The Internet of Things (IoT) is sometimes also known as the internet of insecure things. Or the internet of other people’s things. So much so 90% of consumers lack confidence in the security of IoT devices, according to a Gemalto survey.
This is unsurprising given various high-profile breaches. Smart dolls for children have been hacked to say things unsuitable for children’s ears. Hospital equipment has been accessed with ease, and in 2015 the on-board computer of a Jeep Cherokee was compromised to cut the car’s transmission at 70mph as part of a security test.
Consumers’ main fear is hackers taking control of their device. This was cited by two-thirds of survey respondents. It scored higher than concerns that their data may be leaked (60%) or that hackers may access personal information (54%).
However the implications of poor IoT security extend beyond individual consumers. Around 8.4 billion connected things were forecast to be connected via the IoT in 2017. This is expected to rise to 20.4 billion by 2020, according to Gartner. As more areas of our lives become connected via the internet, so the attack surface grows.
Over the last couple of years a number of attacks have manipulated weak or default passwords on IoT devices. Criminals use tools to search out vulnerable devices and then marshal them to launch distributed denial of service (DDoS) attacks. This overwhelms specific IP addresses or web services to knock them offline. DDoS attacks are an old exploit that has seen a resurgence in both frequency and potency with the growth of IoT.
96% of businesses and 90% of consumers believe there should be IoT security regulations. The majority of business decision makers (79%) and consumers (72%) agree that government intervention is important for IoT security.
Around two-thirds of business decision makers, who think that there should be IoT security regulations, say that the security methods to be used for data storage should be included within the security regulations. In addition, 61% believe that who is responsible for securing data at each stage of its journey should be included. More than half (55%) say the same for the implications of non-compliance.
“It’s clear that both consumers and businesses have serious concerns around IoT security, and little confidence that IoT service providers and device manufacturers will be able to protect IoT devices — and more importantly the integrity of the data created, stored and transmitted by these devices,” said Jason Hart, chief technology officer, data protection, Gemalto.
“Legislation like GDPR shows that governments are beginning to recognise the threats and long-lasting damage cyber attacks can have on everyday lives. They now need to step up when it comes to IoT security. Until there is confidence in IoT among businesses and consumers, it won’t see mainstream adoption,” concluded Hart.