The Internet of Things (IoT) is probably something you are hearing a lot about these days and for good reason. Gartner forecasts there will be more than 20 billion connected devices by 2020.[1] Defined as “a network of internet-connected objects able to collect and exchange data using embedded sensors,”[2] nearly any device can become connected: light switches, car engines, power tools, TVs, and yes, even washing machines and dryers.
The IoT is becoming the foundation for smart homes as well as smart cities—enabling better control of traffic management, the power grid, and more. In 2016, the U.S. Department of Transportation said it would invest $65 million in programs funding smart city technologies.[3] Companies see IoT enabling process chain improvement, supply chain efficiency, and system improvements. In 2017, total spending on IoT endpoints and services is expected to reach almost $2 trillion.[4]
Is IoT Here to Stay?
IoT is increasingly relevant as it connects people, things, and machines. Consumers are taking advantage of the convenience it offers. You can set your home alarm with your smart phone, or unlock your car with your phone. Newer trends have multiple devices working together to accomplish more. For example, your phone can work in conjunction your coffee maker to begin making coffee based off of your schedule. Instead of having your coffee maker begin making coffee at the same time each day it can work based off of your calendar. Further, if your coffee maker runs low on coffee, filters or other supplies, your coffee maker can automatically order more for you—just like that.
Payments are central to many IoT use cases. Consumers expect easy payment methods where you can initiate a payment with your phone, smart watch and other connected devices and businesses must deliver to remain competitive. To meet this demand, payments are embedded into connected devices. However, in this always connected, always on environment, there will be an increased risk of data breach. Significant hurdles need to be overcome in securing the IoT ecosystem and protecting privacy.
Privacy, Payments and Security
Without clearly defined security protocols, hackers have many opportunities to find holes and exploit them exponentially. This was examined in a new Government Accountability Office (GAO) report, “Internet of Things: Status and Implications of an Increasingly Connected World”[5]. Findings concluded that IoT devices are vulnerable to a range of potential cyberattacks, including zero-day exploits, distributed denial-of-service (DDOS) attacks and passive wiretapping. You may remember last year when hackers used IoT devices to overwhelm servers at Domain Name System (DNS) provider Dyn, leading to the blockage of more than 1,200 web sites that included Twitter and Netflix[6].
The GAO report recommends mitigating risk by using encryption for the storage and transmission of sensitive information. In addition, experts suggested applying role-based access controls to IoT devices that can limit the privileges of device components and applications.
Connectedness also comes at a cost, in terms of your privacy, or lack thereof. IoT devices generate an incredible amount of data. Fewer than 10,000 households can generate 150 million discrete data points every day, according to a Federal Trade Commission report entitled “Internet of Things: Privacy & Security in a Connected World.” Security must be bolstered so these entry points are not vulnerable to hackers[7]. A stolen phone could allow a hacker to find your home, disable your alarm, open your garage door, and access your home. In addition to the threat of personal information being stolen, companies may collect and apply that data to how they sell to you. For example, a connected car could provide information to an insurance company on your driving habits that they use to calculate your insurance rate.
Conclusions
- IoT will continue to grow in terms of number of connected devices (more than 20 billion connected devices by 2020) and total spending (~$2 trillion in 2017).
- Security concerns are a barrier to IoT– zero-day exploits, distributed denial-of-service attacks (DDOS) and passive wiretapping among cyberattack tactics. Much work needs to be done in terms of security.
- IoT generates a vast amount of data. Consumers must know how their data is being collected, protected, and used in order to safeguard private information.
- Tokenization and encryption can help protect stored payments by devaluing sensitive data.