Right now is the time for Internet of Things (IoT) privacy and security regulation to be taken seriously is the sum of a message relayed in a recent report compiled by the Cyber Security Research Institute on behalf of F-Secure. The report is largely made up of observations and interviews with industry insiders and analysts and highlights that the common consensus among those in the know is the tipping point of being able to regulate IoT is already drawing too close for comfort, and may have even already passed.
While IoT is not yet anywhere near the level of adoption that is expected to occur over the next few years, it is already reaching a point where IoT-enabled and related devices are arriving in homes. More to the point, the number of manufacturers and companies now invested in the technology is at an incredibly high level due to these companies all in a race to be the first to market and cement their position before the boom properly takes effect. It is this ‘race to be first’ notion that the report (and those interviewed) states is one of the larger issues as these companies are so fixated on getting people connected that the security (compared to the usability) of their products is not much more than an afterthought. Something the report suggests is only likely to become more of a problem as times goes on. As while security might become more important once it reaches the peripheral view of consumers, by then the number of unsecured connected devices in homes will have greatly intensified, amplifying the problem even more. What's more, the report also highlights that even if there was any consensus on the importance of security right now, there would still be an issue surrounding who is ultimately responsible for the protection of users and their data. With the suggestion there is currently a blame game status quo in effect where companies and governments can/will refer to each other as responsible for leading the charge, and in some cases, suggesting the onus is on the end user, the consumer, to self-protect.
This is another area highlighted in the report as it is understood that with these devices becoming so prevalent, and accounting for such a wide-range of existing products in the home, there is an issue surrounding consumer education in general. That is, consumers lacking direct knowledge on not only the vulnerabilities (low-level security), but also the capabilities (such as their potential to snoop and/or siphon data) of products. Something which is likely to be of major concern not just for the less tech-savvy consumer, but also vulnerable demographics as a whole, such as the elderly. While the argument can be made consumers have the ultimate in protection option of refraining from engaging with the IoT revolution altogether, F-Secure’s Chief Research Officer, Mikko Hypponen, would likely disagree. Having suggested in the report that as time goes on smart versions of existing products could actually become cheaper than their dumb counterparts. Not necessarily due to their production or yield facilitating a decrease in price, but due to them lacking “data that can be harvested by manufacturers.” The full report is available to read below.