IoT Security
07.Dec.2021
Cyber terrorists rock multi-billion-dollar industry, and the baby’s crib
Cybersecurity leaders take this profound threat to heart
The plethora of security risks that sit at the nexus of artificial intelligence (AI) and the connected technologies that keep a watchful eye on our little darlings raise grave concerns for cybersecurity leaders and parents alike – rightfully so given our increasing reliance on them.
The global smart baby monitor industry is predicted to hit nearly $2 billion USD, striking a seven-year compound annual growth rate (CAGR) of 8 percent, while the artificial intelligence market worldwide is anticipated to exceed $500 billion USD and a CAGR of almost 18 percent in just the next five years, according to industry experts, including the International Data Corporation’s (IDC) Worldwide Semiannual Artificial Intelligence Tracker.
The global smart baby monitor industry is predicted to hit nearly $2 billion USD, striking a seven-year compound annual growth rate (CAGR) of 8 percent, while the artificial intelligence market worldwide is anticipated to exceed $500 billion USD and a CAGR of almost 18 percent in just the next five years, according to industry experts, including the International Data Corporation’s (IDC) Worldwide Semiannual Artificial Intelligence Tracker.
Adversaries take their game to the crib.
“I love you!” said Fredi Taococo. It was not the comforting voice of Nanny soothing the 3-year-old child into a peaceful slumber. The unidentified voice was that of a hacker who remotely ripped into iBaby Labs’ tech (Fredi Taococo) and utilized its camera to scope out the home’s interior space. “I’m going to kidnap your baby,” taunted another voice, only this time to the Texas-based parents of a 4-month-old infant in a dreamy state just upstairs. Then there’s the couple residing in South Carolina, summoned to the bedroom where the lens of their baby monitor camera was snooping on their resting boy.
"I looked down and it was moving away from the bassinet and over to my bed, then stopped and panned quickly back over to where he was sleeping," the petrified mother told ABC News.
More recently, Cybersecurity & Infrastructure Security Agency (CISA) urged customers of Taiwan-based IoT vendor ThroughTek to fix a software protocol vulnerability that could allow hackers to intercept the transmission of sensitive audio and video data in millions of smart home devices.
"I looked down and it was moving away from the bassinet and over to my bed, then stopped and panned quickly back over to where he was sleeping," the petrified mother told ABC News.
More recently, Cybersecurity & Infrastructure Security Agency (CISA) urged customers of Taiwan-based IoT vendor ThroughTek to fix a software protocol vulnerability that could allow hackers to intercept the transmission of sensitive audio and video data in millions of smart home devices.
Private-sector and government cyber defense leaders take this imminent threat to heart, but they’re under enormous pressure.
Enterprise security leaders are putting greater emphasis on educating users to heighten their security awareness and ability to safely use these technologies.
Unfortunately, many manufacturers creating these devices aren’t tackling cybersecurity early enough, reactively implementing it in their products only after they hit the market and suffer devastating cyberattacks.
This isn’t the result of intentional negligence. CISOs are busting their chops to get it right, working diligently with R&D teams to create reliable and safe solutions. Yet, limited in-house resources and the shortage of cybersecurity talent across the industry exert an already overwhelming workload on the CISO, who is under constant pressure from regulatory authorities.
The supply-chain assaults that recently shuttered nine federal agencies and nearly 100 private companies compelled some of the nation’s top cybersecurity officials to weigh in at the Senate Homeland Security and Governmental Affairs Committee, proposing compliance and enforcement mechanisms to hold businesses more accountable for implementing appropriate cybersecurity measures. The proposed legislation and amendment to the National Defense Authorization Act would enforce fines and subpoena authority to mandate organizations to report security incidents.
If that’s not enough to diminish the morale of our security leaders, the Cellular Telecommunications and Internet Association (CTIA) holds devices, technicians, test laboratories, and repair service facilities across the wireless industry to even tighter standards as risks amplify in AI-integrated Internet-of-Things that are tethered to vulnerable 5G infrastructure.
Consequently, manufacturers must amp up cybersecurity testing of connected devices and obtain appropriate certifications if they expect consumers to take them seriously.
Unfortunately, many manufacturers creating these devices aren’t tackling cybersecurity early enough, reactively implementing it in their products only after they hit the market and suffer devastating cyberattacks.
This isn’t the result of intentional negligence. CISOs are busting their chops to get it right, working diligently with R&D teams to create reliable and safe solutions. Yet, limited in-house resources and the shortage of cybersecurity talent across the industry exert an already overwhelming workload on the CISO, who is under constant pressure from regulatory authorities.
The supply-chain assaults that recently shuttered nine federal agencies and nearly 100 private companies compelled some of the nation’s top cybersecurity officials to weigh in at the Senate Homeland Security and Governmental Affairs Committee, proposing compliance and enforcement mechanisms to hold businesses more accountable for implementing appropriate cybersecurity measures. The proposed legislation and amendment to the National Defense Authorization Act would enforce fines and subpoena authority to mandate organizations to report security incidents.
If that’s not enough to diminish the morale of our security leaders, the Cellular Telecommunications and Internet Association (CTIA) holds devices, technicians, test laboratories, and repair service facilities across the wireless industry to even tighter standards as risks amplify in AI-integrated Internet-of-Things that are tethered to vulnerable 5G infrastructure.
Consequently, manufacturers must amp up cybersecurity testing of connected devices and obtain appropriate certifications if they expect consumers to take them seriously.
The tactful CISO delivers relief to the crib.
Turning the tide on relentless cyber foes pervading the phenomenal growth we’re witnessing in this market requires tactful cybersecurity measures.
One of under 200 CTIA Certification Authorized Test Labs (CATLs) in the world and the only CATL for IoT cybersecurity testing in Asia, Onward Security implements many connected product security testing technologies, including its award-winning AI assessment laboratory, to help manufacturers nail certification requirements.
One of under 200 CTIA Certification Authorized Test Labs (CATLs) in the world and the only CATL for IoT cybersecurity testing in Asia, Onward Security implements many connected product security testing technologies, including its award-winning AI assessment laboratory, to help manufacturers nail certification requirements.
The Taiwan-based company is responsible for discovering more than 40 of the world's first published security vulnerabilities. Its CEO Morgan Hung asserts that this isn’t a victory achieved overnight and vendors shouldn’t expect to pass the first round of assessments. But he implores businesses and security leaders to not interpret this as failure. It’s a tedious process that may require many iterations, all of which are opportunities to discover and harden vulnerable exploit points.
“Obtaining CTIA certification is similar to a guarantee from regulatory and compliance authorities that consumers can trust our in-home baby monitors and related technology,” encourages Hung.
At the bare minimum, we can expect a reputable CTIA certified partner to break those daunting articles of regulations into digestible pieces and deliver insights on how to effectively comply with industry standards.
This would beef up the “Sec” in DevSecOps, enabling security managers to work cohesively with R&D teams, efficiently identify blind spots and minimize risk during product development.
And given the constantly evolving threat landscape, a solid partner will continue to execute on this in the market, ensuring safe integration of novel solutions across applications and endpoints, in the cloud and throughout the IoT ecosystem.
AI-integrated baby monitoring gadgets have proven to effectively detect dangerous situations, giving parents a sense of security and comfort knowing that they can remotely monitor the health and safety of their children.
To empower consumers in this way, the tactful CISO implements cybersecurity best practices at the inception of creating the technologies that are supposed to protect our precious cargo – not post-trauma, after we wake in the twilight wondering who is terrorizing our babies.
“Obtaining CTIA certification is similar to a guarantee from regulatory and compliance authorities that consumers can trust our in-home baby monitors and related technology,” encourages Hung.
At the bare minimum, we can expect a reputable CTIA certified partner to break those daunting articles of regulations into digestible pieces and deliver insights on how to effectively comply with industry standards.
This would beef up the “Sec” in DevSecOps, enabling security managers to work cohesively with R&D teams, efficiently identify blind spots and minimize risk during product development.
And given the constantly evolving threat landscape, a solid partner will continue to execute on this in the market, ensuring safe integration of novel solutions across applications and endpoints, in the cloud and throughout the IoT ecosystem.
AI-integrated baby monitoring gadgets have proven to effectively detect dangerous situations, giving parents a sense of security and comfort knowing that they can remotely monitor the health and safety of their children.
To empower consumers in this way, the tactful CISO implements cybersecurity best practices at the inception of creating the technologies that are supposed to protect our precious cargo – not post-trauma, after we wake in the twilight wondering who is terrorizing our babies.
