According to research from Juniper, spending on IoT cybersecurity will reach more than $6 billion globally by 2023, which the company relates to massive growth in both the consumer and industrial markets. The research also points to increased government regulations and pushing the need for improved IoT security, as companies strive to avoid fines and other penalties.
This rise in IoT cybersecurity must match the explosive growth rates for IoT devices. There’s a fairly low cost of entry for using connected devices. Manufacturing simple sensors isn’t very expensive, and often provides companies with immediate ROI. This low entry cost means some businesses can dive into IoT without much concern about security features and possible privacy exposure. The potential reward of quick sales overtakes the potential branding or legal problems that might come from a security breach and exposure of personal data.
IoT devices are quickly ushering in a new era for cybersecurity, where the safety and privacy of users is increasingly placed at risk. These concerns must be addressed by manufacturers and governments to ensure the coming “connected future” is bright.
Safety and privacy concerns
The development of smart cities promises better usage of resources and new insights from data, but there are underlying security risks that imperil communities. Hackers could access alarm systems that are connected to various utilities and cause destructive panic and expensive first-responder actions. On a smaller scale, hackers have demonstrated how they can trick digital parking meters to provide them with free parking. On a larger scale, such activity can result in millions of lost revenue. Government organizations will need to work hand-in-hand with IoT providers to assure they properly manage the access of passwords and that devices themselves have built-in security in order to prevent potentially catastrophic attacks.
On the consumer product side, consider the rising use of connectivity technology within children’s toys. Many of these toys are Alexa-like in terms of recognizing the child’s voice and responding accordingly. While these toys are a neat interactive novelty, they pose serious security and privacy risks. Many of the toymakers that introduce items with Wi-Fi or Bluetooth connectivity might not add security controls. This leaves the devices vulnerable to hackers who can steal information and potentially take over the toy’s functions. These toys often auto-connect to wireless networks or applications, so someone could use a toy’s app to link to a device and then communicate directly with the child. And if the toy has GPS capabilities to show location, then the attacker could also track the child’s movements. Photo and video features in toys are another area of concern which can be taken over by hackers, and manufacturers aren’t always careful with how this data is stored and transmitted.
Many of these sensors produce data that relates to actual people and their habits. Smart thermometers and other in-home devices record data about daily actions. Fitness trackers record an ever-increasing amount of health data. In many cases this data is reviewed in aggregate, but it still comes from individual people. IoT makers and the general public will need to work out who ultimately owns this data, and how privacy concerns will be addressed to keep personal information protected and anonymous.
Manufacturers must adapt
As the number of IoT security and privacy breaches grow, manufacturers must turn more attention to protecting data and consumer information. Consumers may start to turn away from connected devices if they cannot trust the maker to safeguard their (and their family’s) data.
Manufacturers must be more accountable and recognize there are certain risks with building internet-connected devices. They need to take ownership over security and make it a company-wide mission to build devices that have the right security measures in place. One of these measures is automatic updating. When many connected devices leave the store they are already outdated and at risk when it comes to the latest attacks. Recalling a device is expensive and requires too much effort on the part of the consumer. Manufacturers must adjust their devices so they update automatically, which removes the customer from the equation and ensures protection from attacks that change daily. Device makers should also welcome bug and vulnerability reports from the tech community. They can offer payments of cash or product in exchange as a reward to those who find these bugs.
The manufacturers and providers of IoT devices must pivot from treating IoT as a novelty and rushing to get products out to the market to a more mature mindset. They need to manage IoT-derived data the same way they protect CRM information, by ensuring personal data is kept hidden away and devices cannot be utilized in dangerous ways by outside agents.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.