Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

1/10/2019
11:30 AM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Consumers Demand Security from Smart Device Makers

Poll shows individuals want better security from IoT device manufacturers as connected products flood the market.

More than 90% of people want manufacturers to step up their security practices, and 74% would pay more for a product with additional security built in, Microsoft reported today.

There will be 25 billion Internet of Things (IoT) devices connecting the world by 2021, Gartner research indicates, and two-thirds of them will be for consumers. To learn more about consumer demand for connected products, their demand for security, and who they consider responsible for security, Microsoft teamed up with Greenberg Strategy to poll 3,000+ people across the US, UK, and Germany.

They learned security is the top consideration among people shopping for an IoT device — and most buyers don't think companies are doing enough to protect them. Researchers say this creates an opportunity for device manufacturers to gain a competitive edge with security.

"Consumers have become more aware that smart devices bring risks into their homes, although they are often confused on exactly what those risks are and how probable they are," says Galen Hunt, distinguished engineer and managing director for Microsoft's Azure Sphere.

Some of the bigger IoT attacks — for instance, the 2016 attacks on Dyn using Mirai — became public knowledge. People often see IoT security risks in the news, reading about baby monitors becoming spying devices and hackers controlling connected cars. Security attacks feel like an invasion of privacy they generally want to avoid when they buy devices.

Most people say they're likely to shop for a smart device in the next year. A smart TV is highest on their list (41%), followed by home security camera (36%), home security system (32%), lighting (31%), thermostat (26%), and speakers (23%). Smart ovens came in last (18%). Connected devices are pervasive, Hunt points out, and they all bring a similar risk level.

"Each node, or device, is connected to the broader network, and any link that breaks creates vulnerability to the network as a whole," he explains.

Security Comes Top of Mind
When asked what factors play into their shopping decisions, security came on top at 21%, followed by value for money (20%), ease of use (11%), trusted brand (9%), and ease of setup (7%). Ninety percent of consumers think any piece of smart tech can be hacked, according to the survey.

But what are consumers worried will happen? More than half (52%) are most concerned about a personal data breach, while 19% fear their physical safety will be at risk. Nine percent are worried about personal privacy, 8% about government spying, 8% about corporate data misuse, and 3% about botnets. Unfortunately, their fears don't translate to smart security practices.

"People generally do want to take the right steps," says Hunt, pointing to a campaign for AV software installation on consumer PCs about 20 years ago. People recognize the need to put AV on their computers; when they don't, machines will start showing signs of infection. "In today's threat landscape, IoT devices won't show as many visible signs — no noticeable lethargy, no visible popups — that give consumers clues there may be something amiss," he adds.

Users think about security in their day-to-day lives: They lock their doors (82%) and close their windows (72%) before leaving their homes. But device security leads to false assumptions and resignation as people are both confused and unaware of how to approach security, researchers say. Sure, 90% accurately say software updates help maintain device security, but 65% think they can improve device security by avoiding sensitive conversations around their smart products.

Because they're unsure of device security, consumers want manufacturers to do better. Sixty-five percent wouldn't buy a smart product that had been hit with a security breach, researchers found. Further, says Hunt, the attack landscape for smart devices is so complex, it would be impossible for customers to take any action that mitigates all the risks their devices bring.

"This is why we feel it is imperative that manufacturers assume responsibility by building highly secured devices from the beginning," he adds. One of his greatest concerns is that today, security is an afterthought — a problem that device makers assume they can solve later. In truth, Hunt notes, no amount of bolt-on security will protect users from dogged adversaries.

He's also concerned device manufacturers are confused about the level of security they need. Many security solutions are on the market, says Hunt, but not all security is built equally. There's a big difference between secured devices and devices with a few security features. Thankfully, he says, companies are becoming aware of the risk security can bring to their brand. Companies that seize responsibility today will have an "incredible advantage" in the future.

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
NathanDavidson
50%
50%
NathanDavidson,
User Rank: Apprentice
2/1/2019 | 9:40:14 PM
WE have a right to know!
If we are going to use devices from certain companies, I think we have a right to know exactly how much data and information we're putting into storage in these phones and computers will actually be kept private. I reckon if we knew the truth, we wouldn't be using them as much as we are now...
MelBrandle
50%
50%
MelBrandle,
User Rank: Apprentice
1/26/2019 | 4:20:08 AM
Give assurance
We have heard unfortunate data breaches way too often in today's era and this worrying fact is what drives users to demand a higher security standard from their product manufacturers. Without giving users this sense of assurance, manufacturers can anticipate a plunge in their product sales especially when users are becoming more aware of the current situation.
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
Cognitive Bias Can Hamper Security Decisions
Kelly Sheridan, Staff Editor, Dark Reading,  6/10/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12855
PUBLISHED: 2019-06-16
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
CVE-2013-7472
PUBLISHED: 2019-06-15
The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxes daytoshow parameter.
CVE-2019-12839
PUBLISHED: 2019-06-15
In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execution.
CVE-2019-12840
PUBLISHED: 2019-06-15
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
CVE-2019-12835
PUBLISHED: 2019-06-15
formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer::write via characters that require escaping.