IoT security and the consumer: the challenges and education question

Many years ago, when the Internet became popular, the Belgian government hired us to set up a site to educate consumers and businesses on security risks and measures to take, in order to use the Internet safely. It was part of a major awareness campaign.

With the Internet of Things, predominantly in a consumer electronics and consumer IoT context, it’s as if we’re exactly in that stage again. However, the stakes are much higher.

Today, there are still quite some people who use the Internet without the needed security controls. Sure, they have some software but that’s about it and often it’s not even updated. Still, you cannot compare today with those early days. In general, consumers are more aware of the risks of the Internet, social networks, etc.

The same goes for businesses where we finally see holistic security approaches (the only viable approaches are by definition holistic) getting more and more attention. But, as you’ll see and read there is still a lot of work to do. Moreover, with the holiday season approaching fast and recent IoT vulnerabilities and DDoS attacks in mind, it’s time to pay attention to it, certainly in the context of connected devices and the Internet of Things in a consumer context.

Security and data privacy challenges are more critical than ever in human history

Cybersecurity – and data privacy – are no laughing matter. They never have been. But in a data-driven digital transformation economy they are simply critical for the ways we work, consume, do business and live.

You probably know the famous saying that data is the new oil? Well, to quote Deloitte’s Dana Spataru at the IoT Solutions World Congress in Barcelona, end October 2016: “Data is the new oil, and data leaks are the new oil spills”. I would add that not everyone agrees who owns – and is responsible for – the oil.

At the same time hackers and attackers increasingly operate in real cybercrime syndicates and threats are becoming more sophisticated with close to 60% of advanced threats coming in over encrypted traffic, calling for a different cybersecurity approach.

Furthermore, data privacy and personal data processing are increasingly being regulated by governments and supra-national institutes, as is for instance the case with the coming General Data Protection Regulation (GDPR) in the EU and its pretty significant fines and penalties and also with the ePrivacy Regulation.

While attitudes towards data privacy and ethics differ per region and per person, in an age where data – and the value we obtain from it – is the essence of the Internet of Things and where data is a key business asset in a DX economy, expect more initiatives. In the end the task of a government is to protect its citizens and in a digital age this also includes data. No wonder that regulation de facto is a key driver of the security market.