Connected refrigerators, home alarms systems and automobiles, OH MY!!
From toasters to medical devices, from utility grids to remote controls and from watches to construction equipment, these everyday items that we use to live, work, play and learn are being connected to the World Wide Web (WWW) in an unprecedented phenomenon call the Internet of Things (IoT).
Why is this a phenomenon you say?
These things, and millions more like it are part of our society, culture, and way of life and are woven into our everyday routine. We don’t think about the majority of them beyond the tasks for which we use them. Traffic lights, gas and electric meters and vending machines are on our mind when we need them and far from our mind when we don’t.
They are pretty much autonomous systems and rarely does one thing have anything to do with another thing… until now.
All three scenarios would not exist without each having a connection to the WWW. And what’s consistent across all three scenarios is the transmission, storage, and visibility of your data. While not ubiquitous, all three scenarios are currently operational across this country today. What we should be concerned about is NOT the fact that there are little to no security measures in place to protect your data within and across these three (and many more) companies, but that the average consumers never requested protection of their data from their vendor(s)/supplier(s) to begin with.
Are we concerned that three different companies (and many more) have access to our private data 24/7 and we don’t know how they are using it?
Are we concerned how they share this information with their partners as (sometimes) delineated in their EULA (End User License Agreement)?
Are we concerned that three different companies know where we are (or where we are not) at all times from the data that we allow them to collect about us?
Since all three companies’ content converge on our smartphone, can we obtain accurate attribution if (when) a breach does occur?
Are we concerned about bad actors who infiltrate one (or more) of these companies and track our movement and habits, all without our knowledge, until it’s too late?
This is not FUD nor is it the cyber scare tactic du jour. This is current industry news because there is precedence for all 5 security concerns. And the real question is not ‘how real the threat is or is not’; the real question is: are there demonstrable and tangible steps being taken to protect your data as the IoT industry begins to grow and scale? The answer to this question will tell you how at risk your data is across the current (and future) vendors of IoT devices.
If you ponder the level of effort and investment that IT software and hardware vendors have made into protecting their products (and their associated success therewith) you get a sense of the challenge ahead for automobile makers, parking meter manufacturers, medical device makers and hundreds of other manufacturers. As non-trivial as these tasks truly are, it’s how compelled the companies are to make this investment in protecting their IoT-enabled devices that will make the difference.
These are non-trivial questions that are rarely being asked of IoT vendors, let alone verifiably answered.
Cybersecurity protection has always been an afterthought in the IT industry. From the dawn of personal computers in the early 1980’s to the cyber nakedness of laptops, smartphones and tablets today, it has always involved a third-party add-on and this has developed into an industry where a handful of cybersecurity products are protecting 100’s or 1,000’s of devices against 100’s of thousands to millions of threats from around the world… 24 hours a day, 7 days a week.
And now we want to impute this responsibility to industries (old and new alike) to protect our data and expect them to perform as good as the IT Industry that has been in the ‘data protection business’ for over three decades… this is a very large ask, yet the risk of doing nothing is even larger.
According to Cisco Systems, approximately 25 Billion devices were connected to the internet in 2015 and over 50 Billion devices will be connected to the internet by 2020. 100% growth of such a large number to begin with, in 5 short years is nothing short of a phenomenon.
It is a non-trivial task to ask manufactures outside the IT industry to harden their products from threats they’ve never encountered. It’s a non-trivial task to expect multiple vendors/suppliers to validate the security posture of our data within and between their networks, as they transmit, store and render it 24/7. It’s a non-trivial task to know if/when our data has been compromised within one or more of these IoT networks, how much of our data has been compromised and to know when the threat has been eradicated across the IoT vendor networks.
If you want to know how cybersecurity protection will look when IoT is running at full speed, take a look at how effective we are at data protection now while it’s just beginning to walk.