Over the next five years, the number of Internet of Things devices will grow nearly tenfold — from 2.5 billion in 2014, to nearly 24 billion by 2019, according to BI Intelligence estimates.
However, one of the biggest barriers currently preventing widespread IoT adoption are security concerns. Business executives, government officials, and consumers are rightly worried that by installing IoT devices within their business, city, or home they are exposing themselves to a hacker who could either use their IoT device in a malicious way and/or steal the data associated with the device.
In a new research note, BI Intelligence examines the current state of Internet of Things security within the home, business and municipality. We examine the motivation behind IoT hacks, what data is commonly targeted, provide examples of security hacks, and provide summary and analysis of a Federal Trade Commission (FTC) report which provides suggestions for how IoT device companies can secure home IoT devices.
Here are some of the key findings from the report:
- According to security experts with whom we have spoken, homes are fraught with the most security flaws, but businesses are the most targeted. IoT startups that produce devices for the home are often focused on getting their product to market quickly, and security isn’t a top priority. Businesses are most at risk of attacks by hackers seeking to access consumer data.
- The FTC has numerous key recommendations for ensuring the security of consumer-facing IoT device makers. These include minimising the amount of data collected and encrypting the data that is collected. With less collected data, hackers have less of an incentive to attack a system in the first place.
- The FTC also recommends that IoT device makers should focus on security at the outset of a device’s creation, rather than building it in once the device is completed. In addition, companies should promote strong security practices among employees — the FTC recommends having a person in a higher position, such as in the C-suite, dedicated to overseeing security and not relegating this position to the tech team.
- It is inevitable that companies will collect data on IoT usage. Nearly half of IoT companies say they store IoT data for more than a year. But what data is collected and how it is used should be shared with consumers.