive system failures that exposed personal data or harmed lives, it became obvious that the next attack could do just that, resulting in much greater harm to consumers in the process.
In the aftermath of Mirai, executives across the appliance, home system and consumer technology industries wondered if their products could be next. While the existence of tens of millions of vulnerable devices already in our homes means the answer to this question is yes, it’s important for the industry to not retreat from the connected home, but instead embrace smart home strategies that employ a robust network and smart home security as a foundational technology.
The good news is industry, government and independent consortiums are stepping forward to share information and facilitate cross-industry communication about how to create an effective strategy for protecting devices and their users from malicious behavior. Organizations such as the US Department of Homeland Security and the Internet of Things Consortium have written memos to highlight best practices in creating a sustainable strategy for protection against threats.
So what strategies can housewares manufacturers follow to best protect their products, themselves and – most importantly – consumers from attack? Here are a few:
Keep network security in mind from the very beginning of product design. In today’s world with accelerated product development windows, many companies often treat network security as an afterthought. By not putting security of products at the front of the product creation process, manufacturers ultimately make it much more difficult down the road to secure devices. In a recent memorandum, the Department of Homeland Security also suggests the following practices be implemented at the design phase: enable security by default, use the latest operating systems with robust security features, and use hardware that has security features built in (such as HomeKit or Zigbee).
Utilize Experts. Security problems often impact startups who sacrifice security for faster time to market and larger companies who make conscious decisions that do not incorporate a security-first mindset. In both situations, companies are making resource allocation decisions that ignore the fact security issues can result in significant financial and brand equity damage down the road. By investing in expertise in the form of knowledgeable partners and even employees who ensure best practices are followed, companies are taking a long-term view.
Choose Partners Carefully. In the age of the API, integration with third-party products is becoming extremely easy. However, the old adage “you’re only as strong as the weakest link” is especially true when it comes to network security. Choose partners that have strong and verifiable security practices in place.
Deploy Field-Upgradeable and Extensible Products. While networked products can mean more vulnerabilities, the inclusion of remote connectivity means product manufacturers can automate field upgrades to ensure greater security to products. By automating updates, deploying patches to address vulnerabilities and having remote ability to detect issues on even end-of-life products means safer products.
Stay Informed. The trend of connected products is irreversible, so it’s important for companies to utilize best practices. By engaging with organizations such as the Internet of Things Consortium and the Center for Internet Security, your company can stay informed about developments and trends in network and IoT security.
The bottom line is, in the post-Mirai age companies no longer have the option of making network security a second-tier priority. As you move your business toward a connect-first business model, make sure you also put security first.