There were 63% more personal data breaches in 2018 than 2017 in the US, and a 157% increase since 2015, making it one of the fastest-growing and most common cyber crime categories. As internet adoption expands and more devices connect, internet security will only become more vital in the workplace and at home.
One of the biggest network security threats undoubtedly comes from Internet of Things (IoT) devices. As IoT devices have vastly expanded our networks and provided us with no end of possibility, from thermostats that can be controlled from anywhere to emails sent straight to your wristwatch. There will be approximately 20 billion IoT devices installed around the world by 2023.
However, in the rush to capitalise on the interconnectivity craze, strong security practice has mostly been left behind, meaning many of these smart devices become potential back doors for hackers to exploit to gain access to wider networks.
IoT issues in business
On a global basis, 52% of companies don’t know how to detect IoT breaches, meaning companies who operate Bring Your Own Device (BYOD) policies risk being exposed to insecurity in a way that is even more difficult to track than your average network hack. With the potential for IoT devices to be broken into at work and give hackers access to the wider network, insecurity could cause much wider data breaches across a number of industries.
To tackle the rising threat of data security and follow suit with such laws as the GDPR in Europe, companies will need to take responsibility for the data they handle and take a holistic approach to cyber security. Whether this is through more restrictive BYOD policies for companies handling large amounts of data or through ensuring all staff are cyber security aware and take action to secure their devices before introducing them to company networks.
IoT skills gap
The inability to detect breaches and the slow approach to security practices is due in part to a lack of skills, with 80% of respondents to a survey by Immarsat saying they didn’t have the skills to maintain their current IoT standing as it is. Cyber security is still a rapidly growing industry, which is why many of those entering the job pool have no experience with these new technologies, worsening the skills gap which already exists.
Education programmes with a cyber-security focus should aim to stay in part reactive to the industry to ensure that, while academic focus is maintained, students have more opportunities to engage with emerging technologies and tackle the sectors of the industry where skills are so sorely needed.
Although businesses should take responsibility for the ways they handle personal data and how securely it is transferred and stored, consumers also need to keep data security in mind in their interactions with businesses.
Data security is growing in prevalence in the media and consumers are more aware of how their data is handled by companies than ever before. However, recent stories have emerged about how home assistants like Google Home and Amazon Alexa store recordings which expose personal data to the human technicians on the other end. This shows that, though there is growing awareness, the public is still mostly unaware of how their data is dealt with.
While home assistants, voice control mobile applications and other smart devices aim to make modern life easier, everything they are absorbing can be compiled to form a picture of any individual’s identity. By considering how their data will be treated before making a purchase, consumers are likely to influence the industry to double down on safety and behave more responsibly with the huge volumes of data they process.
IoT technology has led to exciting new developments in every facet of life, with smart coffee machines, printers, watches and keys cropping up everywhere. But with more devices switching on, the unique safety concerns these extended networks bring will become increasingly dangerous unless tackled quickly.
By Damon Culbert from Cyber Security Professionals, specialist cyber security jobsite worldwide.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/