FTC Warns of the Huge Security Risks in the Internet of Things


iPhone_6_Security

Then One/WIRED



There’s danger lurking in the Internet of Things.

At least, that’s the word from the Federal Trade Commission. On Tuesday, the government watchdog released a detailed report urging businesses to take some concrete steps in protecting the privacy and security of American consumers.


According to the FTC, 25 billion objects are already online worldwide, gathering information using sensors and communicating with each other over the internet, and this number is growing, with consumer goods companies, auto manufacturers, healthcare providers, and so many other businesses investing in the new breed of connected devices.


Such devices can help monitor your health, improve safety on highways, and make your home more efficient. But the FTC says that as manufacturers work to reduce the friction involved in using these smart things—to let people more easily gather data and send it to and fro—privacy and security is becoming a serious consumer concern.


So, last November, the FTC held an Internet of Things workshop, gathering input from leading technologists and academics, industry representatives, and consumer advocates, and Tuesday’s report is based in part on the workshop’s findings.


Security First


The report recommends that companies bake security into devices from the beginning, rather than trying to built it in as an afterthought. And those aren’t idle words.


According to a study from HP Security Research, 70 percent of the most commonly used Internet of Things devices had serious security vulnerabilities. And this issue was a recurring theme at the Black Hat and the DEFCON hacker conferences this past year.


The FTC also recommends training employees about the importance of security, emphasizing that security must be appropriately managed within each organization, and that includes any outside service providers that a company might hire.


Defense in Depth


To combat security threats, the report recommends a “defense-in-depth” strategy. In other words, instead of patching up a vulnerability or simply reacting to some breach after the fact, businesses should have a plan of action in place.


Plus, it urges businesses to carefully monitor connected devices throughout their expected life cycle, and to provide consumers with security patches for all known risks.


Best Data Practices


What’s more, the agency urges companies to consider extra measures that can keep unauthorized users from accessing personal data stored by devices. Today, the report says, some smart devices are carefully to upload only nonpermanent snapshots of data to company servers for analytics—in order to improve systems down the road—and most companies anonymize data. Nonetheless, the report recommends that businesses limit the collection of data in the first place.


When it comes to protecting personal data, the report argues for choice. Though there is no one-size-fits-all approach, the FTC acknowledges, companies can be transparent about how they deal with consumers’ information, especially in notifying customers about how their information will be used.



No comments:

Post a Comment