How safe is your data with the IoT and smart devices?
How safe is your data with the IoT and smart devices?
The Internet of Things (IoT) is a growing phenomenon, and one that’s presenting us with a multitude of benefits. But with increased amounts of our data being shared online, it’s creating a number of security concerns, too.
In this data visualization, we’ll take a look at the number of devices that are connected around the world, including what data they’re collecting and where we can find them (e.g. in our homes, offices and vehicles). It will then explore how people feel about all of this data being shared and whether they’re happy with certain aspects of their lives being stored online (such as their health data and their shopping habits).
Finally, we’ll delve into what security risks are being posed by all these connected devices, and how we can make sure our data is protected in the future. There’s also some interesting stats on how much money will be spent on internet security over the coming years. This demonstrates the sheer importance of putting the right measures in place to make sure our data is as safe as possible.
The internet-of-things and smart devices are more popular than ever, but is your data being protected?
As the internet of things becomes increasingly popular, more and more of our data ends up online. As a result, the risk of our private information being exposed in data breaches is growing. In response, we need to take steps to ensure our data is protected. This data visualization explores what data these devices use and how we can protect it.
The number of connected devices around the world has risen from 8.7 billion in 2012 to almost 23 billion in 2016. Experts predict that figure will pass 50 billion in 2020.
Where are all these IoT devices?
These devices are used in almost every environment where an internet connection is available:
- On our bodies: the “quantified self” movement has led to an increase in fitness trackers and other wearables. New advancements in healthcare include ingestibles that can transmit data from inside our bodies.
- Our homes: smart home devices that control air conditioning, monitor electricity usage, adjust the thermostat, and more. Smart security systems also help keep us safe from intruders.
- Retail environments: IoT devices can help everything from restaurants to arenas and banks run more efficiently. These technologies can optimize inventories, operate self-checkout tills, and intelligently distribute in-store promotions.
- Offices: Security and energy management through IoT devices can make buildings run more efficiently and help employees be more productive.
- Vehicles: Cars, trucks, trains, planes, and ships can all benefit from IoT. Presale analytics, usage-based design, and condition-based maintenance just scratch the surface of the possibilities.
- Industry: Contruction, oil, gas, and mining industries can improve safety, operate more efficiently, and predict what maintenance will be required with the help of the internet of things.
- Cities: Resource management, environmental monitoring, smart meters, and adaptive traffic control are IoT technologies that cities can use to improve the daily lives of their residents.
- Outside spaces: Between the cities, smart IoT devices can operate autonomous vehicles, track and route shipments in real time, and navigate aircraft
McKinsey estimates that the links being created between the physical and digital world could generate over $11 trillion in economic value by 2025, accounting for 11 percent of the world economy.
How do we feel about this?
All the data that these devices collect is used for any number of purposes. How people feel about their data being used is determined by the purpose, and less so by what the data contains.
A study by the Pew Research Center found:
- 54 percent of respondents feel surveillance cameras are acceptable to improve workplace security
- 52 percent thought it was acceptable for doctors to share their health information to manage records and schedule appointments
- 47 percent said it was acceptable for grocery stores to track their shopping habits and sell this data to third parties
- 37 percent agreed that insurance companies can monitor their location and driving speed to offer discounts on insurance
- 27 percent would allow a company to track their movements around their house and the temperature in each room using a temperature sensor
Those who found the use of their data to be unacceptable cited hackers, scammers, being targeted by companies, not wanting to share their location, ulterior motives by companies who collect their data, and a general sense of creepiness as the reasons.
On the other hand, those that found the use of their data acceptable wanted the benefits of free services in return, improvement of social and commercial interactions, and felt that certain spaces, such as offices, have different rules regarding sharing and surveillance.
Symantec has reported an increase of IoT attacks in the wild and a rise in proof of concept attacks on IoT devices. These security threats are often due to a lack of security measures in the devices and attacks exploiting known vulnerabilities in the Linux-based operating systems that many of these devices run on.
Recent security threats have been found in:
- Cars: 1.4 million vehicles were recalled by Fiat Chrysler after a proof-of-concept attack showed that a hacker could remotely take control of a car. In the UK, a number of cars were stolen after thieves hacked into the keyless entry systems.
- Medical devices: researchers have found dozens of “potentially deadly” vulnerabilities in refrigerators, CT scanners, insulin pumps, and x-ray systems.
- Entertainment devices: An Amazon Echo has recently been cited as evidence in a murder case where it was found in the suspect’s home. Smart TVs are vulnerable to ransomware, data theft, and fraud.
- Embedded devices: Internet phones, webcams, and routers use hard-coded HTTPS and SSH server certificates, which leaves 4 million devices vulnerable to unauthorized access and interception.
How to protect IoT data
IoT hardware and software makers need to address the entire lifecycle of a device when designing it in order to remove these vulnerabilities.
- Secure booting: When a device is booted up, cryptographically generated digital signatures will be used to authenticate the software on the device. This ensures the software is the version that the owner has authorized and approved.
- Access control: Limit what data can be accessed on the device by applications and controls. Then, if a component is compromised, the intruder only limited access to the other parts of the device. This minimizes the scope of data breaches.
- Device authentication: Before transmitting or receiving data, devices should authenticate themselves on the networks they are connected to. The machine authentication would input credentials found in secure storage similar to a username and password.
- Firewalls: Deep packet inspection and firewalls will help manage traffic that terminates at the device. Industry-specific protocols can be used to identify malicious threats from non-IoT protocols.
- Updates and patches: Operators need to be able to send out updates in a way that doesn’t impair device security. This must also take into consideration limited connectivity and bandwidth.
IoT spending worldwide
Gartner estimates $348.2 billion will be spent on IoT security in 2016. This will increase at a growing rate through 2020 and beyond. The 2018 estimate currently stands at $547.2 billion.
The increase is due to improved execution from more scalable service options, organizational change, and improved skills. Gartner says IoT will be involved in a quarter of attacks in enterprises. Cloud-based security services will be offered by more than 50 percent of IoT implementations.
With the growth of IoT in the coming years, it’s vital that the necessary security measures grow along with it. It’s also important that consumers are aware of potential security threats so they can protect their data in the best way possible.