Home IoT device adoption has grown by leaps and bounds. It’s a time of connected gadgets everywhere, and with them, comes security risks.

McKinsey predicts the total number of IoT-connected devices will be 43 billion by 2023, with the vast majority being consumer devices.

Most of these new devices connect via home routers (another IoT device), 5G mobile broadband and satellite internet. These are new frontiers for threat actors, which means a new set of security concerns if you are not prepared.

Routers Can Be the Biggest Security Issue

The more devices connected at home, the bigger the attack surface.

One of the biggest unsolved problems is the point of access — the router that IoT, mobile and wearable devices often connect to. For one, these devices aren’t designed well enough or configured by the users properly. However, the real problem is that routers can still be breached and lead to compromise on the devices they connect.

Ever since the Mirai botnet distributed denial of service in 2016, in which a single person weaponized 400,000 IoT devices (including home routers), IoT breaches based on these seemingly harmless gadgets have been a concern. Since then, the number and kinds of attacks involving IoT security breaches have grown each year.  

Security Improvements?

A great many groups, both industry and federal, have published guidelines, recommendations and laws to address the manufacturing, provision and use of the IoT for better security. These include the European Union Agency for Cybersecurity’s (ENISA’s) recommendations, European Telecommunications Standards Institute (ETSI) standards, a California law that requires any IoT device sold in the state to offer reasonable security features (and a similar Oregon law), the IoT Security Foundation’s Best Practice Guidelines and others.

The latest is the IoT Cybersecurity Improvement Act, passed by Congress and now officially a public law. The new law requires IoT security as defined by the National Institute of Standards and Technology and sets standards for government purchases of IoT infrastructure.

To date, these standards are not consistent and overlap. They still place…