In four years, the number of objects and devices connected to the internet will be an estimated 21 billion. In five years, the Internet of Things (IoT) market is expected to be an estimated USD 661.74 billion – this is truly the Internet of Everything!
The IoT in a nutshell is a network of physical devices that are capable of interacting with other devices in the same ecosystem. IoT has proven to be beneficial in a multitude of ways from improving safety to heightening efficiency in the way we do things. While its potential is huge and fast growing, the more interconnected IoT devices are, the more points of opportunity there are for hackers to attack. Security of IoT needs to be ensured so that it can work to our full advantage.
Due to lack of legislation, 70% of tested IoT devices currently lack encryption. Encryption would help to enhance security of the devices. However, manufacturers often fail to take the concept of 'security by design' into consideration. Furthermore, since they are not bound by legislation, they don't feel compelled to do so because it incurs more costs for them.
Secondly, the issue of information security is in question. With the massive amount of data collected by IoT devices, businesses have been accused of misusing customers' details by selling them. Vizio and Fitbit are two such companies that have been found guilty. Customers in turn lose their confidence in IoT devices which really undermines the capability of IoT to improve and be integrated into our lives.
Lastly, constrained devices tend to be lacking in security. Constrained devices are those that are limited in processing and storage capabilities, and are often battery-operated. Thus, these devices do not have a lot of space to include comprehensive security features.
While there are approaches currently in the works to deal with the security issues, they are insufficient. Work done is still very much focused at the device or application level; however, the greater concern should be the role that different players in the IoT ecosystem can take on to ensure security.
The most important player would be the users themselves. The individual consumer should be aware and informed of the dangers resulting from IoT devices that are not encrypted. During the buying process, the consumer should do research and find out about the security standard of the device. As they would when buying a computer, they should do so for all other types of devices connected to a network. The consumer has the power to push for stringent regulations to be enforced by the government. To call for action would be to their benefit.
The government has an important role to play in ensuring that stringent guidelines and policies are laid to ensure high security standards. This paves the way for increased confidence in IoT devices and networks since consumers would be protected from infringement of privacy and security threats. Introducing programmes to educate and develop skills in ‘security by design’ or ‘privacy by design’, will allow for more informed decisions to be made about IoT. Furthermore, due to the ever evolving nature of technology, the government should provide state funding for IoT research so that the most advanced security methods can be employed.
Lastly, companies should come up with devices that are inbuilt with security in mind. This optimisation can create direct business value for the companies, as it builds and protects the reputation of a company. Authentication systems, firewalling as well as updates and patches are some of the methods that businesses should invest in to ensure the security of the devices.
As more people adopt IoT devices in their everyday lives, the issue of security is becoming not only more important but also more urgent. New solutions to current known security threats are being formulated, but until we can confidently say that IoT devices are secure, the best method of prevention is awareness. Awareness of the potential dangers to IoT devices is the first step to prevent being compromised. Some of the best practices to ensure IoT security include using strong passwords, changing passwords regularly, and updating devices with security patches. All players in the IoT system need to equip themselves with relevant awareness, knowledge and understanding of the risks; without which, limited action can be taken to prevent attacks.