Blogs -Who is Responsible for the Data Security of 50 Billion IoT Connections?

Who is Responsible for the Data Security of 50 Billion IoT Connections?


June 13, 2018

author

Beth Kindig

Lead Tech Analyst

This article originally appeared on IAPP.org, the International Association of Privacy Professionals.

“No matter what happens, don’t panic,” were the words used by hackers just before they hacked a 2014 Jeep Cherokee. It wasn’t your typical hack, where credit card information is stolen, or a denial of service attack is propagated, or a website is taken down. This incident involved disabling the transmission and brakes of a vehicle driving 70 mph. In other words, this is the kind of hack that could take someone’s life.

Car hacks make juicy headlines, but dating back as far as 2007, we saw researchers demonstrate how a generator could be destroyed. In 2014, hackers broke into a German steel mill and prevented a blast furnace from being shut down. As recent as last year, Norse and the SANS Institute released a study revealing 375 U.S. health care organizations were actively compromised between September 2012 and October 2013.

As the Electronic Frontier Foundation recently pointed out, the old security paradigm “felt that human beings were the problem and tech is the solution.” What the internet of things pushes forward is a reversal on the old paradigm that humans are the solution to the problem that technology creates.

If we look closer at the human supply chain and data security for IoT, there are three key players: manufacturers, developers and end users.

Here’s how they can advance the future with foresight (rather than the proverbial hindsight):

1)   Manufacturers

We are finding that many manufacturers can engineer connected parts but do not have the security staff or experience to protect the features. Automotive and medical device companies release embedded systems with no one on staff to respond to a vulnerability report.

The product cycle typically looks like this: The manufacturers have a limited budget, as with all product releases, their primary goal is user adoption – not security. As the researchers and hackers find security flaws, user adoption is increasing, and the manufacturer has to release a patch or issue a recall. By this time, cybercriminals have an open opportunity to exploit the embedded system or flawed IoT gateway.

Original equipment manufacturers should focus on security from the product design stage, which will involve additional in-house security professionals or dedicated partners. With an average of 25 vulnerabilities per device, interconnectivity demands rigorous protection. One approach to improve the R&D cycle is to generate more revenue from the IoT device in order to invest early in more security checkpoints. One medical device company saw 10 to 20 times the revenue when opting to give a device away for free and charge monthly, moving from charging for IoT products to IoT services. This move helps incentivize the manufacturer to keep the device or embedded system on the market.

Also, to lump all manufacturers together would be a mistake. Many large software companies who have always handled security well will continue to do so – no matter the number of connections or level of proliferation. Apple tends to be a front runner on how they handle security, however, manufacturers can learn to lean more on legacy-level security companies to help test, iterate or secure, post-production, the connections and systems they release. “Leave it to the experts” is as true now as ever.

2)   Developers

Nearly 40 percent of large companies, including Fortune 500 companies, are not taking proper precautions to secure the apps they build for customers. On average, large organizations spend $34 million on mobile app development, of which only 5.5 percent is allocated to ensure that mobile apps are secure. Much more attention and focus is given to design even as we see the number of cyber attacks grow. And if those numbers seem shocking, consider that 50 percent of the organizations devote zero dollars to mobile security.

The mobile hackers we see today are able to break into highly valuable data through the insecure app or public WiFi networks. The mobile app hacks of tomorrow are those of embedded automotive IoT systems, flying drones (weighing up to 50 lbs), medical devices and other high-risk devices. Fundamentally, the IoT is about core components such as sensors for measuring temperature or wind speed and actuators to initiate driving a car or injecting insulin. As more and more gateways and apps connect to these core components, especially those in motion such as vehicles and drones, we will have a sudden and urgent need for developers to consider security testing imperative.

The IoT gateway is a device in the field responsible for gathering data from sensors and communicating with actuators. These are installed in homes, control systems and automobiles. One solution is to create a security framework that uses public key cryptography to authenticate communication between remote devices and gateways. This will prevent both data access and also unauthorized signals. Another fix for developers, according to Luca Dazi, who presented at the JavaOne Conference in October 2015, is to employ a framework that uses public-key cryptography to certify new software updates before installation. Lastly, another security step is to generate unique passwords for each device to provide different variants that are combined to generate the master password.

Beyond individual efforts, open source communities also cannot be underestimated. The idea of inviting your peers to help you find the vulnerabilities in your software or app build is quite powerful, and an open source community may be the right antidote for a porous ecosystem of this magnitude.

3)   End Users

What responsibility does the end user have, if any?

It would be difficult to rely on end-user education, rather than a push for open standards, protocols and industry organizations playing the role in IoT privacy and security. For instance, when you buy a phone charger, you don’t expect to have to do your own testing to make sure it is safe, you just look for a Underwriter’s Laboratory code on it. The way this would translate into IoT security would be to bake the open standards and protocols into the products as a matter of course, and standard bodies would then make sure the devices comply with security.

As always, end-user trust will be a key differentiator in the IoT marketplace.

Gains of up to 485% from our Free Newsletter.


Here are sample stock gains from the I/O Fund’s newsletter --- produced weekly and all for free!

+370% on Nvidia

+485% on Bitcoin

*as of May 02, 2024

Our newsletter provides an edge in the world’s most valuable industry – technology. Due to the enormous gains from this particular industry, we think it’s essential that every stock investor have a credible source who specializes in tech. Subscribe for Free Weekly Analysis on the Best Tech Stocks.

If you are a more serious investor, we have a premium service that offers lower entries and real-time trade alerts. Sample returns on the premium site include 2583% on Nvidia, 806% on Chainlink, and 665% on Bitcoin. The I/O Fund is audited annually to prove it’s one of the best-performing Funds on the market, with returns that beat Wall Street funds.

beth

More To Explore

Newsletter

With Bitcoin at All-Time Highs, Here’s What’s Next for COIN, HOOD

With Bitcoin at All-Time Highs, Here’s What’s Next for COIN, HOOD

Bitcoin and the spot BTC ETFs have clearly seen strong investor appetite since the approval in the beginning of the year. Alongside strong initial adoption of the new ETF class, we’re also seeing majo

June 13, 2024
Jensen Huang Presentation

Here's Why Nvidia Stock Will Reach $10 Trillion Market Cap By 2030

I believe Nvidia can achieve an astonishing $10 trillion market cap by 2030. As you’ll see from the key points to my thesis, there is a bull case where a $10T market cap estimate in a little over six

June 10, 2024
TSMC Building

Taiwan Semiconductor Stock: April Sales Soar From Advanced Nodes

Despite warning of a slowdown in the broader semiconductor industry this year, TSMC’s April sales surged 60% YoY and 21% MoM. This marks a positive start to the 20-percentage point acceleration to 33%

June 02, 2024
Jensen Huang Presentation

Nvidia Q1 Earnings Preview: Blackwell And The $200B Data Center

Nvidia’s management team will focus on the H200 in the upcoming earnings call, but make no mistake, we will end this year in full-on Blackwell territory. The new architecture is at the forefront of tr

May 28, 2024
Amazon Building

Amazon Stock: Nearing $2 Trillion Club From AWS Growth & Ads Catalyst

Amazon is on the verge of joining the $2 Trillion Club, driven by a 4-percentage point accelerating in AWS to 17% YoY growth combined with strong 25% growth in advertising revenue.

May 21, 2024
Big Tech Logos

Big Tech Q1 Earnings: AI Capex Increases As AI-Related Gains Continue

Recent Q1 earnings releases from Microsoft, Amazon, Alphabet and Meta reaffirmed that AI spending is continuing to increase through 2024 as companies seek AI-related revenue gains.

May 14, 2024
The Risk is Higher in the Market than it Feels

The Risk is Higher in the Market than it Feels

In this report, we will show that the sentiment readings over the last several months suggest investors should be cautious. This is backed up by our broad market analysis, which indicates that risk is

May 02, 2024
We Are Raising Our Bitcoin Targets To $106K - $190K

We Are Raising Our Bitcoin Targets To $106K - $190K

Bitcoin is an asset where the bulls pound the table to “buy, buy, buy,” and the bears relentlessly and stubbornly call it a scam. In reality, both are the wrong approach. This is because although Bitc

April 26, 2024
Investing In AI with Beth Kindig: 1-Hour Video Interview

Investing In AI with Beth Kindig: 1-Hour Video Interview

Jordi Visser, CIO and Chairman of Weiss Multi-Strategy Advisers, spoke to Beth Kindig on the Real Vision podcast on March 20th, to dive deep into AI’s potential for explosive economic growth, how to f

April 19, 2024
https://images.prismic.io/bethtechnology/Zh50DEaI3ufuUONy_SemiconductorStocksQ4OverviewAIGainsHeatUp.jpg?auto=format,compress

Semiconductor Stocks Q4 Overview: AI Gains Heat Up

Semiconductor stocks are standout performers so far in 2024, with investor appetite for AI stocks remaining elevated as AI chip leader Nvidia continues its streak of high growth.

April 15, 2024
newsletter

Sign up for Analysis on
the Best Tech Stocks

https://bethtechnology.cdn.prismic.io/bethtechnology/e0a8f1ff-95b9-432c-a819-369b491ce051_Logo_Final_Transparent_IOFUND.svg
The I/O Fund specializes in tech growth stocks and offers in-depth research for Premium Members. Investors get access to a transparent portfolio, a forum, webinars, and real-time trade notifications. Sign up for Premium.

We are on social networks


Copyright © 2010 - 2024
Get Free Weekly Analysis on the Best Tech Stocks