Security Operations Centers Can Protect Consumers, Too
by Igor Rabinovich
Almost every enterprise is using either a managed security services provider or has a security operations center onsite to protect their organization.
Why can’t consumers have the same thing for their homes?
You probably have several devices connected to your house’s WiFi – IoT devices, like your fitness tracker or your TV. If you live in a Smart Home, your water heater, home appliances, light bulbs, alarm system, and many other devices are all wirelessly connected to your router.
Even as little as one single connected device makes you – and we’re not just flattering you here – vulnerable to cyberthreats, just like any enterprise. Even your ISP router generally comes with at least two security vulnerabilities – this number come from a recent analysis of thousands of our clients – such as using the default wireless access point name and not disabling the Wi-Fi protected setup (WPS).
Many an IoT device has default credentials, or none at all, and no mechanism for firmware updates, neither automatic nor manual. This lets hackers infect IoT devices without their owners’ knowledge — no antivirus on your water heater, is there?– turning them into zombies, a fitting metaphor for an entity unaware that it’s infected with… something that causes it to chase uninfected, unprotected entities. An army of zombies is called a murder – just like crows. Actually, we’re just kidding about that one; it’s called a botnet, and it can be sic’d on servers, sites, and networks to cause DDoS (distributed denial of service) attacks, which can be used to bring down everything from individual websites to public infrastructure, such as water systems.
Even with no IoT devices, you’re at risk. In 2018, an attack that was in motion from at least 2016, infected a staggering half-million home- and small business-routers from manufacturers like Linksys, MikroTik, Netgear, and TP-Link. The malware, named VPNFilter, could eavesdrop on the users’ communications, launch attacks, and remotely destroy the routers, according to Cisco researchers. Having seized a key server used in the attack, the FBI claimed the attack was orchestrated by Russian government hacker group Fancy Bear.
How do enterprises handle their cybersecurity needs? With MSSPs and SOCs: A security operations center (SOC) is a unit within an organization, and a managed security service provider (MSSP) is an outsourced service provider, both in charge of cybersecurity.
Their job description may include erecting cybersecurity infrastructure — virtual private networks (VPN), firewall, antivirus, spam, and scam filters, etc.), applying security updates, monitoring threats, alerting or responding when attacks occur, and performing penetration testing, which is finding the vulnerabilities before the bad guys do.
While a SOC is a limb of its organization, it will often receive third-party threat intelligence sources. That’s because a SOC doesn’t always have full access to all its organization’s systems, which are sometimes controlled and operated by a third party; doesn’t have the resources to keep up to date on the endless flow of new threats and attacks; and naturally suffers from alert fatigue – which means for every 100 alerts, maybe 10 or 1 are legitimate.
Your IoT devices and smart home are a blazing bullseye for hackers. Whether you like it or not, you have cybersecurity needs. It’s time to find yourself the consumer equivalent of an MSSP or SOC to make sure you are protected – or being used as a tool for nefarious attacks.
Igor Rabinovich is the CEO and founder of Akita.