DigitalResearch & Innovation

Security and Privacy are paramount in IoT solutions

According to a recent survey of IT professionals at large companies, internet of things (IoT) and artificial intelligence (AI) are the chief areas of focus for enterprise investments in new tech this year.

Most of us possess a number of IoT devices, whether it is our mobile phone, or wearables, such as a Fitbit or smart watch.

These web-enabled devices gather, send and act on data they obtain from their surroundings by using embedded sensors, processors and communication hardware. IoT depends on being able to gain insights hidden in the vast and growing seas of data available.

The big problem for us is finding ways to analyse the deluge of data and information that all these devices generate. It’s simply unfeasible for humans to review and understand all of this data and doing so with traditional methods, even if you cut down the sample size, for this would simply take way too much time.

This is where machine learning and AI comes into place. It can help to process all of this data and learn from it.

How are IoT and AI used already in the real world? Some examples include:

Automated vacuum cleaners: smart and connected vacuum cleaners can map and “remember” the layout of a home or a flat, adapt to different surfaces or new items.

They can also clean an area with the most efficient movement pattern, and dock themselves to recharge.

Self-driving vehicles: several companies which have invested in smart vehicles employ AI (and many hundreds of thousands of road-miles of test data) to predict the behavior of cars and pedestrians in various circumstances in order to ‘teach’ the cars to respond appropriately.

At first glance this may seem straight  forward enough.

There is a flip side, however, to living in this hyper-connected world of devices that collect and process one’s data.

As the use of these devices continues to increase, so do the accompanying risks.

Security and privacy breaches, as well as cyberattacks, are persistently on the rise.

According to UK’s National Fraud and Cyber Crime Reporting Centre, fraud and cybercrime cost the UK nearly £11bn in between 2015 and 2016. By 2020, it is estimated that 25% of cyberattacks will target IoT devices.

A contributing factor to this trend could be that many tech companies seem to be engaged in a frantic first-past-the-post-race in developing new technologies to keep up with their competitors.

This may come at the expense of security and privacy. Unfortunately, best practices for security and privacy often lag behind the latest tech trend.

Moving too fast and not coming up with a sound plan for security can put speedily built platforms at risk for exploitation.

In a rush to be first in emerging tech, one may be tempted to overlook essential quality assurance and security pressure-testing of new applications.

In a 2018 report from the University of Oxford, researchers suggest that engineers “take the dual use nature of their work seriously, allowing misuse-related considerations to influence research priorities and norms, and proactively reaching out to relevant actors when harmful applications are foreseeable.”

Prevention may be the key to security threats in IoT solutions.

IoT players should follow security guidelines, such as those issued by the EU’s Cybersecurity Agency (ENISA) last year (Baseline Security Recommendations for IoT).

Security by design is fundamental in all of this, and for the whole IoT chain: designers and manufacturers of devices, component makers, software vendors, solution integrators, data processing companies, telecom carriers and security experts.

Increasing awareness among consumers about how to protect their IoT devices (passwords, privacy settings, software updates, Wi-Fi, etc.) is also important and could help end-users protect themselves as well as their loved ones.

Nevertheless, it’s not only individuals who could be the victims of cyberattacks.

The UK’s National Health Service was left vulnerable in a major ransomware attack in May last year.

According to the BBC, at least 6,900 NHS appointments were cancelled as a result of the attack.

This is exactly why the correct transposition and implementation of the EU’s first legislation on cybersecurity  the Directive on Security of Network and Information Systems (NIS Directive) which entered into force in May this year and applies to operators in electricity, water, energy, transport, health and digital infrastructure (providers of the so- called “essential services”) – is so crucial.

As the examples above stipulate, the ever growing use of IoT and AI can bring about better services tailored for individual users and their preferences.

However, security and privacy remain an issue in need of addressing.

Educating end-users; a more responsible approach by tech firms; sharing best practice examples; allowing for proper testing; incorporating the security by design approach to IoT development, as well as an up-to-date regulatory framework may help to prevent or lessen the impact of a potential future cyber-attack.

It would be naive of us to think that our security and privacy will not be compromised again in the near future. They will. The question is: are we ready?