SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

Aussies too lax about IoT security - McAfee

New McAfee research has revealed almost a third (32%) of Aussies take no steps towards securing their connected devices, even if they think they might be listening to their conversations. 

The research shows that Aussie consumers are at a loss when it comes to securing the increasing number of connected devices in their homes and are often opting to take no action at all.

Over a quarter of Aussies (27%) never change the default password on their Wi-Fi router and almost a fifth (18%) wait upward of a month to update the software on their devices.

Despite this, 30% of people admitted they would have no idea who to turn to if one of those devices was hacked.

When it comes to parents, over a quarter (30%) are failing to install security on any of their children's devices.

This could be explained by the fact that almost 40% of Aussie parents surveyed think their children could look after their own cyber safety at the age of 10 or under, with the mean age being just 12 years old.

When it comes to securing WiFi routers, a lack of understanding appears to be the reason why a quarter of respondents don't do anything to protect their WiFi router.

Close to half (41%) of Aussies don't understand the difference between protecting their home WiFi and protecting the devices connected to it, with half (50%) of respondents believing that their home WiFi is protected if the devices connected to it have security software installed.

“From connected fridges to WiFi enabled doorbells, IoT devices are making their way into homes at an increasing rate, with Gartner predicting as many as 20 billion such devices will exist by 2020.

“Unfortunately, security is not always prioritised by IoT manufacturers, and it's up to consumers to ensure their connected home is protected,” says McAfee APAC CTO Ian Yip. 

“By taking a casual approach to securing our home WiFi networks, Aussies are effectively giving cybercriminals a key to the castle by allowing them easier access to a large number of data-rich devices through one point of entry, their router.” 

Not only are consumers putting their own private and financial information at risk, but the connected nature of IoT devices can be leveraged for more sinister and sophisticated attacks with widespread effects.

A prime example is the 2016 Mirai botnet attack that used 2.5 million compromised devices to take down part of the internet on the East Coast of the United States.  

Other key findings from the McAfee research include: 

  • Close to half (40%) of Aussies said that they either don't worry about security on their devices or believe whatever security software comes with the device will be enough. 
  • Almost a fifth (18%) of parents surveyed think having security installed on their kids' devices is a waste of money, 44% have never thought about, 32% don't think they need it. 
  • Almost a fifth (19%) of Aussies say they have had their connected devices containing personal information compromised by a cyber-attack 

Simple tips to secure your increasingly connected home:

There are a few simple things people can do to prevent IoT attacks and still enjoy their smart homes. 

  • Check a device's security track record: Before buying any connected device, do your research on the brand and read reviews on a product's security (or lack of). A quick web search will provide you with the research you need to know about the device's security standards. Going with a notable brand that has a proven security track record is often the best option. 
  • Change default settings, use strong passwords, and enable two-factor authentication: Default and weak passwords are the biggest threat to the security of IoT devices as hackers know these passwords and use them to access the data on your devices. Go into the product settings (general and advanced) and create a unique, strong password with long phrases, special characters, mixed cases, and digits to make it difficult for cybercriminals to guess. If the thought of remembering several passphrases daunts you, go for a password manager. While a strong and unique password is a great place to start, enabling two-factor authentication on your devices and accounts will mean you'll need to verify your identity with something that you (and only you) have access to, most commonly a mobile device, which ensures a higher level of security. 
  • Keep your devices up to date: Within each update, providers often place a patch that will you protect your device from recently discovered security bugs, vulnerabilities and threats. If you're in the common habit if ignoring update notifications, turning on auto-update will ensure you apply these patches in real time and have maximum protection.
  • Secure devices with a strong network: Securing your Wi-Fi network by changing default settings, creating a strong password and applying other security protocols such as WPA2 will help create an extra layer of security for a connected home.
Follow us on: