Survey finds most consumers think security should be built into IoT devices

Manufacturers can limit brand damage from breaches by unifying, hardening security companywide

 
Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

If you don’t already have an Inter­net of Things (IoT) device in your home, chances are you will in the not too dis­tant future.

Fol­low­ing record growth in 2016, which saw 80 mil­lion smart devices deliv­ered to homes across the world (an increase of 64 per­cent from the year before), ana­lysts are say­ing that 2017 is the year of the smart home.

Accord­ing to Gart­ner, by the end of 2017 there will be 5.2 bil­lion con­nect­ed con­sumer devices world­wide. This will rep­re­sent 63percent of the total num­ber of con­nect­ed devices in existence.

Relat­ed arti­cle: Why detect­ing IoT vul­ner­a­bil­i­ties will nev­er be easy

Of course, the more IoT devices in our homes, the more of an issue secu­ri­ty will become. Recent attacks have made this a very real con­cern in the eyes of consumers.

Mark Hearn, Ird­eto direc­tor of IoT security

With this in mind, I was able to sit down with Mark Hearn at Black Hat 2017 in Las Vegas. Mark is a direc­tor of IoT secu­ri­ty for Ird­eto, an Ams­ter­dam-based media secu­ri­ty com­pa­ny that recent­ly com­plet­ed a glob­al con­sumer sur­vey on IoT in the home.

Some take­aways from our dis­cus­sion of Irdeto’s findings;

Cus­tomers are more aware of secu­ri­ty issues than ever before. Because of the mas­sive bot­net attack that occurred last fall, con­sumers are more aware than ever of the dan­gers unse­cured IoT devices pose. The Mirai attack that tar­get­ed web­cams and installed mal­ware cre­at­ed ter­abytes of attack data and sig­nif­i­cant­ly slowed down the inter­net. Wide­spread cov­er­age of the attack not only made peo­ple aware of the dan­gers of IoT devices, it also made them aware of all of the devices already in their home that have connectivity.

Cus­tomers believe secu­ri­ty is fun­da­men­tal and that it’s the respon­si­bil­i­ty of the man­u­fac­tur­er. Irdeto’s con­sumer sur­vey revealed that 90 per­cent of respon­dents felt that secu­ri­ty was going to be a fun­da­men­tal and crit­i­cal fac­tor for the devices that they put into their home. Most of the respon­dents felt it was a com­bi­na­tion of both the man­u­fac­tur­er and the con­sumer to have respon­si­bil­i­ty for secu­ri­ty. But over­whelm­ing­ly, peo­ple thought that the man­u­fac­tur­er had a strong part to play in ensur­ing that their cre­den­tials remain secure.

Com­pa­nies need to view secu­ri­ty as brand­ing. Man­u­fac­tur­ers need to include secu­ri­ty in these devices, not just for the safe­ty of their cus­tomers, but for them­selves, too. One of the things that Ird­eto has been dis­cussing with com­pa­nies is the need for a com­pa­ny to deploy some­thing that is secure enough to keep con­sumer cre­den­tials safe but also to think about it from their brand aware­ness and their own trou­bles that they may run into with hacking.

Once one of your devices becomes infect­ed, all of your oth­er devices are at risk. Brand dam­age could be crit­i­cal, and indeed sev­er­al of the com­pa­nies caught up in the Mirai attack have gone out of busi­ness. Com­pa­nies also are under threat by the next gen­er­a­tion of ran­somware. Rather than tar­get­ing end users and lock­ing down their devices, hack­ers soon will tar­get man­u­fac­tur­ers for much larg­er pay­outs. One of the last things a com­pa­ny needs is a New York Times arti­cle denounc­ing them as a source of an attack.

Man­u­fac­tur­ers need to devel­op a secu­ri­ty ecosys­tem. Look­ing for­ward, com­pa­nies need to uni­fy secu­ri­ty mea­sures across their entire infra­struc­ture. Com­pa­nies are cre­at­ing secu­ri­ty solu­tions that live in the cloud and solu­tions built into the hard­ware. But very few com­pa­nies are as wor­ried about secu­ri­ty across the IoT ecosys­tem. From the device to the app to the cloud, every­thing needs to be secured through one holis­tic solution.

More sto­ries relat­ed to IoT security:
Secu­ri­ty of the Inter­net of Things takes on new urgency
As the Inter­net of Things expands, so do the risks
Why more attacks lever­ag­ing the Inter­net of Things are inevitable