Home thermostats, TVs, cars, fitness bands. The list of devices for the Internet of Things (IoT) continues to grow, and it’s not stopping. IDC predicts the IoT will reach upward of 30 billion devices by 2020.
While there are a lot of exciting possibilities around the IoT, it also opens up a potential can of worms for security. How secure is the IoT? How high of a risk does it pose to the user? Will this data—or other data—about you, your home, your car, or your business get leaked?
Security and the IoT is a huge concern and one that is growing larger by the day. According to Fortinet’s recent study of 1801 “tech-savvy” homeowners, “A majority of all respondents voiced their concern that a connected appliance could result in a data breach or exposure of sensitive, personal information.” The study goes on to find the majority also expressed the importance of data privacy and “do not trust how this type of data may be used.”
The challenge with the IoT is the sheer number of potential security issues. Each device, each connection, each router, Wi-Fi hotspot, phone, smart watch, thermostat, refrigerator, or vehicle creates a point of vulnerability.
The issue at hand is not that hackers will steal the data on your connected toaster and know how often you toast your bread. It’s that these connected devices are linked to your home or office wireless connection, creating a potential doorway for them to walk through to gain access to your other devices.
Jerry Irvine, owner and CIO of Prescient Solutions, told CIO, “Truthfully, it’s scary as hell. The Internet in and of itself is an insecure and highly risky environment…. Now [hackers] aren’t just looking at your individual PC, they’re looking at all of your personal property.”
If your IoT device is vulnerable and a hacker gains access, then they can install a virus that could eventually gain access to other devices that are connected to it. This could include your router, tablet, or computer.
Once they have access to one of these devices, they can gather the information you input on those devices. The treasure they are seeking is not your use data but your identity, passwords, usernames, and account information.
Security Is a Two-Way Street
As expected, consumers always need to protect themselves through secure Wi-Fi, passwords, and the like. However, the IoT creates new questions on where this security (and its responsibility) actually lies. The Fortinet study also reported a “clear schism,” with nearly 50 percent of respondents divided on who should provide security whether on a router versus an Internet provider.
The fact is that many IoT developers simply aren’t building security as a priority right now. And it could have huge repercussions—not just for the consumer, but also for the future of the company itself.
Forrester Research’s Andrew Rose sums it up well in the article “Slide to Unlock—The New Face of Home Security.”
“It’s deeply troubling, but perhaps not unexpected, that the IoT is arriving with a fanfare of functionality, but seemingly lacking many basic controls,” Rose writes. “As we increasingly rely upon these technologies to secure our homes, and protect our families, vendors need to realize that the stakes are rising and that yesterday’s levels of care and due diligence are no longer sufficient.
“Losing millions of credit cards might be perceived as harmful to a brand, but most firms survive and thrive again because customer damage is easily repairable and largely non-personal; wait until that security breach means the customer’s home or car becomes insecure due to a logical fault, missing patch, or data corruption, and they lose physical assets or their safety is endangered—then we’ll see what brand damage really means.”