We can’t talk enough about security and protecting the IoT (Internet of Things). More importantly, one of the things I am passionate about within the realm of the IoT is cybersecurity. We’ve dedicated issues of Connected World magazine to this topic; we’ve dedicated entire conferences to cybersecurity, and we’ve dedicated a lot of time on The Peggy Smedley Show, which is my weekly Internet podcast.
One of the things I’ve been saying all along is that the industry needs to jump ahead of the curve and be as proactive as possible when it comes to securing connected devices, objects, and things.
Acting proactivity when it comes to security is in everyone’s best interest and that means we are talking about the entire industry. This needs to be reiterated in part, because we have all seen security setbacks like breaches and hacks create negative perceptions of the IoT. If viewed as unsafe, the IoT is going to be a tougher sell, even to those industries and companies that could revolutionize their businesses by adopting the technology.
First, let’s dive into the data. We can take a 10,000-foot view of all the information. The National Cybersecurity Alliance, https://staysafeonline.org/, in conjunction with ESET, www.eset.com, a security solution provider, released a survey that suggests end users are leery when it comes to connected-device security.
In fact, more than 40% of survey respondents report feeling “not confident at all” that IoT devices are safe, secure, and able to protect their personal information. Even worse, more than half of respondents indicate they have been discouraged from purchasing an IoT device due to cybersecurity concerns.
The survey focuses on people who own consumer-connected devices, such as thermostats and connected appliances, as well as routers, smartphones, connected toys, IoT-enabled security systems, and so on.
Even though many respondents are clearly concerned with cybersecurity, a lot of them admit they are not sure how to secure the devices they already own.
Just to give one basic example, only 30% of respondents had changed the password on their Internet-connected router from the factory default, (keep in mind this is how the Mirai attacks have occurred), and another 20% couldn’t remember if they had or not. Of course, this data is coming in part from an organization with a vested interest, so caution might be recommended here with the information.
However, the people who answered these questions are clearly concerned about cybersecurity, and the kicker is that their concerns are preventing them from making new connected-device purchases. If this is going on in the consumer realm, I have to believe it’s going on in the enterprise realm too. At this point, cybersecurity is almost always mentioned as a hurdle or roadblock for IoT adoption.
On the consumer side of the coin, it may be an education issue—maybe we need to help these folks protect themselves better by learning how, when, and why to change the default passwords on their connected devices, for example. Maybe the consumer-connected device industry also needs to work harder to build security into every aspect of products’ design, testing, and release phases.
In the enterprise space, there is also a need for end user education around cybersecurity. Companies both big and small have a lot at stake with not only their own data, but also their customers’ data.
By adopting IoT into a business, that business is admittedly opening itself up—to some degree—to the bad guys. The question is: do the benefits outweigh the risks? I think that yes, they do; but as an industry, we need to remember that not everyone believes this, especially when there are huge media frenzies around devastating hacks and breaches. What we don’t want is people’s fears getting the better of them. This stalls forward progress in IoT innovation and adoption.
On the other side of the coin we can’t ignore these hacks as being minor. , the Mirai attack, coupled with the hack that occurred October 21.attacked Dyn, a company that controls much of the Internet’s DNS (domain name system) infrastructure. While it was,it was only a DDoS (denial of service) attack, but it was the largest attack to date and has created a lot of disruption. In fact, it is believed to be orchestrated using the Mirai Botnet as the primary source of malicious attack, which comes from the IoT.
The real concern here is that we don’t have a plan to combat these attacks. The only way to combat this, really, is to do everything we possibly can to secure enterprise and consumer-connected devices. Easier said than done, right? Of course it is.
But I’m saying it anyway because I think it’s really easy to get caught up in the fast pace of technology and forget about the basics. Security must be a “basic.” It must be built into systems, devices, and solutions from the get-go.
In doing so, technology providers are not only protecting themselves and their customers, but also the industry at large. We’ve all heard the growth projections for the IoT, but more important than just growth is healthy growth that doesn’t end in some sort of security disaster.
As I mentioned, I’ve been preaching this for a long time now, and even though I hate to say “I told you so,” this survey is a little too on-point for comfort.
Now is the time to secure our devices—long before consumers and enterprises have reason to believe that they’re better off without them. And won’t that be a real kick in the pocketbooks, or dare I say something much greater.
Want to tweet about this article? Use hashtags #IoT #M2M #security #DDoS #hacker #botnet