Coronavirus is forcing millions of people around the world to adjust to working from home (WFH). Unfortunately, the Internet’s bad actors don’t need office premises to operate, and they’re exploiting our fears with all kinds of coronavirus-themed attacks.
This could have serious implications for companies with WFH staff. But could there also be a more lasting impact on the ISPs that serve them? Might they soon find themselves battling for a place on a list of service providers with approved levels of security?
In my last blog post, I looked at the way mass WFH exposes Wi-Fi connectivity flaws in some households. I considered how this extraordinary period might drive a long-term upward trend in homeworking and speculated on the changes that might bring to our future choices of broadband supplier. Perhaps the security implications will be even greater.
From malware to router hijack: The COVID-19 Cyber crisis
Most large companies already train staff in cybersecurity as part of their risk-mitigation strategy. But we’re inevitably going to be less vigilant when we’re fearful, working in unusual settings, and (in some cases) distracted by home schooling challenges. It’s no wonder there’s been a surge of phishing and other cyber-attacks.
There’s also evidence of home routers being hijacked, with broadband traffic re-routed to sites that steal sensitive data. For individual users, this could result in lost personal data and bank funds. For their employers, it could lead to infection or compromise of their entire infrastructure.
Security needs to be easy as well as effective
So, what’s all this got to with the broadband service providers who supply the connectivity to WFH? Up till now, ISPs have offered security as a “nice-to-have”, bundling anti-virus tools with subscriptions and offering basic parental controls. But these require the consumer to opt-in and download software. They require set up. Today, ISPs can and should go further to make cybersecurity stronger but also EASIER for consumers.
Solutions like Irdeto’s Trusted Home go beyond a basic firewall or anti-virus solution, offering full visibility of security across all connected devices in the home. Using Artificial Intelligence alongside accurate IoT Fingerprinting creates a picture of “normal” behavior per device, allowing for early warning of abnormal behavior that indicates an unfolding attack.
User friendly today – self-healing tomorrow
What’s most crucial in the average home is that these solutions offer user-friendly security features for households with limited technical skills. They need to identify threats automatically and provide step-by-step guidance on what to do about them. Only this level of service will move cyber-security on from being something householders (and their employers) fear but cannot influence, to something they are confident is under control.
But what about the “holy grail of home cyber-security” – self-healing networks that spot an issue, alert you to it, and offer you the solution at the touch of a button? This kind of end-to-end protection isn’t quite available yet for any connected home, but with solutions like Trusted Home it’s coming closer to reality.
Protection for the router, protection for the home
Even the best home management solution will struggle to protect a household where the router itself has been compromised. Broadband providers can avoid this eventuality by adding enhanced security to their Customer Premises Equipment (CPE). Router hijacking becomes much harder if your firmware updates are cryptographically code signed. Provisioning secure keys or other credentials into the CPE will also strengthen user authentication and prevent router spoofing. There will be more on both options in upcoming Irdeto blog posts.
Cybersecurity in the home – a new employee obligation?
As organizations count the cost of WFH-related cyber-breaches, how long will it be before workers are required to demonstrate secure home networks before they’re cleared to WFH? Might we soon find companies maintaining a list of approved ISPs for their staff?
I strongly believe that as the world returns to “normality” after the economic and social shock of COVID-19, offering better home security is going to become a major point of differentiation for broadband providers. They’d better be ready.
Ronald Peters | Product Manager, Trusted Home