Two SoftBank Corp. 9984 -1.75% -backed companies are teaming up to thwart hackers pummeling some of the cyberworld’s most vulnerable targets: household appliances.
Protecting such mundane internet-connected devices is the purpose of a partnership announced Wednesday between U.K.-based Arm, the chip-design technology company that SoftBank bought for $32 billion in 2016, and Boston-based cybersecurity firm Cybereason, which SoftBank has invested in since 2015.
Unlike PCs or smartphones, the connected “things” inside factories, homes and cities aren’t generally protected with antivirus software and users often aren’t asked to update logins and passwords. That makes access to these devices—which now number more than 10 billion globally, according to market researcher Gartner Inc. —easier for hackers seeking to cloak malware, mask data thefts or gain remote control.
Cybereason said it would provide cybersecurity tools that use big-data algorithms to canvass all the devices on a network in real time for suspicious behavior—such as a thermostat sending communications to a computer it has never interacted with before. Arm, whose chips are in nearly all smartphones, will offer services to manage internet-connected devices and their data.
“If you look, you will find vulnerability in every device out there,” said Lior Div, CEO of Cybereason and a former cyberoperative at Unit 8200, Israel’s equivalent of the U.S. National Security Agency. “Hackers will use whatever they can.”
The two companies expect the offerings to be available in products by the first half of next year and aim to monitor 1 trillion devices by 2035.
The smart-device protection industry is growing: McAfee LLC sells a “Home Platform” that can detect malware, botnets and other attacks on home networks. Symantec Corp. cyberdefenses cover more than a billion internet-connected devices for industrial and manufacturing clients.
The number of connected “things” around the world, from televisions to thermostats, is expected to exceed 25 billion by 2021, according to Gartner. And for many device manufacturers, security is an afterthought, cyber researchers say.
But with attacks on internet-connected devices on the rise—up 600% last year from 2016, according to Symantec—it is a growing concern for businesses that could find themselves targeted. Dozens of websites were threatened by 2016’s Mirai computer virus, for example, which sought to knock them offline with waves of junk data, sent via inexpensive personal surveillance cameras and home routers that hackers had taken over.
The attacks are growing more creative, cybersecurity researchers say. And a company can find its own devices used against it. About three-quarters of global IT security teams believe their internet-connected gadgets aren’t secure and even the simplest now pose a threat, according to research published this month by Hewlett Packard Enterprise Co. -owned Aruba and the Ponemon Institute.
In one recent attack on a casino, hackers hid their movements by manipulating a fish-tank thermometer to become the escape route for stolen data, said Larry Lunetta, Aruba’s vice president of marketing security solutions.
“Many things come onto the network without oversight or the IT department knowing about it,” Mr. Lunetta said. “But I can’t protect it if I don’t know it’s there.”
Gartner forecasts that world-wide spending on “Internet of Things” security—which is separate from the spending earmarked for PCs and networks—will reach $1.5 billion in 2018 and more than twice that by 2021.
“It’s a mish mash of solutions out there” currently, said Dipesh Patel, the president of Arm’s IoT Services Group. “We can’t treat IoT devices as second-class citizens as far as security is concerned.”
Write to Timothy W. Martin at timothy.martin@wsj.com