The internet of things (IoT) holds amazing promise for new ways to interact with and leverage technology but the expanding connectivity brings more opportunities for hacking. The situation looks to become more complicated and dangerous this year.
Cybersecurity-related issues dominated the headlines in 2016, including revelations about 1.5 billion compromised Yahoo Inc. user accounts and a distributed denial-of-service attack that paralyzed internet access for users along the U.S. East Coast by hijacking internet of things connected devices and turning them into botnets. The bad news is, cybersecurity threats will continue to grow in 2017, according to a report by San Jose, Calif-based data analytics company Fair Isacc Corp. (FICO).
Companies that make connected devices have been put on notice by the Federal Trade Commission statements and the insights of attorney analysts that the FTC intended to turn enforcement attention to IoT in 2017. In January, the commission sued Taiwan-based D-Link Corp. and its U.S. subsidiary D-Link Systems Inc. for allegedly failing to take reasonable steps to secure wireless routers and webcams they sold. This isn’t the first time that the FTC has taken action over router data security. In July, the FTC finalized an administrative settlement with Taiwan-based ASUSTeK Computer Inc. over allegations that security flaws in the company’s router put consumers’ home networks at risk.
According to FICO’s “17 Financial Crime Predictions for 2017,” due to the lack of security features in web-connected devices, cyberattacks using hijacked IoT devices will increase in 2017. The report said that it is a “great deal easier” to create an IoT botnet than to compromise personal computers. In addition to common connected consumer devices, including smart phones, tablets and web cameras, the FICO report warned that internet-connected vehicles and self-driving cars can present “serious security threats that are very real, impacting not only data but physical safety.”
This concern is shared by others, including lawmakers and industry groups. In a recent video interview, Congressman Ted Lieu (D-Calif.) highlighted the potential dangers of a hacked connected car. If cars get hacked, they can be weaponized to harm and even kill people, Lieu told Bloomberg BNA. In January, Lieu introduced the Security and Privacy in Your Car Study Act (SPY Car Study Act) with Congressman Joe Wilson (R-S.C.), which seeks to ensure that cybersecurity for connected vehicles keeps pace with the technological advances. The SPY Car Study Act calls for working with all stakeholders to set standards on how to regulate cybersecurity in vehicles, Lieu said.
There is some good news too. The FICO report predicted that 2017 will be year of improved cloud computing security and deployment. Increased use of cloud will help small companies focus on their operations, and not software maintenance, it said. The report also predicted that more consumers will evaluate and improve their own cybersecurity practices. Perhaps consumers will stop blaming companies for their cybersecurity woes and recover from security fatigue in 2017.
To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.
