Forget Chinese hackers. American technology companies already realize that the biggest threat to their corporate image is the perception that they can’t be trusted to protect customer data. And it’s the Internet of Things, not state-sponsored cyberspies, that presents the biggest threat to that information.
That's according to top information officers from companies like Symantec, Cisco, RSA Security and others who gathered at the NASDAQ Monday for an event hosted by the National Cybersecurity Alliance.
The so-called Internet of Things is a broad definition for physical objects connected to the Internet or able to exchange data. Smartphones are the most obvious example, or an app that can open garage doors, but that will soon include more high-value devices like traffic lights and nuclear power plants. Approximately 10 billion electronics around the world make up the Internet of Things now, and various estimates predict that total will exceed 50 billion objects by 2020.
“If you don’t have confidence in the company you’re doing business with, you probably won’t do business with them," said Tim Fitzgerald, chief security officer at Symantec. "That’s going to help raise the bar when it comes to customers’ expectations about what companies need to do.”
It’s already happening. Fiat Chrysler was roundly criticized in September when, after two researchers proved they could remotely halt a moving Jeep on a busy highway, the company mailed out a USB drive containing the software patch to millions of customers. Tesla Motors, on the other hand, responded to a similar hack by issuing an over-the-air software update that customers could download immediately. The gap presented itself again when Tesla unveiled autonomous driving technology, while Fiat Chrysler has maintained it will continue on the traditional course.
Seventy-nine percent of Americans said they felt “confidently safe” that Internet-connected devices in their home are properly secured, according to a study released last week by the National Cybersecurity Alliance. That's pretty high, even as one in five American households has been notified that their information was compromised as part of a data breach, the study found.
The Internet of Things presents an opportunity for technology developers to build in security from inception. That wasn’t the case when computers first began to dominate the workplace, when they were connected to the Internet, or even when mobile devices became essential. Even better motivation for businesses to include security, along with protecting information, is to actually make money from it.
“We have an opportunity now to get ahead of this,” said Sven Schrecker, chief architect of IoT security solutions at Intel. “There’s no reason to wait until it’s too late this time. We have the lessons of history.”
The way to protect IoT devices effectively, Schrecker said, is to protect a device, protect the communications sent between each device, and then monitor what happens on each device. By tracking what kind of activity occurs on an IoT device, businesses can find potential flaws in their own products. From there, they can essentially monetize security.
“The currency of IoT is data, and protecting the data is key,” he said.
The Federal Trade Commission has already recommended a series of steps that companies should take to adjust to the Internet of Things, but experts say it will be up to the private sector to adopt more-secure methods of communication. They just can’t afford not to.
“Think of a doctor trying to send an X-ray file to another doctor outside his hospital,” said Ed Amoroso, chief security officer at AT&T. “That’s the paradigm for Internet of Things.”