Threat Intelligence

1/10/2019
11:30 AM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Consumers Demand Security from Smart Device Makers

Poll shows individuals want better security from IoT device manufacturers as connected products flood the market.

More than 90% of people want manufacturers to step up their security practices, and 74% would pay more for a product with additional security built in, Microsoft reported today.

There will be 25 billion Internet of Things (IoT) devices connecting the world by 2021, Gartner research indicates, and two-thirds of them will be for consumers. To learn more about consumer demand for connected products, their demand for security, and who they consider responsible for security, Microsoft teamed up with Greenberg Strategy to poll 3,000+ people across the US, UK, and Germany.

They learned security is the top consideration among people shopping for an IoT device — and most buyers don't think companies are doing enough to protect them. Researchers say this creates an opportunity for device manufacturers to gain a competitive edge with security.

"Consumers have become more aware that smart devices bring risks into their homes, although they are often confused on exactly what those risks are and how probable they are," says Galen Hunt, distinguished engineer and managing director for Microsoft's Azure Sphere.

Some of the bigger IoT attacks — for instance, the 2016 attacks on Dyn using Mirai — became public knowledge. People often see IoT security risks in the news, reading about baby monitors becoming spying devices and hackers controlling connected cars. Security attacks feel like an invasion of privacy they generally want to avoid when they buy devices.

Most people say they're likely to shop for a smart device in the next year. A smart TV is highest on their list (41%), followed by home security camera (36%), home security system (32%), lighting (31%), thermostat (26%), and speakers (23%). Smart ovens came in last (18%). Connected devices are pervasive, Hunt points out, and they all bring a similar risk level.

"Each node, or device, is connected to the broader network, and any link that breaks creates vulnerability to the network as a whole," he explains.

Security Comes Top of Mind
When asked what factors play into their shopping decisions, security came on top at 21%, followed by value for money (20%), ease of use (11%), trusted brand (9%), and ease of setup (7%). Ninety percent of consumers think any piece of smart tech can be hacked, according to the survey.

But what are consumers worried will happen? More than half (52%) are most concerned about a personal data breach, while 19% fear their physical safety will be at risk. Nine percent are worried about personal privacy, 8% about government spying, 8% about corporate data misuse, and 3% about botnets. Unfortunately, their fears don't translate to smart security practices.

"People generally do want to take the right steps," says Hunt, pointing to a campaign for AV software installation on consumer PCs about 20 years ago. People recognize the need to put AV on their computers; when they don't, machines will start showing signs of infection. "In today's threat landscape, IoT devices won't show as many visible signs — no noticeable lethargy, no visible popups — that give consumers clues there may be something amiss," he adds.

Users think about security in their day-to-day lives: They lock their doors (82%) and close their windows (72%) before leaving their homes. But device security leads to false assumptions and resignation as people are both confused and unaware of how to approach security, researchers say. Sure, 90% accurately say software updates help maintain device security, but 65% think they can improve device security by avoiding sensitive conversations around their smart products.

Because they're unsure of device security, consumers want manufacturers to do better. Sixty-five percent wouldn't buy a smart product that had been hit with a security breach, researchers found. Further, says Hunt, the attack landscape for smart devices is so complex, it would be impossible for customers to take any action that mitigates all the risks their devices bring.

"This is why we feel it is imperative that manufacturers assume responsibility by building highly secured devices from the beginning," he adds. One of his greatest concerns is that today, security is an afterthought — a problem that device makers assume they can solve later. In truth, Hunt notes, no amount of bolt-on security will protect users from dogged adversaries.

He's also concerned device manufacturers are confused about the level of security they need. Many security solutions are on the market, says Hunt, but not all security is built equally. There's a big difference between secured devices and devices with a few security features. Thankfully, he says, companies are becoming aware of the risk security can bring to their brand. Companies that seize responsibility today will have an "incredible advantage" in the future.

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
NathanDavidson
50%
50%
NathanDavidson,
User Rank: Apprentice
2/1/2019 | 9:40:14 PM
WE have a right to know!
If we are going to use devices from certain companies, I think we have a right to know exactly how much data and information we're putting into storage in these phones and computers will actually be kept private. I reckon if we knew the truth, we wouldn't be using them as much as we are now...
MelBrandle
50%
50%
MelBrandle,
User Rank: Apprentice
1/26/2019 | 4:20:08 AM
Give assurance
We have heard unfortunate data breaches way too often in today's era and this worrying fact is what drives users to demand a higher security standard from their product manufacturers. Without giving users this sense of assurance, manufacturers can anticipate a plunge in their product sales especially when users are becoming more aware of the current situation.
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
Making the Case for a Cybersecurity Moon Shot
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  2/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20122
PUBLISHED: 2019-02-21
The web interface on FASTGate Fastweb devices with firmware through 0.00.47_FW_200_Askey 2017-05-17 (software through 1.0.1b) exposed a CGI binary that is vulnerable to a command injection vulnerability that can be exploited to achieve remote code execution with root privileges. No authentication is...
CVE-2018-6687
PUBLISHED: 2019-02-21
Loop with Unreachable Exit Condition ('Infinite Loop') in McAfee GetSusp (GetSusp) 3.0.0.461 and earlier allows attackers to DoS a manual GetSusp scan via while scanning a specifically crafted file . GetSusp is a free standalone McAfee tool that runs on several versions of Microsoft Windows.
CVE-2019-8982
PUBLISHED: 2019-02-21
com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF.
CVE-2019-8980
PUBLISHED: 2019-02-21
A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.
CVE-2019-8979
PUBLISHED: 2019-02-21
Koseven through 3.3.9, and Kohana through 3.3.6, has SQL Injection when the order_by() parameter can be controlled.