Let’s Go Smart and Forget The Rest?
No doubt more and more things will be connected to the Internet. The result is more data, and a lot more data. According to a report by Mckinsey, the number of Internet of Things (IoT) devices would increase to 30 billion by 2020. Wide-ranging applications of IoT are being developed, it will change the way people carry out everyday tasks and potentially transform the world. For example:
- Smart lighting is not only cool, but also reduce energy consumption and lower electric bills.
- Connected cars linking up with smart city infrastructure can reduce congestion.
- Connected healthcare devices, such as Fitbit and portable diagnostics devices, track health data and give us a fast and convenient way in monitoring our own health. Personal emergency assistance systems for elderly and beacons-attached firefighting uniforms track a person’s inactivity and increase the chance of saving someone’s life.
- Beacons trigger in-store discount offers. Inventory sensors on shop shelves improves inventory planning and replenishment, reducing the out-of-stock frustration.
IoT Security & Privacy Issues
Too much data: The amount of data that IoT devices can generate is staggering. A Federal Trade Commission (FTC) report entitled “Internet of Things: Privacy & Security in a Connected World” found that fewer than 10,000 households can generate 150 million discrete data points everyday. This creates more entry points for hackers and leaves sensitive information vulnerable.
Vulnerability to hacking: Researchers have been able to hack into all sort of devices on the market with sufficient time and energy, which means hackers would likely be capable to do so too. According to the AT&T’s Cybersecurity Insights Report Volume 5, many IoT device manufacturers fail to incorporate even basic security measures, and the devices arrive in the market with security flaws that make them attractive to hackers. Even more vulnerabilities are added when several companies are involved from design to deployment (one company designs an IoT device, one provides component software, one operates the network, and one actually deploys the device). It is often unclear which company is ultimately responsible for security.
Eavesdropping: Manufacturers or hackers could actually use a connected device to virtually invade a person’s home.
Worth a thought
While companies investigate how it might use IoT and the collected data for business purposes, they cannot forget “security by design” by building security into their devices, rather than treat it as an afterthought. A defense-in-depth approach, where security measures are considered at several levels, may be needed for systems with significant risks. For starters, companies must ensure that their employees adhere to high standards of privacy practice. Those that work with third-party developers also have the responsibility to provide adequate oversight to protect the privacy integrity of the system.
Some advocates of data minimization suggest focusing on certain types of use restrictions to protect consumer data. With this approach, legislators, regulators, self-regulatory bodies, or individual companies would set “permissible” and “impermissible” uses of certain consumer data. ________________________________________________________________________________