One of the biggest cybersecurity challenges that has emerged in the last two years in the wake of the COVID-19 pandemic is the number of people regularly working from home. Most of those individuals are relying on consumer-grade networking gear to access a wide range of corporate applications. The issue that gets overlooked is the device being used to access those applications is only one of many connected to that home network. In fact, Xfinity reports that on average there are now 15 connected devices per home, a 25 percent increase from 2020. In the wake of the holidays that number has most assuredly increased.
The challenge that results from a cybersecurity perspective is two-fold. The first more obvious issue is how often the home network is used to access corporate applications. More than three quarters of the customers (78 percent) surveyed by Comcast admit to risky online behaviors such as reusing or sharing passwords or skipping software updates. More troubling still, just under a third (32 percent) said they aren’t sure they’d ever know if they were a victim of a cyberattack.
IoT devices are a hot target for cybercrime
The second concern is all the Internet of Things (IoT) devices connected to that home network. Cybercriminals are now targeting these devices in the hopes that malware will move laterally across a home network before being deposited in an IT environment that is being remotely accessed. Comcast reports that on average, it now blocks 23 unique threats per home each month – with the total number of attacks at least three-to-four times that number because many attacks are repeated.
Home network ransomware threats remain high
Most business and IT leaders are at least aware of the potential cybersecurity threat home networks represent but few are entirely sure how best to address the issue. Far too many are still dependent on virtual private networks (VPNs) that have known cybersecurity flaws. Others are simply hoping an Internet Service Provider (ISP) will protect them.
Of course, the level of cybersecurity provided by ISPs varies widely around the globe so that’s not going to always work out well. If an issue does arise, the expectation is that an internal IT team will be able to quickly contain a breach. The trouble is malware can spread widely long before being activated so that odds a ransomware attack might be enabled via a home network are fairly high.
MSPs have an opportunity to expand their reach
All these connected devices in the home create a clear opportunity for managed service providers (MSPs) to expand the reach and scope of the cybersecurity services they provide. Whether it’s deploying networking equipment that segments corporate network traffic or a full-blown secure access service edge (SASE) platform, there is no end of opportunities for services that secure remote access. The challenge is packaging those services in a way that makes it simpler for an organization to consume them on behalf of employees working from home rather than a traditional office.
There is, of course, no better time to have that conversation with a potential customer than right after the holidays. Most business and IT leaders have in the last few weeks connected some type of new device to their home network, without giving it much thought from a cybersecurity perspective – that is until their MSP makes it a point to remind them.
Photo: Andrey Suslov / Shutterstock