At the beginning of the year I was one of the 170,000 delegates who attended the Consumer Electronics Show (CES) event in Las Vegas. With nearly 4,000 exhibitors, products varied from 3D printers, digital health wearables through to a myriad of connected devices. The Internet of Things (IoT) was undoubtedly the hot topic at this year’s event. You could almost guarantee that if the product was at the show the device was connected to the internet.
2015 will be the year where we will see the wide deployment of smart sensors in our life; consumers will open their home, cars, and personal health to digital devices and sensors. But while the Internet of Things is set to usher in the next wave of innovation and lead to a significant change in how technology influences our lives, it also opens up the door to big risks. Soon everything that can be connected will be connected and everything that can be hacked will be hacked.
Any device that is connected to the internet is inherently at risk of being hacked. From PCs to smartwatches, all of these devices and services provide gateways to access the personal information that is collected and transferred between them. As the number of entry points increase so too does the opportunity for hackers to find ways of accessing our data.
Cybersecurity is already a significant challenge for all organisations. You just need to look back over the last 12 months to see high profile hacks and breaches of organisations across the globe. As the consumer market for the IoT grows, companies in this market must address this challenge.
Currently at this early stage, the focus around the IoT is on innovation and new product launches rather than how secure a product will be. A unique challenge to IoT companies is the size of the products. The small size of many of the IoT devices/sensors and the computing power required for the encryption and other security features could inhibit encryption in the IoT devices. Moreover, some of these are low cost, essentially disposable and if vulnerability is discovered in these type of devices, a software patch or upgrade might be difficult.
Addressing the risks in the IoT
Reasonable limits of data collection and retention is the first line of defence for the Internet of Things. While innovation and new products should be celebrated in this emerging field, security must come first and foremost. It should be built into devices from the very beginning and not bolted on as an afterthought.
Companies should also look to use smart set up/defaults in their product development to ensure consumers change their passwords regularly and consider encryption for transferring sensitive information, such as heath data. Companies should also consider information security inside the company and conduct security training for employees and take steps to ensure service providers protect consumers’ information.
By assessing the security and privacy of a device as part of the design process companies can ensure they can test security ahead of product launch. Companies that collect personal information about their users should always follow the principal of data minimisation. By collecting only the data that is needed for a specific purpose and safely disposing of it afterwards companies can reduce the risk of losing significant amounts of data during a breach.
Clearly there are unique challenges the industry needs to address. Especially in order to ensure this market succeeds. Put simply if there are high profile data breaches of IoT devices early in their market infancy this would undoubtedly impact consumer perception for the worse and ultimately sales.
Both regulators and the industry must agree on standards to strike a balance between the risk of slowing innovation and the risk of a data breach. To achieve this compromise a meaningful dialog around the acceptable use of personal information is needed within the industry to increase awareness about responsible product development in IoT.
The opportunities presented by the IoT are huge. It will create new jobs, drive innovation and drastically change the way we live our lives. What we must do now is ensure consumer awareness about how to operate safely in a digitalised life and framework in place to help companies creating these products can keep the data collected safe.