1.21.22 – CEPro
The hacking threat to the smart home will only grow. It’s time to stop ignoring cybersecurity and use it as a differentiator of your professionalism.
There may not be a smart-home topic that integrators want to avoid more than “cybersecurity,” but the time for ignoring it is over.
According to an exclusive Cybersecurity Study conducted by CE Pro back in 2020, only 27% of integrators reported that they offer any level of cybersecurity solution for their clients beyond what it is embedded in the hardware supplied by the network manufacturer. Indeed, a great majority of integrators (79%) believe the built-in protection from their hardware suppliers is sufficient protection for their clients. Meanwhile, the 2022 CE Pro State of the Industry Study in this issue reports that integrators predict just a 2.8% growth in the category this year.
But despite this lackluster enthusiasm for the category, the problem is not going to wane. According to Parks Associates, 79% of broadband households in the U.S. are concerned about their data security and privacy. The average number of IoT devices per home is now 37 and there are expected to be 50 billion IoT devices by 2030, according to data cited recently by the British government, which recently announced a bill that would outlaw the use of basic passwords and heavily fine manufacturers and integrators that do not comply.
Additionally, the Work from Home (WFH) trend introduced an even greater threat for malware and other viruses as employees started using their inadequately protected home networks. A recent study from HP determined global cyberattacks have risen 238% since the onset of the pandemic. Ransomware situations seem to be part of the daily news cycle.
So with all this evidence, what is the hesitation among integrators about offering cybersecurity? The crux of the problem could be a similar issue that homebuilders faced regarding security systems for decades. For many years, builders did not want to offer security systems for their newly constructed homes because they were worried it would plant a seed of thought in the minds of prospective buyers that the neighborhood was “unsafe.” Similarly, smart home integrators might be concerned that by mentioning cybersecurity they are introducing the notion to the client that the system is susceptible to being hacked.
But that train has left the station, so to speak. The truth is that smart home systems can be hacked, but integrators can bring their clients more peace of mind with a proper cybersecurity solution. Also, a comprehensive cybersecurity offering further separates custom integrators from DIY systems and less-professional trunk-slammers.
Lastly, there is a potential recurring monthly revenue (RMR) stream from cybersecurity. According to the aforementioned CE Pro Cybersecurity Study, integrators believe clients will pay between $35 and $150 per month to protect their data.
So What Should Integrators Do?
There are basic steps integrators can take to become cybersecurity experts, including using the Consumer Technology Association’s Connected Home Security Checklist Tool, which is based on the association’s Device Security Best Practices white paper.
The tool is mobile-friendly and ideal for job sites, offering installers a quick reference of industry practices for topics including passwords, networks, modems and routers, VPNs and Z-Wave/ZigBee. To ensure consumers are well informed about the work completed in their homes by professionals, the tool also emails customers a comprehensive assessment of the security steps performed, as well as recommendations.
The Checklist Tool, according to CTA, delivers numerous benefits by:
- Outlining existing best solutions to current and forthcoming smart home security challenges;
- Providing customers with peace of mind through enhanced protection against smart home/connected home related threats;
- Comprehensively cataloging the installed connected systems in a home;
- Reducing liability to professional installers by providing an industry approved guide; and
- Adding value to the services of CTA member professional installers, setting them apart in the marketplace by using documented recommended practices or processes for selecting products, systems, installation and maintenance.
If integrators want to take their cybersecurity offering to the next level, there are several certifications that can be earned, per the U.S. Cybersecurity and Infrastructure Security Agency’s Cybersecurity Workforce Training Guide. Some of these certifications require prerequisites, so explore each offering for more information.
Among the choices are:
Associate of (ISC)2–The certification from the International Information System Security Certification Consortium (ISC)2 is compatible for O&M NICE categories and covers:
- Security and risk management
- Asset security Security engineering
- Communications and network security
- Identity and access management
- Security Assessment and Testing
- Security Operations Software Development
Security Certificate Authorized Professional (CAP)— This certificate, also from (ISC)2, measures skills and proficiency in:
- Authorizing and maintaining information systems
- Assessing risk
- Establishing security requirements
- Documentation