It’s being built with every new car and truck on the road, every smart speaker sold this holiday season, every time a new TV is connected to the web, every time a cutting-edge thermostat or refrigerator is installed, and every time a person gives a command to Amazon’s Alexa or another form of voice-assisted technology.
The Internet of Things (IoT), though still young and under construction, seems as inevitable as the high tide 12 hours hence. That may be true — it’s hard to imagine IoT, no matter the forms it will take, being derailed by anything outside the act-of-God category, something that might signal a civilizational collapse.
However, that doesn’t mean the emerging Internet of Things is as safe and secure as it can be — or should be. That’s why PYMNTS recently spoke with Isabelle Noblanc, vice president and general manager of identity management and security for UL, which provides security and trust services.
Without proper security around data, payments and personal ID, she said, the Internet of Things could fail to win the trust of many consumers (or might gain it much more slowly), which could impact IoT’s growth and capabilities, as well as the payments and commerce players that are part of the network. This means, on the development side, the companies that make the devices that will connect to the IoT “need to understand how those devices work in the ecosystem, and take security into account at a very early stage,” she said during her recent PYMNTS interview.
IoT Growth And Concerns
Noblanc’s message comes at an opportune time.
First, the global IoT market is projected to soar to $475 billion in 2020, up from $249 billion in 2018, according to Statista, attaining a compound annual growth rate (CAGR) of 22.4 percent in three years. One can see evidence of that growth in the popularity and ongoing development of smart speakers, along with the rise of connected cars and new investments in supply chain and inventory.
The concerns voiced by Noblanc are also reflected in the wider business world. For instance, a recent study pointed to IoT worries among smaller firms, along with anticipation about IoT benefits. The Nationwide fourth annual Business Owner Survey, released in late September, which surveyed 1,000 small and mid-sized business (SMB) owners about their views on cybersecurity, found that an overwhelming majority — 91 percent — use connected technology.
Tim Nunziata, director and division head of commercial E&O and cyber at Nationwide, told PYMNTS about ongoing fears among SMBs about cyberattacks that could “wipe out a small company,” a concern that seems likely to increase as IoT spreads. The company’s survey also found that 65 percent of SMBs do not have a dedicated employee or vendor in place to monitor cyberattacks.
His comments came against a backdrop where other observers have warned of IoT vulnerability. In October, data from a Princeton University study showed that hackers were able to take control of washing machines, air conditioners and other connected devices, and manipulate power demand across the grid, causing blackouts.
The antidote to such anxieties and dangers?
For one, companies involved in IoT would do better to work together toward common security standards than to go it alone, Noblanc said, pointing to standards groups involved in authentication and biometrics as examples. She noted that those companies must focus on security early on, instead of reacting to breaches and other problems later.
“I am a huge advocate of privacy and security by design,” she said. When UL speaks with such companies, “we advocate really looking at it as early as possible.”
In short, bake privacy and security into the design, Noblanc recommended, rather than wait for criminals to force one’s hand.
In addition, biometrics is emerging as a strong authentication tool, even as passwords continue to endure, she said. The use of biometrics — even voice recognition — could help set that sought-after balance of providing consumer efficiency and convenience in tandem with secure authentication.
The Consumer’s Role
Of course, it’s not just companies involved in IoT that will play major roles in security — so will consumers. “They should understand what data will be used” and by whom, Noblanc said, then make choices about how they will connect to and use the Internet of Things accordingly. To make those choices, though, the operations involved with building the IoT need to educate consumers and make them aware of the data — how it’s collected and used, and how it is secured.
It all comes down to trust, Noblanc stated. She compared the building of IoT, and its acceptance, to the situation a century or more ago when the electric grid was spreading throughout the country. “People had to trust that electricity was safe,” she said.
When it comes to the IoT, people will need to trust that their data is secure.