ISACA: Privacy and Security Come to the Forefront in the 'Internet of Things'

Privacy and security implications of the Internet of Things are making their way into the public consciousness, according to ISACA's 2013 IT Risk/Reward Barometer
Privacy and security implications of the Internet of Things are making their way into the public consciousness, according to ISACA's 2013 IT Risk/Reward Barometer

The organization’s latest survey shows that only 1% of Americans named the makers of their mobile phone apps as the institution they would most trust with personal data. And when it comes to the developing Internet of Things tsunami (when everyday machines, devices, sensors, cars, cameras and other items are connected to the Internet and often to each other), 92% express concerns about the information collected.

Even so, there is a disconnect: the survey also showed that most people (81%) don’t always read privacy policies before downloading apps to their phone or tablet. Similarly, half (50%) don’t feel they have control over how websites use their information – but one in four (25%) have not checked the privacy settings on their social network profiles in the past six months.

This apparent gap between belief and behavior is likely to matter even more in the future, as consumers use mobile apps to interface with everyday objects that increasingly share data via the internet. Worryingly, the gap between concerns and action isn’t limited to privacy. The survey also showed that 90% of respondents are concerned that their online information will be stolen, yet half (51%) use the same two to three passwords across multiple sites. Four in 10 (40%) write down their passwords to remember them.

The results are piquant considering that the connected device era is already underway. Although only 6% of participants said they are aware of the term Internet of Things, many report using internet-connected devices such as a GPS systems (62%), electronic toll devices on their cars (28%) or smart TVs (20%).

Close to half of the IT professionals (48%) surveyed believe that for consumers, the benefit of the Internet of Things outweighs the risk. But the average American and members of the IT department do not see eye-to-eye on what the greatest risks are: according to the consumer study, people are most concerned about someone hacking into their connected devices and doing something malicious (31%). IT professionals, however, believe that what consumers should be most concerned about is not knowing who has access to their information (48%) or how it will be used (25%).

IT professionals see benefits in the Internet of Things in business as well. In the related survey of 591 US-based IT professionals who are members of ISACA, almost all (99%) believe the Internet of Things poses governance issues, but 42% say the benefits outweigh the risk and more than one quarter (26%) say the benefits and risk are appropriately balanced for their enterprise. About a third (30%) said that their enterprises have already benefited from greater access to information; and 29% have improved services as a result of the Internet of Things.

“Internet-connected devices are already delivering powerful business and lifestyle benefits, but organizations using these need to proceed with transparency and with the consumer at the forefront of their decisions,” said Jeff Spivey, international vice president of ISACA. “The deep concerns about privacy and security uncovered by this year’s IT Risk/Reward Barometer show that enterprises need to establish and openly communicate policies around use of personal data to preserve trust in information.”

What’s Hot on Infosecurity Magazine?