Last week, we published an IoT security regulations update, which shows that governments around the world are wrestling with what to do about rogue devices in homes. This is just one indicator that we're becoming more aware of a snowballing problem: increased connectivity leads to increased IoT security risk. Here are four more wince-worthy consumer cybersecurity trends that just may inform your next career move, device purchases, and online habits.
Trend 1: Cybersecurity talent shortage
DarkReading reported that between 2017 and 2018, U.S. cybersecurity job postings on Indeed.com increased by 7%— while the number of clicks on those listing dropped by 1.3%. (Ireland's postings increased by 18%, and India's a whopping 39%.)
How many jobs are we talking? Last year, CNBC cited 350,000 open positions in the U.S. and that, globally, 3.5 million cybersecurity jobs may go unfilled by 2021. As a recent Wall Street Journal article put it, "Companies like Palo Alto Networks and IBM scramble to hire hundreds of thousands of corporate hackers to defend networks and data."
The bright side: Also in the article, Wall Street Journal reports that these companies are implementing training programs (no prior experience required) and university partnerships. Offering six-figure salaries, cybersecurity roles just may be an example counterbalance to the negative technological effects on the job market, such as automation displacement.
Trend 2: Digital threats get physical
We're going to see a bridge between digital and physical attackers. Here's one that's close to home: "Smart locks" are making it easier for people to rent their apartments or enjoy the convenience of never carrying a key. But, with this convenience comes a high price. A hacker could take control of the device by compromising the device directly, the device's user account, or the device's network— and walk right in. (See:
Taplock: This $100 Smart Lock Can Be Hacked open in 2 Seconds.)
Let's face it, smart home adoption is threat adoption.
Symantec reported a 600% increase in IoT attacks in 2017, a level that held steady in 2018. Thousands of cheap connected devices are entering residences, with the smart home owning an
average of 10 gadgets. Most of the single-purpose devices have no built-in security or ability to be upgraded. On the other hand, higher-end devices from makers such as Nest, Amazon, and Apple have gotten the message and have equipped their devices with top notch security; however, we've seen weak spots in their hosted services account security
in recent headlines.
The bright side: The tech sector is responding.
Minim is tackling smart home security head-on with comprehensive network-level security. Other startups and industry consortiums (e.g.,
Trusted IoT Alliance,
ETSI,
PSA Certification by ARM) are working on securing the devices, themselves.
Trend 3: More credential dumps
Hackers are going to hack. From hotel reservation systems to social media accounts and restaurant reservations, hackers are stealing account credentials and dumping them on the dark web. There's even a website dedicated to tracking these breaches,
haveibeenpwned.com, which now reports over 7.8 billion of hacked accounts. This is going to continue.
The bright side: Consumers are getting some help in password management from companies like
LastPass and
1Password— as well as authentication from tools like
Google Authenticator and
Authy. These services and tools work to help consumers protect their digital footprints by using secure, unique passwords and multi-factor authentication.
Trend 4: Bye bye, captive portal
Surprise! The fourth trend isn't so wince-worthy, but rather kind of cool. It's a prediction from Minim Security Engineer Sam Stelfox on the
captive portal:
If you've used public WiFi in coffee shops, airports, libraries, restaurants, or hotels, you'll be familiar with getting stopped by a webpage asking you to agree to terms and conditions, log in, and/or pay before you're granted internet access. These are called "captive portals," and they actually abuse an old network security weakness by effectively pretending to be a server to which you're connecting. The rise of encrypted web and new protocols that don't have an unencrypted variant (such as the new HTTP/3 standard, which will soon be serving you websites) will have a noticeable impact on the captive portal: The encrypted web is going to abolish this impersonation vulnerability, so we can say farewell to captive portals.
If you're interested about consumer cybersecurity, stay in touch with Minim on
Twitter and
Facebook. Have a trend I missed? Tweet me
@nicolechirps.
Are you a cybersecurity engineer? Join us.
