Securing the connected home: A joint task for homeowners and their ISP
As COVID-19 spread over the world and nations and businesses adapted to minimize citizens’ and employees’ personal interactions to help contain the infection, a greater than ever number of people stayed at and worked from home. As expected, this necessary adaptation did not go unnoticed by cyber criminals.
“We just recently launched the first Xfinity Cyber Health Report which combines data from a new consumer survey with actual threat data collected by our artificial-intelligence-powered xFi Advanced Security platform, and it showed that during the early part of the pandemic, threats increased 12 percent as bad actors looked to take advantage of the increase in online activity in connected homes,” Noopur Davis, Chief Product and Information Security Officer at Comcast, told Help Net Security.
The threats ranged from phishing attacks to websites attempting to download malware onto the customer’s computer, to hackers trying to break into their connected home devices so they can gain entry onto their network and access personal information.
The most commonly targeted devices are computers, laptops and smartphones, followed by (often unsecured) networked cameras, (often unpatched) networked storage devices, and streaming video devices (usually holding log-in credentials and credit card information).
“At the enterprise level, the threat landscape is similar for us as it is for other large companies: the threats are increasingly diverse and complex, and we know that we have to focus on continuously evolving the many layers of security we use to protect our infrastructure, data, and employees,” Davis said, but noted that, unlike most other companies, they also have the responsibility for protecting the home networks of tens of millions of customers who watch TV, access the internet, use their phone and secure and automate their home through the Xfinity brand of services (and a great number of disparate devices).
“Xfinity xFi users on average have 12 devices per household and added two devices over the past year, but super users have as many as 33 devices or more, all of which can be potential threat vectors,” she noted.
That’s one of the reasons the company opted for adding protection on the network side, to secure all devices on home networks at the gateway level, by launching xFi Advanced Security platform in January 2020. (On the minus side, the service is available only to customers who lease an Xfinity xFi router from Comcast.)
Comcast partnered with CUJO AI to implement traffic analysis and AI-powered threat detection and blocking. The security platform also “learns” what’s normal and what isn’t for the devices on the network and alerts customers when their devices are behaving in unusual ways.
Security awareness is also part of the solution
While the pandemic made it so that people couldn’t send their kids to school or go to the office (not to mention movie theaters, restaurants, exercise classes, or even the doctor’s office), connected devices digitized those experiences and they carry on with our lives.
The advantages are obvious, but this also means that many are increasingly facing the difficult task of becoming the Chief Security Officers of their own homes.
“Technology is important, but the choices we make as individuals remain some of the most powerful tools. That’s why also need to keep working to educate people about the dangers and the simple steps they can take to protect themselves,” Davis added.
Comcast commissioned a market research firm to poll 1,000 U.S. adults on cyber security knowledge and practices, and the results showed a disconnect between perception and reality when it comes to cyber-safe behavior.
For example, 85 percent of respondents said they are taking all the necessary security precautions needed to protect their home networks, but at the same time 64 percent admitted to behaviors that open themselves up to attack (e.g., reusing and/or sharing passwords).
“There was also a disconnect between respondent perception and reality about which of the devices in their home were most likely to give cyber criminals access to their home network. Our survey showed people underestimate the risk associated with cameras, networked storage and streaming video devices,” she noted.
“Finally, there is also a general lack of understanding around how to secure the connected home. 53 percent of consumers indicated they either don’t know if their internet service providers offer protection against cyberthreats, or that their providers don’t offer such protection.”
It’s not realistic for consumers to become cybersecurity experts – so it’s not surprising to see gaps between what people think they are facing with cybersecurity attacks, and what they are actually facing, she adds. The solution for moving the needle on cyber risk in the right direction is a combination of simple, effective tools and strong awareness outreach.