Skip to main content

IoT – Before talking profit, we need to talk security

When a Mirai botnet made up of thousands of Internet of Things (IoT) devices took down major websites such as Twitter and Spotify in October, it merely confirmed the fears of many that such devices in general – and the smart home in particular – can’t be trusted.

If half the internet can be shut down by a few thousand poorly secured devices, how can we believe they will keep us safe, warm and entertained? If consumers are truly going to buy in to the IoT, they need to feel safe and secure before they're prepared to invest. In other words, security is paramount to the long-term success of IoT.

When you’re looking at how to monetise any concept, you should find the value in what makes people tick - consumers want to be safe, secure and have their basic needs met. From that perspective, the value is in shoring up the bottom line and the smart home ideal needs to be rooted in security for that very reason. As they become more integrated into the home, the perception of smart devices has to shift and people should start seeing devices as employees of the “Company of You”. Once that happens, you have a different set of requirements and the right questions start being asked.

It’s a question of trust. If you were to hire an employee that told their friends everything you said to them, the chances are you wouldn’t keep them around for very long. Similarly, if your employee doesn’t work well with others or fit into the social culture of the rest of the employees, or doesn’t do the job you hired them to do, you wouldn’t want to keep them on.

If you see the IoT and the smart home through that prism, you would probably be much more selective in which “employees” you hire and retain.

Taking collective responsibility

However, it isn’t just a consumer perception issue. As an industry, we need to do a better job of changing our own perspective and thinking about the issue of security from a different angle, rather than just poking at the problem in the hope it fixes itself.

Everybody in the industry - insurance companies, platform providers, anybody who makes anything “connectable” - needs to be aware of the importance of security. It starts with simple steps like not letting devices leave the factory with generic default usernames and passwords, because that’s what’s happening and they’re feeding major security threats like Mirai.

Right now, it's just irresponsible for companies to do that, but as the smart home spreads, they may well be held legally culpable for bringing bad clients into the internet. The internet is a big pool that the entire world swims in and when your company’s irresponsible behaviour is risking the safety of others, you’re not going to be very popular. Companies can often be so desperate to try the next big thing that they don’t give the basics enough of their time. The industry is currently so desperate to tap into the IoT market and make money, they don't give enough of their time and thoughts to security.

This is often due to the company not having a strong background in security in the first place, but the assumption that collective ignorance is better than individual malpractice can very easily lead to situations like we saw with Mirai. Consumers deserve to know that their personal data is safe – that even in the worst-case scenario, there are protective measures in place to minimise the damage.

Secure the cake

If you visualise IoT as a cake, security can’t just be the icing on top - it needs to be baked deep into the core as a starting point of everything you do. If it isn’t, attacks like the Mirai DDoS will prove to be only the tip of a very expensive and destructive iceberg.

Look at social media - Facebook wouldn’t have been successful in the early days of the internet because people didn’t feel safe and secure, but one of the reasons it quickly became the most popular social media site is because it refused to compromise on its users’ personal information. It didn't allow annoying ads or spam on people's timelines. Little differences like that contributed to an overall feeling of comfort and safety for users – this was a website that didn't seem like it would lead to viruses.

For the IoT - just like in the case of Facebook – it’s only once these needs are met that people will look beyond the basics of what it can do, and companies need to realise quickly that there are a lot of aspects that need to improve before we can get to that stage.

The internet has been about ‘things’ the whole time - be it a computer, a mobile phone or a smart device - so you have to look at how we have monetised the internet to date and provided value to the consumer. The PC industry, for example, didn’t fully take off until software enabled people to be more creative, productive and better connected. The mobile industry was the same - there were a lot of walled gardens until Apple created the App Store. We went from millions of opportunities with the PC industry to billions of opportunities with mobile, and from complicated, large-scale applications to smaller, more digestible solutions. The IoT is a continuation of that, but with trillions of devices.

Computers allowed us to be more productive. Laptops gave us more mobility. Smartphones connected us. Internet-connected devices have transformed our lives on a scale not seen since the invention of the light bulb and IoT is just the next step along. It's the natural evolution, rather than a revolution, of the internet – we just have to make sure it is secure.

Jim Hunter, chief scientist and technology evangelist at Greenwave Systems

Image source: Shutterstock/a-image