By Dennis D. Estopace
EARLY this year, Accenture Inc. cited security as dampening consumer take-up of Internet of Things (IoT) devices.
The Accenture poll of 28,000 consumers across 28 countries, including the Philippines, found that for nearly half (47 percent) of respondents cited security concerns and privacy risks rank among the top 3 barriers to buying an IoT device and service. IoT devices include smartwatches, wearable fitness monitors and smart home thermostats, among others.
The BusinessMirror asked three cybersecurity companies—Kaspersky Lab ZAO, Sophos Plc. and Symantec Corp.—their take on the consumer technology market and security concerns.
Kaspersky Lab (KL)
BM: How does Kaspersky see the connection between security concerns and privacy risks, and consumer technology take-up in the Philippines?
KL: After several attacks against big companies and organizations, it is not surprising that consumers are now being more aware of cyber threats.
Our research actually showed the emerging fear of consumers toward the security and privacy risks that comes with new Internet-connected smart devices.
As consumers become more aware of the risks and threats present in the Internet, and realize how helpless they are with the intensity of such risks, they become more careful now in choosing the gadgets that they buy and the online services that they engage into.”
BM: How does Kaspersky evaluate the level of risk in IoT device and service in general and in the Philippines, in particular?
KL: As more and more smart devices are developed, they become a strong force, which can transform the landscape of business, as well as consumer technology. IoT is a breakthrough technology.
While it promises to bring opportunities of development in sectors that will have use for it, this new technology is expected to create new security risks and vulnerabilities. Such devices weren’t designed with security as one of its primary features.
The level of risk depends on every country, as each country has different state of technological advancements. The Philippines is one of the fastest-emerging economies globally and so the risks and threats against IoT devices in this part of the world would be inevitable in the near future. IoT has yet to reach adoption in the country, but we at Kaspersky Lab believes there’s an urgent need to institute higher levels of security for IoT devices this early.
Sophos (Soph)
BM: How does Sophos see the connection between security concerns, privacy risks and consumer technology take-up in the the Philippines?
Soph: In recent years, more consumers globally, including Philippines, are turning to Internet-connected devices, such as laptops and mobile devices, for personal use. Increasingly, more workplaces have also witnessed the rise of the bring-your-own-device (Byod) trend.
With the rise of information-technology (IT) consumerization, security and privacy risks are definitely to be expected. Therefore, consumers and enterprises should secure devices from potential cyber attacks.
For enterprise security, it is crucial for IT teams to incorporate a BYOD strategy that goes beyond mobile-device management to ensure devices are not breaching company policies, as well. Enterprises can block access to company resources for noncompliant devices; give users the apps they need while blocking others; and stop personal devices from slowing down the business.
As for personal devices, users should stay ahead of security threats by incorporating strong passwords, being careful of malicious apps and ensuring that the device has the latest software patches that fix security vulnerabilities in not only the operating system (OS) but also the browser and the associated applications.
BM: How does Sophos evaluate the level of risk in IoT device and service in general and in the Philippines, in particular?
Soph: IoT devices are relatively protected, as they are not general purpose computing devices with the same broad suite of interfaces that is available on desktops/mobiles. Moving forward, one can expect more research and proof of concepts demonstrating that nonvendor code can be installed on these devices because of insufficient validations (lack of code-signing, susceptibility to Man-in-the-Middle-class exploitations) by the IoT vendors.
An increase in data-harvesting/leakage attacks against IoT devices can also be expected, wherein they are coaxed to disclose information that they have access to, e.g., video/audio feeds, stored files, credential information for logging into cloud services, etc.
As IoT devices evolve in their utility and ability to interact with their surroundings, i.e., as they become “roboticized”—an app-controlled Roomba for example—the set of security concerns around IoT will start becoming very similar to the set of security concerns around the supervisory control and data acquisition, or Scada, system, and the industry should look toward the best guidance that the National Institute of Standards and Technology, the US Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team and others have formulated.
Symantec (Symc)
BM: How do you see security concerns in the local consumer-technology market?
Symc: Today’s cybercriminals are becoming more skillful in carrying out successful attacks on consumers, businesses and governments around the world. Their efforts have turned cybercrime into a big business, with private information being stolen on an epic scale.
There is no magic-bullet technology that will guarantee immunity from Internet crime or targeted attacks, but being prepared can prevent some attacks. Based on our predictions in 2016, we foresee many companies will turn to cyber-insurance as another layer of protection, particularly as cyberattacks start mirroring physical world attacks.
BM: Accenture said security has been cited by respondents as reason for slow take-up of IoT devices in the Philippines. Do you agree? Why? Why not?
Symc: According to a Gartner report, titled “Agenda Overview for the Internet of Things,” by 2020 close to 30 billion connected things will be in use across a wide range of industries, and the IoT will touch every role across the enterprise. The Philippines is expected to become the 10th biggest market for tech devices.
There’s no doubt the market for IoT–ready devices is growing, but it is still very fragmented, with a rich diversity in low-cost hardware platforms and OS. As market leaders emerge and certain ecosystems grow, the attacks against these devices will undoubtedly escalate, as we’ve already seen happen with the attacks on the Android platform.
The good news is that OS makers, particularly Apple, are making good strides in enforcing security in the ecosystems they support, such as HomeKit.
With these changes happening so rapidly, regulation may be forced to catch up with technology in 2016. We may find that some countries or industries will begin to develop guidelines that address the new risks of information use, data ownership and consent presented by IoT devices.