Nearly three in four consumers are aware of inherent security weaknesses in IoT devices and are willing to pay a monthly fee to keep such device secure from hacking attacks, new research has revealed.
While there is no doubt that smart home devices have introduced a lot of convenience in people’s lives and many of them use machine learning technology to accurately respond to user demands, it is also true that the security of such IoT devices has not kept pace with their massive adoption across the world.
Recently, Gartner predicted that the market value of IoT devices could touch $1 trillion before the end of the year, thereby suggesting that demand for such devices is growing with time and both ISPs and IoT device manufacturers will stand to gain a lot in the years ahead if they continue to innovate and push more IoT devices into the market.
Consumers aware of security flaws in IoT devices
Even though there are 8.4 IoT devices on average in every home in the United States and Europe, the fact that a majority of IoT devices feature inherent security vulnerabilities isn’t lost on buyers. A survey carried out by Allot Communications in ten countries has revealed that out of the 1,261 consumers surveyed, half of them were aware of threats to their IoT devices and only 20 percent of them were satisfied with the built-in security of connected devices.
While 28 percent of those surveyed expressed concern about the loss of privacy as a result of weaknesses in IoT device security, 26 percent were concerned about over-reliance on technology, and 22 percent were concerned about suffering cyber-attacks.
To address their concerns, 66 percent of households with one to ten IoT devices in their homes are willing to pay an average of $4.90 as monthly fee to secure their IoT devices while 84 percent of households with more than ten devices are willing to pay $6.16 as monthly fee for the same purpose.
However, only 22 percent of such consumers are willing to purchase security services from their ISPs, with a majority of them opting for either of three leading consumer security brands.
According to Allot Communications, ISPs can play a major role in securing home IoT devices as they are uniquely positioned to gain a market footprint by leveraging their existing, direct relationships with their subscribers and taking advantage of their physical presence in the home as the provider of CPE.
“It is a natural win for both the consumer and the ISP, for the ISP to provide a centralised security solution leveraging their existing CPE. With the ISP providing the security solution, both the ISP’s network and the home network are protected. Furthermore, all of the consumer’s IoT devices, headless or not, can be protected as the security services is delivered from the network.
“Furthermore, security, as an enabler would increase the rate of adoption of connected devices and smart homes providing even more opportunities for ISPs to provide IoT-related services,” the firm added.
Greater coordination between stakeholders for IoT security
Even though it would be ideal for consumers if ISPs take up the role of security service providers, a lot more coordination between manufacturers, regulators, and security professionals will be required in the days ahead to effectively secure all IoT devices.
Earlier this year, the Royal Academy of Engineering and the PETRAS Internet of Things research hub have called for greater coordination between the government, industry, system operators and the engineering profession to ensure adequate security around IoT devices in the future.
According to a report published by the two institutions, while digital technologies used in industrial systems and consumer applications create many opportunities to realise economic, social and environmental benefits across business and society, any vulnerability in such technologies could have an equally negative impact on society.
“Cyber attacks on connected health devices are of increasing concern as they could have severe consequences on patient safety. Ever greater numbers of health devices have been identified as being potentially at risk, including pacemakers and MRI scanners,” the report warned.
“It is vital that we improve the level of technical and data literacy and skills to enable the public to become involved in reinforcing security in data and the Internet of Things. Ethical development of these emerging technologies is a collective responsibility for the whole of society, not just for those who are developing them,” said Professor Rachel Cooper OBE, Adoption and Acceptability theme lead at the PETRAS IoT Research Hub.
According to the working group, the government, along with regulators, organisations and their supply chains have to be continually responsive and flexible to the evolving nature of the challenges. While ensuring that IoT products are ‘secure by default’ is essential, manufacturers and the government need to take additional steps to improve cyber security as there is no ‘silver bullet’ solution to the problem.
These steps include creating mandatory risk management procedures for critical infrastructure which should serve as guiding principles for cyber risk management during design, operation and maintenance, transparency throughout the supply chain about the level of cybersecurity provided in products and services, an international agreement between governments and institutions that sets out an international baseline for IoT data integrity and security, and adoption of ethical frameworks that support ethical behaviours on IoT to help minimise risks to society.