• United States




Our homes are not the impenetrable fortresses they once were

Dec 10, 20185 mins
Data and Information SecuritySmart HomeVoice Assistants

Today’s homes are loaded with connected devices. However, security practitioners are still trying to catch up with the growth of smart devices.

nest cam iq review on shelf
Credit: Nest

Our homes are intended to be a sanctuary, offering safety and privacy from the outside world. The massive influx of connected smart-home devices in recent years can make our homes an even more enjoyable oasis, but only if device manufacturers, security leaders and consumers recognize that modern homes are targeted by an unprecedented barrage of privacy and security threats, and respond accordingly.

Although much has been said and written about the Internet of Things (IoT) in recent years, the reality is that IoT security remains in its early days. Today’s homes are loaded with connected devices; by 2022, the global smart home market is anticipated to reach a value of more than US $53 billion, according to smart homes data from Statista. Between smart thermostats, smart kitchen appliances, smart vents, wireless home energy monitors, smart security systems – the list goes on – there is no shortage of innovative devices that can improve our experiences at home and our peace of mind when we are away. However, security practitioners are still trying to catch up with the staggering pace of growth in connected devices, a challenge complicated by minimal standardization and regulation on the IoT landscape.

These dynamics increasingly are cause for concern under our own roofs. With the holiday season in full swing, countless households will soon be adding new connected devices that might be needed, useful, or just plain fun (or perhaps all of those things), but that also come with risks that tend to be swept away faster than a mountain of crumbled giftwrapping paper. Virtually all of us have been guilty of becoming mesmerized by a new gadget to the point where the device’s security become an afterthought, but there are numerous questions that demand serious exploration, including what potential threats exist, how those threats will be mitigated, and with whom will the data generated by the device be shared. Ideally, many of these and other questions would be addressed by device manufacturers prior to the products hitting the market, but in reality, the competitive pressures faced by enterprises too often lead to shortcuts taken during products’ design phase, including skipping IoT audits that can identify needed security fixes in software and hardware, which become much more costly to deal with if detected once the product is close to launch or already in the marketplace. 

Smart devices can pose threats 

The well-publicized Mirai botnet attack provided a wakeup call, but two years later, the smart-home security outlook remains rife with challenges, particularly considering that devices can pose serious threats to our physical security. Smart home devices routinely draw upon information that is sensitive to our security. For example, smart vacuums map areas that can create floor plans, while smart thermostats utilize the patterns of people being away from home and/or use geolocation to control heat when occupants are approaching the house. In a more traditional security sense, smart locks can be hacked and smart alarms can be disabled.

Even in cases where consumers’ security is not in peril, their privacy may well be. In an era when privacy is rightfully commanding more attention from the public and is the subject of ramped-up regulations from lawmakers, smart home cameras and microphones can be enabled for unauthorized surveillance. The thought of baby monitors potentially being compromised to leak video and sound, usually through vulnerable communication protocols, is a chilling prospect, yet one that cannot be discounted. The good news is consumers may be wising up to the risks these devices introduce. In a PwC survey earlier this year, the majority of respondents indicated they understand that smart home devices and other IoT products threaten their personal privacy. The question remains, will they take the next step and adjust their purchasing decisions accordingly?

Despite these many concerns, momentum behind smart homes continues to grow, and understandably so. Beyond smart home devices’ tech-forward cachet, there are numerous practical benefits to connected devices in the home, and the devices increase in sophistication each year. They can enable cost savings from being more energy-efficient, can offer greater convenience and functionality for those dealing with physical disabilities, and can provide an additional layer of security through more advanced monitoring tools. Home owners can even use their smartphones to speak with visitors they might not know through smart doorbell systems.

Clearly there is much to gain in deploying smart home devices and, on a practical level, they are only going to continue to proliferate in the coming years. This reality calls for shared responsibility among device manufacturers, security practitioners and consumers to make sure these devices can be incorporated to our homes in a responsible manner. Manufacturers must avoid the temptation to configure products without security and privacy being prioritized, security and governance professionals must provide the due diligence to assure the devices do not pose hidden risks, and consumers must take the extra step of researching products from a privacy and security standpoint before allowing them into their homes. Modern technology presents so many new and compelling opportunities for all of us, but one thing that should never change is having peace of mind that we are secure in our homes.


Experienced leader and board member, international authority in cybersecurity, with a proven track record in developing and managing strategy, programs and initiatives. Innovative thinker, with several international patents to his name, proven successful communicator and consensus builder across borders and cultures.

Chris is Director and Past Chair of the Board of ISACA, an international non-for-profit association with more than 200 Chapters, serving more than 160,000 IT, Cybersecurity, Information Security, Audit, Risk and Compliance professionals, in 180 countries. He has served ISACA as Chair of the Board for 2 consecutive terms (2015-2016 and 2016-2017) and as director of the BoD for 9 terms (2010-2014 and 2015-present).

Chris is also a Board Member at INTRALOT a leading gaming solutions supplier and operator active in 42 regulated jurisdictions around the world. Prior to his role he has served as Group CEO, Group Chief Services and Delivery Officer, Group Director of Technology Operations and Group Director of Information Security.

He has also served as a member of the Permanent Stakeholders Group (PSG) of the European Network and Information Security Agency (ENISA) from 2012 to 2015. Chris has been working in the area of information technology for 20 years, he holds 3 patents, 6 awards and has authored more than 150 publications.

He holds a degree in Electrical and Computer Engineering and a Ph.D. in Information Security.