Who is responsible for cybersecurity in the home?
According to research from CUJO AI Labs 67% of home computer networks are affected by at least one cybersecurity threat every month. Image: Pixabay/Giovanni Gargiulo
Listen to the article
- Home networks are becoming more difficult to protect every year as consumers use more connected devices, many of which are unable to run cybersecurity software.
- Protecting the entire network from this variety of threats requires an extensive combination of security measures, which can be challenging for non-technical consumers.
- Device manufacturers have limited access to consumer networks and consumers themselves, but internet service providers (ISPs) can improve home network security at scale.
How many home computer networks are affected by at least one cybersecurity threat every month? According to research from CUJO AI Labs, it’s 67%. The safety of these networks is essential to the health and resilience of the internet, but who should be doing the heavy lifting to protect them?
The cybersecurity risks to home networks
Home networks are becoming more difficult to protect every year as consumers use more connected devices, many of which are unable to run cybersecurity software.
Since every device has a different attack surface and vulnerabilities, the growing diversity of consumer devices is changing the security landscape. While the Internet of Things (IoT) devices are most often targeted by automated attacks from malicious IP addresses, devices used for browsing and apps are more often affected by disreputable websites.
IP reputation threats are connections to and from IP addresses that have a low reputation. These are the most common threats to unattended devices, such as IoT devices, which are mostly automated and do not require user interaction.
Web reputation threats encompass various malicious URLs that can be accessed by users, their email clients or other software. These types of threats are the most prevalent for attended devices, such as smartphones, laptops and desktop computers, which are actively used by their owners.
As a whole, threats to home networks range from targetted social engineering (phishing), malware, botnets and denial-of-service (DoS) attacks to automated attacks that scan networks for valuable, vulnerable devices and hit their weak points.
The challenge of protecting a home network
Protecting the entire network from this variety of threats requires an extensive combination of security measures. First and foremost, devices that can run anti-malware software should definitely do so but no IoT devices are powerful enough to run this type of software (owing to the vendors’ economic incentives, essentially). Our data shows that such gadgets currently make up more than 33% of all connected devices.
New and more diverse threats, especially short-lived phishing websites, can be stopped with artificial intelligence (AI) solutions; while single-purpose devices have more predictable behaviours and can be protected with rules-based mechanisms and firewalls. Of course, device owners also have a responsibility to keep up with basic network security measures, such as not exposing devices to the internet needlessly.
A properly secured home network should have all these security measures in place, which can be a real challenge for non-technical people.
Consumers struggle to secure their networks
While in a good position to secure their networks, most consumers lack the technical know-how to protect every device or set up network-wide security solutions. A survey from late 2021 suggests that 48% of people in the US, as well as 57% in Italy, 60% in Germany, and more than 67% in France found protecting their home network challenging.
Furthermore, 21-36% of people in those countries were unaware they needed to do something to protect their home networks.
This is the critical problem of offloading security onto consumers – they simply do not have the competence required to deploy, run, and maintain what amounts to an IT security department for their home network. This is evident when we look at how many attacks target vulnerable devices: network-attached storage, DVR devices and IP cameras are affected by orders of magnitude more threats, as consumers struggle to secure them properly.
Device manufacturers have limited capabilities
Some devices sabotage the security of their owners’ networks. For example, some brands of DVR devices and IP cameras change network settings to simplify their setup and function properly, but this can often expose them to malicious actors. Others are released with long outdated and unsupported versions of operating systems without any means of updating them. In these cases, the manufacturers are clearly responsible and the regulatory environments in the EU, UK, and US are changing to reflect that.
Recent moves by major companies towards unified IoT device standards may also result in safer devices. Nevertheless, manufacturers cannot in reality set out to protect the entire home network; their responsibility lies in properly securing their devices.
Can internet service providers seize the opportunity?
Internet service providers (ISPs) are in a good spot to improve home network security at scale. For many, they are the caretakers of the networks and are in the perfect position to shield both home and mobile users from major threat vectors.
ISPs also have the trust and relationship with their users to offer cybersecurity as a core element of their services. When asked who is responsible for preventing cybercrime and cyberattacks, consumers in the US, Germany, Italy and France said that network and internet service providers were the most responsible.
Nevertheless, internet service providers have limited abilities to do anything without the help of highly specialized, multi-layered technologies, as threat vectors evolve and target different attack surfaces. These solutions can prevent a lot of cybersecurity threats, including novel phishing attacks, which affect 56% of households every month, as well as stop billions of threats across their vast networks.
At the moment, network service providers see security as an added service, something the consumers should want. This approach still puts the responsibility on the consumer, when many people remain unaware they need to do anything to improve their home network security, especially for the growing number of screenless, unattended IoT devices that have an increased footprint in consumer homes.
Network service providers have an opportunity to embrace cybersecurity and start seeing it as a core part of their business and services. Unlike device manufacturers who have limited access to consumer networks and consumers themselves, service providers have the technical capabilities, the gatekeeper position and customer trust to be the caretakers of their networks. The major shift in the thinking that does need to happen is seeing cybersecurity not as an additional service, but as an essential part of the connected experience.
IoT vendors can take the security of their devices a long way and while the technical aspects of securing the entire home network lie with the ISP, homeowners still need to use their networks responsibly.
Don't miss any update on this topic
Create a free account and access your personalized content collection with our latest publications and analyses.
License and Republishing
World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.
The views expressed in this article are those of the author alone and not the World Economic Forum.
Stay up to date:
Tech and Innovation
Related topics:
The Agenda Weekly
A weekly update of the most important issues driving the global agenda
You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.
More on CybersecuritySee all
Filipe Beato and Jamie Saunders
November 21, 2024