Within CEDIA as an industry, we have discussed cybersecurity for years, but there are still plenty of opportunities to improve smart home security. With so little residential integrator discussion, education, or products addressing cybersecurity, why is 2020 the time to take security seriously? Let's explore why now, more than ever, is the time to invest in your client's system cybersecurity.
Anything that can be hacked will be hacked
Predictions of continued connected device growth remain bullish, and there is no slowing in sight. Over the past few years, the prediction that "Anything that can be hacked will be hacked" has been a common theme as we continue seeing the security implications of more and more connected devices and data. We also see more devices that bridge our connected and physical world. As we add nodes to our networks, we increase our surface area for exploitation — which increases the risk of attack and creates additional opportunities for cybercriminals. For example, according to Symantec's 2019 Internet Security Threat Report, routers and connected cameras were the most infected IoT devices and accounted for 75 and 15 percent of attacks, respectively.
However, the devices themselves are not the only concern. A 2018 forecast from International Data Corporation (IDC) estimated that there will be 41.6 billion connected IoT devices, or "things," generating 79.4 zettabytes (ZB) of data by 2025. The data that the devices generate also amount to large repositories of information that have privacy and financial implications if unauthorized users gain access. Did you know that the Yahoo breaches of 2013 and 2014 exposed information such as emails, phone numbers, birthdates, and passwords of 3.5 billion Yahoo user accounts and resulted in a $117 million settlement? Furthermore, last year’s Facebook data breach leaked information of 580 million users such as names, passwords, likes, and comments. Cybersecurity Ventures recently estimated cybercrime will cost the world $6 trillion annually by 2021, twice the amount in 2015. What could leaked information from your business or your clients be worth on the black market?
The stakes are huge
CEDIA residential integrators work with public figures, celebrities, and Fortune 1000 C-level executives. High profile individuals often have higher security requirements surrounding their businesses as well as greater concerns of personal privacy. They are also more likely to be the target of cyberattacks. Cybercriminals, organized crime groups, hacktivists, and cyber mercenaries are more commonly targeting specific individuals or organizations in search of a better payout.
So, with the massive size and growth of device and data breaches, can your business afford to be on the target end of an attack ending in a large settlement? Unfortunately, cybersecurity insurance is not the only answer. It is imperative to take the time to implement better preventative measures such as company cybersecurity policies and investments in training for your staff and customers.
Significant improvements in your cybersecurity practices do not have to be a heavy lift. In 2020 CEDIA is adding training around cybersecurity at Integrated Systems Eupope, CEDIA Expo, and the 2020 CEDIA Tech Summits. CEDIA also released a cybersecurity white paper "Securing the Residential Network" in 2019 and is launching online training so your technicians can get the education they need and strengthen your business. The most important thing you can do to minimize your cybersecurity risk is to commit, invest in education, make small enhancements in key areas, and iterate!