IoT security: are we finally turning the corner?

As October draws to a close, so does Cybersecurity Awareness Month, and we can all sit back and congratulate each other on a job well done and forget the need to think about cybersecurity for another year. If only it were that simple! The need to proactively consider security every day has never been greater, especially considering the number of connected devices is projected to grow to unprecedented levels from around 20 billion today to anywhere between 50 and 75 billion by 2025, a depending on the estimate you believe. The wide range is likely a good indication that experts have no real predictions on how quickly people, industry and infrastructure will adopt the new technology.

This growth can, in part, be attributed to increased bandwidth availability and new generations of mobile connectivity. Deploying 5G networks provides superior reliability with negligible latency and will expand and enable a new wave of opportunities and innovation for connected devices. The impact will likely be witnessed in every sector: healthcare, agriculture, logistics, transportation, you name it … in fact, it’s hard to think of a sector that won’t benefit from the advanced communication offered by 5G.

Internet and things

Today, however, take a stroll down the street; the growth of consumer connected devices is there to see, connected doorbells, home security systems, connected cars and people jogging with their smartwatches and fitness trackers, to solar panels with real-time energy efficiency monitors. However, it’s not just consumers who automate and adopt technology for convenience; even the cities we live in are turning to technology to offer services, bike and scooter rental stations, automated visitor kiosks and the like.

Industry and infrastructure are also on board. Industrial washing machines, pumps, trolleys, traffic monitoring and pollution sensors demonstrate that devices once considered off-grid are now connected to sensors to collect real-time data to monitor environment, functionality and performance. Connected device innovation is at the heart of virtually every industry.

RELATED READING: Privacy by Design: can you create a safe smart home?

This overwhelming use of technology in every industry and every corner of life creates a huge opportunity for cybercriminals to take advantage of it, as was demonstrated in 2016 by the Mirai botnet which used hundreds of thousands of IoT devices to launch a denial- Distributed of-service (DDoS) to DNS servers, blocking much of the Internet. As the number of connected devices grows, the opportunity for abuse also increases with it.

If a device is connected, it is most likely collecting data. In the case of consumers, this could be sensitive personal data on sleep, health, nutrition habits and the resulting need to protect the wealth of data collected from all devices must be at the forefront of users’ thoughts when purchasing devices and suppliers when developing them .

Move ahead of the curve

Lawmakers and governments are taking steps to help ensure privacy and security, the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) are examples requiring vendors to seek permission to collect data and provide adequate security to protect it.

Also, regulation is starting to appear that requires some minimum security standards for IoT devices. California, for example, requires each device to have a unique password ready to use and to collect only the data necessary to complete its advertised function. The UK government has also tabled a bill to protect IoT devices, including requiring manufacturers to clearly state how long security updates will be made available.

As regulators attempt to confront the rapidly changing environment of connected device technology, it is also up to us as direct or indirect consumers of these services to ensure that our privacy and security are maintained and respected at all times. Over the past year we have seen public pressure to suspend the rollout of technologies such as facial recognition when deployed in public places as part of this vast roll-out of connected devices, with the reason for racial bias and inaccurate results.

It is our duty as guardians of the next generation to ensure that future technology, including connected devices, is used in an acceptable way.