The smart home market in Italy is experiencing a moment of strong growth. More and more consumers are choosing to make their homes smart, first and foremost because it allows them to monitor consumption and implement solutions useful for energy efficiency in the home, as well as making the home a safer, healthier, and more comfortable place.
According to a recent study by the Politecnico di Milano [1] , in 2022 the Smart Home market has grown significantly in Italy, marking a +18% compared to 2021 and reaching 770 million euros. This is a higher growth rate than in other European countries, such as Spain (+10%, 530 million euros), the United Kingdom (+4.1%, 4 billion euros), France (+2%, 1.3 billion euros) or Germany, where the market is even declining (-5%, 3.7 billion euros).
However, this positive picture for the industry sees some major challenges to overcome, first and foremost that related to cybersecurity, an increasingly sensitive issue for companies and end-users. Cybersecurity is a key aspect in smart homes not only for protecting the privacy and peace of mind of those who live in them, but also for improving the performance of the devices themselves. Indeed, it also touches on aspects such as the design, implementation, regulation and maintenance of devices and systems.
Speaking of maintenance, today a digital check-up is considered a necessary practice for smart homes to ensure the security of their data, enabling them to identify possible cyber risks, develop plans to address related threats, and improve their infrastructure while overcoming possible technical management difficulties.
To support users in this regard, startups have also sprung up in Italy that specialize in assisting consumers in choosing and implementing their smart home, while manufacturers provide ongoing training sessions for their partners, starting with installers. The goal is to implement an integrated ecosystem-home that is increasingly intuitive, easy to manage and capable of creating a smart home that knows the user and their habits, but at the same time preserves the health of its IT infrastructure and does not leak sensitive data to the outside world.
A problem, the latter, that is real and widespread. To cite one figure, in the first three months of 2023 alone, there was an increase in cyber-attacks against connected home devices that saw Italy ranked third in the world and first in Europe, with a total of 174,608,112 cases [2] . Globally, the increase in malware attacks on IoT was +400% in 2023, with more than 350 attack payloads [3].
In general, the major risks associated with IoT technologies within the smart home relate to the lack of universal security standards and protocols and the vulnerability of smart devices, which are exposed to hacking, malware, phishing, social engineering-related[4] and denial of service (DoS) attacks [5] .
Recommended by LinkedIn
On the first point, an important step was taken in September 2022, when the European Commission released the proposed Cyber Resilience Act (CRA), a regulation that introduces new guidelines for manufacturers and sellers of digital products to ensure consumer cybersecurity. It is scheduled to take effect by 2024. The aim is to implement greater regulation and oversight by authorities, increasing transparency of security properties and making it easier for the end user to use products with digital elements.
Regarding the second point, given the interconnectedness and interdependence of many smart devices within the home, the breach of one of them can affect the entire ecosystem-home. Therefore, it is critical to ensure interoperability and compatibility of platforms, as well as to adopt common guidelines for cybersecurity.
As is the case in corporate organizations, it is advisable to adopt a cyber resilient approach for one's home devices as well, implementing a series of actions to protect security and privacy. Indeed, combating cyber-attacks comes through the application of best practices and high cyber security standards in integrated systems.
First and foremost, a good defense weapon is to periodically update the software on one's devices, including the mobile apps that go with the IoT device, as well as enabling settings to turn on automatic software updates so that one always has the latest security patches, which are useful in fixing the vulnerability of the devices.
Secure management of the smart home is also due to adequate protection of the Wi-fi network, so it is recommended to change the default password, after the first use following purchase and installation, using a complex key. It is necessary to set articulated passwords, formed by alpha-numeric codes and/or phrases related to one's daily life, to be changed periodically and unique, referring to each account of each device. In this way, if one of the profiles is hacked, the device can be used through the other linked accounts.
A next step, to increase the effectiveness of secrecy, is to enable multi-factor authentication, which involves entering a unique two-factor system code to verify one's identity to prevent hackers from using credential stuffing tactics to gain access to the network or account.
There is also a need for proper mapping of all home devices connected to the network, in terms of: settings, credentials, firmware versions and recent patches, to assess what security measures to implement and identify devices that need to be replaced or upgraded. It is of paramount importance that private organizations constantly dialogue with institutions so that relevant legislation is always aligned with market innovations and thus effective in ensuring the security of homes and those who live in them.
Cybersecurity within the home remains a complex and multifaceted issue that requires continuous updating of expertise within IoT device companies to safeguard today's increasingly demanding and risk-aware users of the network. For this reason, the invitation remains to rely on a team of experienced certified professionals for the installation and maintenance of your system, to ensure its maximum efficiency and security, as well as setting it to its full potential.
Article written by Vincenzo Girlando, Chief Technology Officer of Nice
Notes:
[1] The Internet of Things 2023 Observatory of the School of Management of the Politecnico di Milano.
[2] Data from Trend Micro's "Stepping ahead of risk" report reported by Anitec-Assinform https://www.anitec-assinform.it/i-nostri-associati/aggiornamenti/comunicati/h1-2023-italia-terza-al-mondo-e-prima-in-europa-per-attacchi-malware.kl
[3] Zscaler ThreatLabz's 2023 report on direct threats to enterprise IoT and OT resources.
[4] Social engineering represents a type of cyber attack that relies on psychological manipulation of victims to obtain confidential information or install malware.
[5] A denial-of-service (DoS) attack is a cyber attack in which the attacker attempts to prevent users from accessing the network or computer resources.
