What happens when an entire industry has no standards, different levels of security, and a wide range of influence?
Chaos.
Or at least something like the Dyn attack. IoT devices are in our homes, in our offices, and probably even on our wrists. But what happens when they aren’t being regulated enough to stay secure?
“An ecosystem is built on trust and innovation, where benefits to society and commerce are realized by prioritizing security, privacy, and safety,” Online Trust Alliance (OTA) says in their recent whitepaper on the future of IoT.
In a session at SecureWorld Seattle, Craig Spiezle, Executive Director and President of OTA says, “You need to look at the device, the apps that are controlling it, and the back-end cloud services,” in order to establish a well-rounded security plan.
According to their research, 47% of consumers state security and privacy as obstacles to adopting IoT devices, but only 18% of users actually stop using their IoT devices due to a lack of service guarantees.
So for the most part, people are still using unsecured devices even though they know there are risks associated with them.
How do we get consumers to care about IoT security? Or if we can’t, how does the industry itself make it easier for them?
“We don’t want to stifle innovation,” says Spiezle, but what if our perceptions about security were changed instead?
What if it was on the hands on the retailer to sell or not sell a product based on security ratings, much like fair-trade, organic, or locally-made have become factors in purchasing options?
What if manufacturers themselves took on a system of security ratings to increase competition?
What if your device stopped working or limited its services unless you took the time to update it? Do companies even have that right?
Consumers may just feel like they are too small of a pawn to be played in a game that’s way beyond them. And that it’s on the hands of regulatory agencies to send them a new debit card when theirs’ gets compromised.
But what happens when hackers use the Mirai botnet to turn off the heating in two blocks worth of housing in Finland? In the winter? Will consumers care about IoT security then?
Whatever the future may look like for IoT devices, it needs to be more secure, and it needs to happen soon. Otherwise, hackers will just keep exploiting them to steal our data or to create botnet armies. Our personal data, our smart homes, and our favorite websites are at stake!
