Trust is the Lifeblood of Consumer IoT
Kristina PodnarKristina Podnar
Just like all businesses, technology manufacturers exist to make a profit, and the dawn of the Internet of Things (IoT) presented limitless opportunities. Not wanting to miss out, the first businesses to grasp the potential of this new market got their products out as quickly as they could, prioritizing speed and functionality while leaving security as an afterthought - if it was a thought at all.
As a result, many of the first wave of IoT devices lacked the ability to update software or firmware. So, even when new vulnerabilities were discovered, there was no way to patch them, and hackers wasted little time taking advantage. (New vulnerabilities continue to be discovered today, by the way, even with older firmware.)
Also, knowing that most homeowners were more interested in getting their new gadgets up and running than they were in security or privacy, manufacturers didn’t provide a lot of guidance. Their set-up instructions, for example, didn’t always stress the importance of changing the default login credentials.
Up for one more wrinkle? When appliance manufacturers started adding smart features to their legacy products, they were trying to get people to buy new TVs, refrigerators, etc., not cutting-edge technology. Smart technology wasn’t their core competency, and it still isn’t. That means that keeping the “smart” aspects of their products up to date may not be a priority.
Not at all. Businesses were right about consumers’ hunger for IoT devices. They’re convenient and, let’s face it, cool. There are already more IoT devices in the world than there are people, and it’s predicted that the number of smart devices will reach 20.4 billion by 2020.
However, there’s a huge speed bump looming on the horizon: consumers are becoming aware that convenience and coolness come with a trade-off. According to one report, 28% of those who don’t already own a connected device say concerns over security and privacy might discourage them from making that leap. Â
Security and operational risks could quickly dampen consumer enthusiasm before you take full advantage of the booming IoT market. Get a head start on earning consumer trust by helping them secure and protect their IoT devices.
Consumers are now starting to wonder whether the fun and convenience of IoT devices are worth the risks. On the other side, governments around the world are becoming concerned enough to consider legislating IoT security.
The good news is that IoT manufacturers are sitting right in the sweet spot. By taking action on their own -- because it’s the right thing to do and because their customers demand it -- without being forced to do so through legislation, they have an opportunity to build a foundation of trust.
And opportunities like that don’t come around very often. Remember, when everyone thought that buying things online was sketchy? Now we do it every day without a second thought. That’s because online retailers and security experts teamed up to make sure online shopping was safe.
We now have the same opportunity with IoT devices.
I firmly believe that the Internet of Things will eventually be regulated; it’s too big not to be. And, even if manufacturers take the initiative, there will need to be some sort of coordination to ensure all of those devices can be secure and still play nicely together. The UK has taken the initiative by creating a Code of Practice for Consumer IoT Security, but that’s just the beginning, and we have a long way to go.
Starting right now, I strongly encourage the makers of consumer IoT devices to embrace privacy-by-design. Stop rushing your products to market knowing you’ll eventually have to address security issues. We’re now at the point where real people’s lives depend on their smart devices working like they’re supposed to. And I’m not just talking about pacemakers and other healthcare devices.
What if all of your refrigerators turned themselves off at night and back on in the morning (so that no one noticed), spoiling the contents and launching a wave of food poisoning?
Or what if somebody launched a Stuxnet-type attack on your smoke detectors, turning them off while all indicators suggest they’re still working perfectly?
In other words, it’s time to stop crossing your fingers and hoping for the best.
So now that I’ve (hopefully) thrown some well-deserved fear into the mix, here are my top security-by-design recommendations for manufacturers:
For more detailed information, you may want to refer to the Code of Practice for Consumer IoT Security, published by the UK government.
Homeowners want your products; there’s no doubt about that. The only thing that will stem that tide is if they start to believe the risks outweigh the rewards. With the consumer IoT market projected to be worth more than $104 billion by 2023, it would be a shame to let the opportunity pass you by because you failed to embrace security-by-design. And the companies that do it first -- without being compelled to become secure via legislation -- will have a headstart on earning consumer trust.
So what are you waiting for? If you’d like a deeper dive on how you can secure your consumer IoT devices, check out these guidelines (they even have color-coded checklists!) by Consumers International.
The Most Comprehensive IoT Newsletter for Enterprises
Showcasing the highest-quality content, resources, news, and insights from the world of the Internet of Things. Subscribe to remain informed and up-to-date.
New Podcast Episode
Related Articles