The Internet of Things (IoT) is coming – an era of billions of networked devices, talking to the web and to each other. But behind the specter of attention overload from, say, connected refrigerators and pedometers that interact with your television is a very real concern. In short, that much connectivity will magnify the cybersecurity threat surface exponentially.
Fortinet has released the results of a global survey that probes home owners about key issues pertaining to IoT, a market that according to industry research firm IDC is expected to hit $7.1 trillion by 2020. It found that vendors need to be thinking about security now: a majority (61%) of all US respondents believe that the connected home is “extremely likely” to become a reality in the next five years, in line with the global average. China led the world in this category with more than 84% affirming support.
“The battle for the internet of things has just begun,” said John Maddison, vice president of marketing at Fortinet, in a statement. “The ultimate winners of the IoT connected home will come down to those vendors who can provide a balance of security and privacy vis-à-vis price and functionality.”
Homeowners are concerned about data breaches – a majority of all respondents voiced their concern that a connected appliance could result in a data breach or exposure of sensitive, personal information. Globally, 70% said that they were either “extremely concerned” or “somewhat concerned” about this issue. US respondents were in line with this; 68% said that they were “extremely concerned” or “somewhat concerned.”
Overwhelmingly, consumers are worried about how all of that data that connected devices will generate will be handled. When asked about the privacy of collected data, a majority of global respondents stated, “privacy is important to me, and I do not trust how this type of data may be used.” India led the world with this response at 63%, while 57% in the US agreed with this statement.
Relating to privacy, respondents were also asked how they would feel if a connected home device was secretly or anonymously collecting information about them and sharing it with others. Most (62%) answered “completely violated and extremely angry to the point where I would take action.” The strongest responses came from South Africa, Malaysia and the US.
Users also demand control over who can access collected data. When asked who should have access to the data collected by a connected home appliance, 44% stated that only themselves or those to whom they give permission should have this information.
Of note, China, India and the US also listed that IoT device manufacturers and/or their ISP should have access to collected data, too. While 46% of those in the US wanted personal control over collected data, 34% of Americans felt that either the device manufacturer or their ISP should have access to the collected data.
By almost two-to-one, consumers look to their government for data regulation – many respondents (42%) around the world stated that their government should regulate collected data, while 11% said that regulation should be enforced by an independent, non-government organization. Here, the US scored lower than most countries: only 33% agreed that the government should regulate collected data, which is unsurprising given the revelations over the course of the past year of domestic and international spying on the part of the NSA.
On the network side, the next looming battle is over who has the security burden: secure home routers or ISP who should keep their pipes clean. A clear schism appears worldwide when homeowners were asked about how connected home devices should be secured. In nearly equal proportion were those who replied, “a home router should provide protection,” versus those who said, “my Internet provider should provide protection.”
Device manufacturers, however, are mostly on the hook for security. If a vulnerability was discovered in a connected home device, 48% of all surveyed agreed that the device manufacturer is responsible for updating/patching their device. Americans responded similarly with 49% putting the responsibility on the device manufacturer. However, encouragingly, nearly 31% responded with “as a homeowner, it is my responsibility to make sure that the device is up to date.”
"The IoT promises many benefits to end-users, but also presents grave security and data privacy challenges,” concludes Maddison. “Crossing these hurdles will require clever application of various security technologies, including remote connection authentication, virtual private networks between end-users and their connected homes, malware and botnet protection, and application security − applied on premises, in the cloud and as an integrated solution by device manufacturers.”