Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Can We Find a Balance Between Security and Convenience?

The concept of something monitoring every conversation and action that takes place in the privacy of our own homes is unsettling – something straight out of a Black Mirror episode. That’s why it’s fascinating to see voice-activated, Internet-connected devices starting to infiltrate our everyday lives.

The concept of something monitoring every conversation and action that takes place in the privacy of our own homes is unsettling – something straight out of a Black Mirror episode. That’s why it’s fascinating to see voice-activated, Internet-connected devices starting to infiltrate our everyday lives. While these devices offer convenience, allowing us turn on the lights, change the music and talk to our friends from the comfort of the couch, our increasingly connected world opens us up to security and privacy risks.

The fact is that IoT is here to stay, but the ubiquity of these devices is creating a much larger attack surface and easy entry points for hackers to gain access to users’ networks. So what’s the solution? It starts with implementing real-time, continuous visibility and establishing a policy framework that encourages the development of a robust IoT ecosystem globally. Only with this enhanced infrastructure in place will we be able to protect the data that consumers are creating through the use of their Internet-connected devices.

Protecting this data is a necessity as more and more consumers are voluntarily offering up their rights to security or privacy in search for convenience. A 2016 Pew Research study indicated that over half of Americans find it acceptable to trade certain privacy rights in exchange for something of value, such as installing workplace surveillance cameras to keep items safe in the office or managing patient healthcare records online. Here’s how it’s happening:

On the Internet: A certain level of trust in the system has become innate, which has led to many people ceasing to worry about so-called “minor” items being leaked on the Internet. Many users feel no qualms about using their legal full name on Facebook, for instance, or posting their email address and phone number on LinkedIn or when signing up for a contest or giveaway. If it isn’t a social security or credit card number, the typical user doesn’t concern themselves with the amount of personal data that’s available online. For most, the added convenience of perpetual connection to others and access to unlimited information online is worth the trade-off of a less private online presence. Most phone numbers and addresses can be purchased on various public information clearinghouse websites, while stolen credit card information and social security numbers, such as the information that was recently stolen from Equifax, can be easily purchased on the dark web.

In the home: Over the past few years, data has gone beyond the computer screen and into our day-to-day lives. Smart speakers such as the Amazon Echo have turned the home into connected locations, where a shopping purchase or music playlist is never more than an “Alexa” away. These types of devices are extremely handy for busy individuals or families, but they also introduce an unprecedented level of data gathering.

On (or in) your person: Smartphones have practically turned humans into living tracking beacons, with devices in their pockets that constantly monitor their physical activity and location. Going even a step further, consider the Wisconsin company that recently made headlines for RFID chipping their employees. The chips are purported to offer various benefits for both the corporation and the employee, streamlining tasks such as making purchases at the company store and using the copy machine. However, the ethical and privacy implications of this technology have been discussed at length and further emphasized the need to protect users’ data, especially when that data is the user itself.

Amidst all of this data collection, there has been a cry from many about implementing a form of policy to regulate what organizations can or cannot do with the data they receive from their various products – whether it’s a smart TV or an employee-planted chip. The U.S. government recently introduced a new proposed policy to regulate IoT devices in use by the government, stating they must be “patchable” and conform to industry security standards.

Regardless of what form of regulation ultimately is put in place, the important piece to consider is ensuring that any and all policy is drafted in a way that helps progress, not impedes it. If the only policy put in place is stricter regulation around the level of security a device needs to have to enter the market, the negative impact won’t fall on the hackers, it will fall on the device manufacturers. This could then snowball into a burden on businesses that would constantly have to upkeep devices with software or full hardware rip-and-replace refreshes.

That’s why it’s so important to maintain security in the entire network, not at the device level – whether that device is a computer, a smartphone or a human being. As such, effective security management means having a unified approach that consolidates policy management, visibility and reporting across all physical, private and public networks. Network security must be intuitive enough for all stakeholders to manage easily, scalable enough to handle security deployments wherever data flows and autonomous enough to intelligently correlate events across the entire network. Only then can the convenience these connected devices offer be offset by the security that is necessary to keep users’ data safe.

Related: New Legislation Could Force Security Into IoT

Written By

Click to comment

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...