IoT
10/25/2018
12:30 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Explosive IoT Growth Slowed by 'Early Adopter Paradox'

Extensive multi-year F-Secure consumer survey finds the consumers most excited about connected home devices are also most aware of the privacy risks

Helsinki, Finland — October 24, 2018: Adoption of the internet of things (IoT) continues to explode but it could be even more transformative, a new F-Secure survey finds. The consumers most eager to purchase new connected devices tend to delay or avoid new IoT purchases due to privacy or security concerns. This “Early Adopter Paradox” is creating an opportunity for operators who are already uniquely positioned to secure connected homes. 

F-Secure has conducted nearly 20,000 consumer interviews in the United States and Europe over the last 5 years.* The research finds:

  • Early adopters love the IoT: 9 out of 10 say that they’re excited about the technology.
  • Privacy concerns, however, hold back new investments in smart home devices: 74 percent of early adopters say they’re looking to purchase connected home devices, but  two-thirds have delayed an IoT purchase because of privacy concerns.
  • Early adopters connect more: 38 percent of U.S. internet users spend more than 4 hours online a day; this rises to 45 percent for early adopters
  • Cyber security savvy rises: 62 percent of U.S. consumers know what ransomware is compared to 37 percent in 2015
  • Users shift to mobile: the share of Americans using desktop PCs has fallen 6 percent since 2015 as the percent that uses Android smartphones has increased 10 percent and iPhone use is up 9 percent
  • Homes are getting “smarter:” Nearly one in four U.S. homes, 22 percent, use a digital assistant such as Amazon Alexa or Google Home, a category that didn’t exist in 2015; this is almost double the 12 percent of Europeans who use such devices 

“U.S. consumers are moving to connected devices by choice to enhance their lives and by necessity, given that it’s almost impossible to find a TV that isn’t considered ‘smart’ today,” says F-Secure Operator Consultant Tom Gaffney. “But these numbers might be even higher if consumers, especially the consumers most open to considering new technology had more confidence in the IoT.”

There’s a considerable threat to consumers due to inadequate regulations regarding security and privacy on the IoT.

“Early adopters’ worries about protecting their personal data are valid, considering the current issues challenging devices that stay online all the time yet aren’t normally secured in the way the most PCs and many smartphones are,” says Gaffney.

In March of this year, Interpol, the International Criminal Police Organization, warned, “All devices which can connect to the Internet – collectively called the ‘Internet of Things’ or IoT – are potentially at risk of a cyberattack.”*** In early August, the FBI warned that cyber actors illegally use IoT devices for malicious activities that could spike consumers’ internet service bills and threaten the reliability of their internet connection.****

F-Secure’s international network of decoy “honeypot” servers used to track the latest cyber threats network continues to find that variations of Mirai are the most prevalent malware in circulation.***** Mirai targets IoT devices, including cameras and routers, and was used in 2016 to carry out one of the largest denial of service attacks against internet services in history.

“The good news is that there is a simple solution to securing connected home devices and it comes from a source consumers already invite into their living rooms,” says Gaffney. “As the average household moves toward the use of dozens of connected devices at one time, the demands on service providers will only increase. F-Secure is delivering a comprehensive router-based solution that protects the entire home so that our partners are ready for what we know is coming next.”

 

*Source: F-Secure surveyed 19,200 consumers in January and February of 2014, 2015 and 2018.

**Source: https://fsecureconsumer.files.wordpress.com/2018/01/f-secure_pinning-down-the-iot_final.pdf

***Source: https://www.interpol.int/News-and-media/News/2018/N2018-007 
****Source: https://www.ic3.gov/media/2018/180802.aspx

*****Source: https://blog.f-secure.com/world-cup-malware/

 

 

More information

F-Secure Blog: Privacy Concerns Cooling IoT Adoption in the U.S. and Europe

 

 

About F-Secure

Nobody knows cyber security like F-Secure. For three decades, F-Secure has driven innovations in cyber security, defending tens of thousands of companies and millions of people. With unsurpassed experience in endpoint protection as well as detection and response, F-Secure shields enterprises and consumers against everything from advanced cyber attacks and data breaches to widespread ransomware infections. F-Secure’s sophisticated technology combines the power of machine learning with the human expertise of its world-renowned security labs for a singular approach called Live Security. F-Secure’s security experts have participated in more European cyber crime scene investigations than any other company in the market, and its products are sold all over the world by over 200 broadband and mobile operators and thousands of resellers.

 

Founded in 1988, F-Secure is listed on the NASDAQ OMX Helsinki Ltd.

 

f-secure.com twitter.com/fsecure | facebook.com/f-secure

 

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Well, at least it isn't Mobby Dick!
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20165
PUBLISHED: 2019-03-22
Cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject arbitrary web script or HTML via the vgnextoid parameter to a menuitem URI.
CVE-2019-1716
PUBLISHED: 2019-03-22
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code. The vulnerability ...
CVE-2019-1763
PUBLISHED: 2019-03-22
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to bypass authorization, access critical services, and cause a denial of service (DoS) condition. The vulnerability exist...
CVE-2019-1764
PUBLISHED: 2019-03-22
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. The vulnerability is due to insufficient CSRF protections for the ...
CVE-2019-1765
PUBLISHED: 2019-03-22
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary files to the filesystem. The vulnerability is due to insufficient input validation and file-level permis...