2018 Survey on Policy in Asia-Pacific: We Need to Do Something About IoT Security
Earlier this year, we asked Internet users across Asia-Pacific just how secure they thought their smart gadgets were. The findings, gathered from 950 respondents in 22 economies, yielded some interesting insights. Over half of those polled lack confidence that IoT devices are sufficiently secure. A similar percentage feel that they do not have enough information on the security of their device.
As connected devices move into our personal spaces – homes, offices and our bodies – amassing more and more data about us and our activities at a dizzying pace, our report, published last week, highlights how much work still needs to be done to build trust in the Internet of Things (IoT) ecosystem.
Asia-Pacific is undoubtedly a major area of growth for the IoT industry, with countries like China and India rapidly becoming some of the biggest markets for consumer IoT devices. We are also a formidable producer, with established brands like Xiaomi and Samsung churning out wearables, smart appliances, and virtual assistants, and numerous startups joining the fray.
Indeed, the report found that a substantial number of respondents already own IoT devices, with a further 73% planning to purchase an IoT device in the next 12 months. But this enthusiasm can’t conceal the fact that most IoT devices land on our shelves without adequate security and privacy safeguards, making them vulnerable to information leaks and attacks by cybercriminals. Incidents like the Mirai botnet in 2016, which essentially exploited unsecure CCTVs whose default passwords hadn’t been changed, gave us a preview of things to come. Connected toys listening in on conversations at home, or smart speakers that can make online purchases without the owner’s knowledge, were just some of the security flaws exposed by researchers this year.
And consumers are waking up to these risks: More than two-thirds of survey participants worry about hackers gaining access or taking control of their devices and personal information. A similar percentage are concerned about personal data leaks and being monitored without their knowledge or consent.
Security certainly is a shared responsibility – users also need to take steps to keep their devices secure. But as we found in the survey, there are currently not enough tools available for them to do this. For instance, over 70% of respondents would like the option to delete the data collected by the device, and to know more about how it is used and who it is shared with, overall demanding more control over their personal information.
This task falls primarily on device manufacturers and IoT service providers. Significantly, nine in ten respondents would like for security and privacy protections to come as standard across all IoT devices, with two-in-three respondents citing this as a key factor that would influence their purchasing decision.
For governments, one of the ways to steer industry in the right direction is to promote the use of trustmarks – visible indicators to signal that a product abides by a set of security standards. This is already a widespread practice in the food sector (e.g., fair trade) and among electronics and equipment suppliers (e.g., energy star). Tellingly, more than 90% of respondents stated that they are likely to purchase IoT devices that have a security guarantee (through a trustmark or certification label).
The connected environment promises convenience, efficiency, and unimaginable insight, and we are only just skimming the surface of its potential. Unsurprisingly, IoT is set to reach an important milestone next year, with consumer IoT devices exceeding the global population for the first time. It is a remarkable growth – one that is surpassed only by the threats that are increasingly tailored to exploit its weaknesses.