Gadget-hungry consumers creating IoT security holes they can't fix

Despite large vendors' market positioning around Internet of Things (IoT) security threats, tech-deficient consumers are spooked by IoT threats and are overwhelmingly looking to their antivirus software providers to help them secure their devices, according to a new consumer survey.

The online IoT Survey, by security vendor Bullguard, received 672 responses from US and UK consumers. Some 47 percent of US consumers have more than 3 IoT devices and 15 percent have more than 5 devices, the research found, with 31 percent of US consumers and 42 percent of UK consumers owning at least one connected IoT device (not including phones or tablets).

“The connected house is starting to look like a low-end SMB,” Bullguard CEO Paul Lipman told CSO Australia. “Every device is getting some form of Internet connectivity and some form of cloud service as an adjunct. But for device manufacturers, security is really an afterthought: these guys are optimising for cost and bill of materials in manufacturing; security is very far down the priority list.”

Manufacturers' different focus manifests as increased concern about security by consumers, with 66 percent of UK respondents and 58 percent of US respondents saying they were highly concerned that their IoT devices could be hacked or their data stolen.

Some 54 percent of US consumers said they were turning to their antivirus vendors to protect them from IoT security issues, whereas device manufacturers were only named by 23 percent and ISPs, 16 percent.

British users expected far more from their ISPs, with 24 percent turning to their ISPs for IoT protection and 44 percent looking to antivirus vendors.

The results reinforced an evolving industry dilemma for Lipman, who pointed out that formal, broadly usable IoT security standards were still years away despite “a lot of good work being done” to progress them.

In the meantime, he said, consumers' strong expectations from antivirus vendors suggested that it is “incumbent upon” antivirus vendors to build solutions “that address how the way we use technologies is changing.”

“As the nature of the home network changes, we are going to see the emergence of network-centric solutions to keep the home secure,” he added. “But the challenge there is that the network is tremendously more complex than a single endpoint device.”

This year's International CES conference saw IoT devices of all types hitting the market, contributing to a proliferation of devices that create opportunities for business marketing operations but wearables and other IoT technologies create new challenges for CIOs in business environments where changing technology is both exciting and intimidating.

Slightly over one-third of consumers in both countries said they had already experienced a security or privacy issue with a connected device – but 61 percent of US consumers and 72 percent of UK consumers said they had no idea how to secure their devices to prevent such compromises. Fully 35 percent of US and 48 percent of UK consumers said they didn't even know how to change their router's password.

This could pose increasing security risks as hackers turn their attention to IoT devices, with the Spike malware toolkit seeking out devices to launch massive DDoS attacks that utilise nearly any connected device to launch attacks against designated targets.

As malware writers get more clever about their exploitation of IoT, consumers will need to be given more-secure devices and user-friendly tools to ensure that their equipment is not susceptible to security issues. This is a big challenge in its own right, Lipman said, but one that the industry cannot ignore without risking losing all control over the evolving IoT.

“The key to make this all successful for consumers is to make it simple,” he explained. “You can deliver a very complex and configurable solution for the top 1% of users that know and care about the technicalities of how to protect the network.”

“But for mainstream consumers, the intelligence and security has to be built in. If we can't make it absolutely straightforward and simple for consumers, we will have failed out of the gate.”

High Consequence Cyber Crime: The Crime of the Century

Organised criminals : Harness the power of analytics to detect breaches early and minimize their exposure.

Download NOW

Take this 5 minute survey on The State of Cloud Storage & Collaboration 2016 and go in the draw to win a $500 Visa credit card.Start Survey NOW

Tags DDoS attacksgadgetCSO AustraliaIoT securityCES conference

Show Comments