Survey finds most consumers think security should be built into IoT devices
Manufacturers can limit brand damage from breaches by unifying, hardening security companywide
By Byron Acohido, ThirdCertainty
If you don’t already have an Internet of Things (IoT) device in your home, chances are you will in the not too distant future.
Following record growth in 2016, which saw 80 million smart devices delivered to homes across the world (an increase of 64 percent from the year before), analysts are saying that 2017 is the year of the smart home.
According to Gartner, by the end of 2017 there will be 5.2 billion connected consumer devices worldwide. This will represent 63percent of the total number of connected devices in existence.
Related article: Why detecting IoT vulnerabilities will never be easy
Of course, the more IoT devices in our homes, the more of an issue security will become. Recent attacks have made this a very real concern in the eyes of consumers.
With this in mind, I was able to sit down with Mark Hearn at Black Hat 2017 in Las Vegas. Mark is a director of IoT security for Irdeto, an Amsterdam-based media security company that recently completed a global consumer survey on IoT in the home.
Some takeaways from our discussion of Irdeto’s findings;
Customers are more aware of security issues than ever before. Because of the massive botnet attack that occurred last fall, consumers are more aware than ever of the dangers unsecured IoT devices pose. The Mirai attack that targeted webcams and installed malware created terabytes of attack data and significantly slowed down the internet. Widespread coverage of the attack not only made people aware of the dangers of IoT devices, it also made them aware of all of the devices already in their home that have connectivity.
Customers believe security is fundamental and that it’s the responsibility of the manufacturer. Irdeto’s consumer survey revealed that 90 percent of respondents felt that security was going to be a fundamental and critical factor for the devices that they put into their home. Most of the respondents felt it was a combination of both the manufacturer and the consumer to have responsibility for security. But overwhelmingly, people thought that the manufacturer had a strong part to play in ensuring that their credentials remain secure.
Companies need to view security as branding. Manufacturers need to include security in these devices, not just for the safety of their customers, but for themselves, too. One of the things that Irdeto has been discussing with companies is the need for a company to deploy something that is secure enough to keep consumer credentials safe but also to think about it from their brand awareness and their own troubles that they may run into with hacking.
Once one of your devices becomes infected, all of your other devices are at risk. Brand damage could be critical, and indeed several of the companies caught up in the Mirai attack have gone out of business. Companies also are under threat by the next generation of ransomware. Rather than targeting end users and locking down their devices, hackers soon will target manufacturers for much larger payouts. One of the last things a company needs is a New York Times article denouncing them as a source of an attack.
Manufacturers need to develop a security ecosystem. Looking forward, companies need to unify security measures across their entire infrastructure. Companies are creating security solutions that live in the cloud and solutions built into the hardware. But very few companies are as worried about security across the IoT ecosystem. From the device to the app to the cloud, everything needs to be secured through one holistic solution.
More stories related to IoT security:
Security of the Internet of Things takes on new urgency
As the Internet of Things expands, so do the risks
Why more attacks leveraging the Internet of Things are inevitable