The internet is infected; of that there is no doubt. Every person, every company, every government, every culture, every device—they are all under attack and it’s going to get a lot worse before it gets better.
This, of course, is not new. I’ve worked in the security field for a decade and our community has been shouting all that time for consumers and companies to wake up to the threat. Finally, they appear to be listening.
However, this is not the fault of the consumer or the corporation, this is our fault. It wasn’t their fault they weren’t listening; it wasn’t their job to do so.
It was our job to ensure they were offered a product that was safe and secure. Until this point, we have failed. Scorn should be poured on us, not the consumer. We should be standing there with our hands in the air screaming mea culpa.
The numbers are staggering. According to a recent Cybersecurity Ventures report, cybercrime cost $3 trillion in 2016 and that is only the reported number. The true figure is much higher. No company wants to admit it’s been hacked.
The perfect example of this denial was the mass hacking of Yahoo, something it decided not to tell its subsequent acquirer Verizon. This week, that cost the company $350 million when Verizon marked down its original offer.
According to WordPress agency Pragmatic, every single new WordPress website is monitored by hackers within six minutes of launch. That’s a big deal; 27 percent of the world’s websites are based on WordPress.
Who’s next? Whether it is Sony, the U.S. Department of Justice, the San Francisco transportation system or even global celebrities such as David Beckham, the consequences of being hacked are devastating.
This threat was exemplified by the huge DDoS attack on DNS provider Dyn at the end of last year and came through the weak defenses of the Internet of Things (IoT) infrastructure. The Mirai botnet attack took out 33 percent of the internet and it was a “benign” attack, widely believed to have been by a bored American teenager.
If Mirai had been conducted by any form of organized and state-sponsored agent, the repercussions for a country, let alone a corporation, are unfathomable. Just think of what an attack on an electricity grid would do. We are in Dr Strangelove territory where even our guns may be turned on ourselves.
And there’s more. Last month an unnamed U.S. university was attacked through its smart light bulbs and campus vending machines. It should also be remembered that the Mirai botnet came through Chinese-made digital video recorders (DVRs) and IP cameras.
The danger to the smart home is truly terrifying. Right now we have four billion connected devices; research consultancy Gartner predicts that will rise to 13.5 billion in the next three years. Wilder predictions have that figure rising to 150 billion by 2030—that’s 15 devices per human.
Finally, the security industry is raising its game and getting serious. Recent Hewlett-Packard ads featuring a very creepy Christian Slater show how easy it is for a hacker to gain access to a non-protected IoT printer, can only help public understanding of the threat.
IoT devices are often cheap and consumers should not have to change default passwords; we should have done that for them. The smart home is currently completely dumb. For a lazy hacker who is now being confronted by more robust defenses at governments and corporations, the dumb home is a place to steal candy from the proverbial baby.
Imagine a future of micro-ransomware threats that take over your devices and hold them to ransom. Hackers will invade your home, steal all your money, go through all your accounts, turn off your electricity or set off your alarms unless you pay up. This nightmare is going to happen unless security companies educate the consumer and provide them with products that can stand up to attack.
So how do we keep everything safe and how can hackers be kept out? It can be done, but it’s not going to happen overnight. There is currently a global cybersecurity skills shortage of one million people. Those who have the skills are in great demand and earn huge salaries.
Intern programs, increased access via education, TV ads and public awareness are all great things, but this may take up to a generation to sort out completely. We must all work together to protect ourselves.
The smart home needs to be tightened up. Protecting and monitoring connected IoT devices from attack is not a huge problem in itself. Proprietary systems from the likes of Apple and Amazon make it harder, but it can be done. We are trying to ensure it does.
This year will see launches of IoT security devices that will be able to defend home networks from attack, but we also need to show consumers how to be smart. As that U.S. university found out, even smart light bulbs can be an entry point. Christian Slater terrifies us into checking our printers.
This is not a false warning. The internet does many wonderful things, but it is suppurating from weak systems and bad people.
As the IoT goes mainstream, it’s time to realize that we need to lock the doors and fasten down the windows of every dumb home and make them as smart as they claim to be. That is the job of the cybersecurity industry, with a little bit of help from the long-suffering consumer.
Paul Lipman is the CEO of London-based cybersecurity firm BullGuard.