WFH, IoT and The Rising Enterprise Attack Surface

  • The smart home market is rapidly growing, and the work from home movement has proven to be even more of a catalyst.
  • Consumer IoT devices are fraught with vulnerabilities, and consumers don’t know how to protect their networks.
  • Consumer IoT devices on home networks place enterprise systems at risk, and enterprises must take necessary steps to protect themselves.

Before this year, the smart home market was already flying high, and then along came the novel coronavirus pandemic sending it soaring even higher. This is because as people spent more time in their homes, they wanted to enjoy their homes more. Part of that included fixing up their living spaces. That also included automating through the purchasing of automated and Internet-connected lighting, home thermostat controls, security, speakers and entertainment systems, and more. Unfortunately, many of these devices are riddled with security holes.

Many security holes, and most consumers are completely unaware of the problem.

But this is an enterprise security blog, you’re wondering. Why are we talking about the security of consumer technology?

Because there’s really no longer any clear line separating consumer networks from enterprise networks. Today, connected and staff workers, contractors, and partners are increasingly working from anywhere, and the devices they connect to their home networks place enterprise data at considerable risk.

While this was a concern before the novel coronavirus, the situation is magnified today now that millions of workers have left their offices and work from home. And these are, on balance, people who never worked at home for significant periods previously — so they gave little thought to the security of their home networks or devices connected to them. While many of these organizations will have some of their employees return — many employees will continue to work at home. In a study, research firm Global Workforce Analytics said that roughly 3.6% of the workforce currently works from home at least half of the time, but by the end of next year, that number will rise to fall between 25 and 30%.

Now, because of the highly connected smart home, attackers from anywhere possibly reach into anyone’s home to spy and steal data. And the reality is that most people are just not aware of what they need to do to protect their devices and home networks effectively.

Enterprises can try to protect their workers with endpoint security software and virtual private networks, but that’s not enough if home worker devices connected to their home networks are not secured and taken into consideration.

And its critical home device security is taken seriously. If an attacker can get onto a home network, then they have a chance to get onto the worker’s endpoint and then into corporate resources from there.

That’s why home IoT flaws can mean increased risk for enterprises. And enterprises need to figure a way to protect their systems from the home network insecurities. Interestingly, home networks today look much like enterprise LANs from years gone by with lots of devices and endpoints with more connecting all of the time, routers, hubs, network-attached storage, printers, IoT devices, and computers used for work.

Suppose these networks and devices are to be secured, and in turn, not used as launchpads onto enterprise networks. For this case, they will need robust security. They need to be assessed for vulnerabilities, systems and device activity monitored for anomalies, and protect devices from brute force attacks, and cleanse web traffic with web protection and parental controls, antimalware, and virtual patching.

It’s true customers want all of the benefits of connected homes and smart devices, but they are also increasingly wary of security implications — both for their privacy and security. And as they work from home, the stakes could not be any higher. This creates an enormous opportunity for service providers, network equipment makers, and others to tap into this growing market.

Consider a recent report from Fortune Business Insights, which found that the total smart home market will grow from about $80 billion in 2018 to nearly $622 billion by 2026. That’s a compound annual growth rate of almost 30 percent. The research firm Gartner estimates that there were 14.2 billion connected devices in 2019, but that number will likely reach 25 billion within the year 2021.

With that kind of growth, consumers can’t be expected to be aware of all of the threats and types of attacks and defenses they need to have in place. They need service providers they trust, armed with the best security technology available, to help them make the right decisions and keep their connected homes secure over the long term.