What if I told you the Ashley Madison data breach – the highly publicized leak of user account information for those engaged in extra marital affairs – is only a small fraction of Personally Identifiable Information being stolen every day. Thirty-seven (37) million accounts were obtained in the hack and made publicly available in July of 2015. And it’s not just those participating in immoral activity who are at risk. Purchase something from home depot in 2014? You were one of fifty-six (56) million whose credit card information was stolen. In February 2015, the largest healthcare provider network in the United States, Anthem (Blue Cross/Blue Shield) lost eighty (80) million healthcare records. Ebay lost one hundred forty-five (145) million records, JP Morgan Chase was hacked for seventy-six (76) million users in 2014.
The breaches aren’t limited to private company activity – all governments are at risk. Recently the IRS lost over three hundred thousand social security numbers and the user accounts tied to them. The hack wasn’t just a one-time incident, the hackers tracked the tax accounts in a ploy to file fake tax returns.
How hacked user accounts affect the internet of things.
The concept that is “the Internet of things” is the use of any device to be always on, always interacting with a user, and always storing data using the internet as a backbone in an effort to provide more products and services. Home Depot, Target, Ebay sell products. The IRS, Evernote, and Ubisoft all provide services. They were all compromised, and the services & products being birthed from IoT all transfer data over the internet to be intercepted, they all store information in disparate systems without a unique yet unified set of system security requirements for storing user’s personally identifiable information. The security holes are without flaws
According to Forbes, “This summer the Open Interconnect Consortium was created. This is an organization that purports to create a framework for the Internet of Things.” And security is one of the aspects of the IoT framework. Dave (the author) asks, “ …are we too late [for a framework]?”
Most of the fortune 100 companies are banking on the Internet of Things and they’re putting large amounts of dollars toward it. Google, Microsoft, IBM, Samsung, and Intel are all working on IoT initiatives in many different sectors accomplishing many different tasks.
The environment is highly fragmented, it is like comparing oranges to apples to mangos. Every company is working on different Internet of Things products & solutions and they’re not using a shared, unified system of security requirements to ensure user’s privacy and personally identifiable information are protected.
Conclusion: How can users protect themselves from the Internet of Things?
Those over in business intelligence analytics feel IoT will be a .7 billion dollar industry by 2019.
The point? Be cautious, careful, and cognizant.
Be cautious: make sure you understand what information is being shared, how much of it is personally identifiable, and protect your information.
Be careful: decide now what level of sharing is acceptable for you. Integrated systems that track your movement, order grocers automatically and report your health to your healthcare provider are on their way. Which level of data sharing is the most acceptable level for you and your family?
Be cognizant: Does the manufacture/provider of the service store your data encrypted at all times in the latest data encryption methods? Boston University has a great white paper on how data should be stored. A bit of deep reading, but there if you need it.
In the end, Michael Porter (the father of Porter’s 5 forces) believes the Internet of Things is the next big wave of information technology innovation – similar to the PC or the internet. Change is everlasting, a constant with good intentions. Companies (and individuals) need to have privacy and user data protection front and center, however this is not the trend. We need a security framework, we need to protect user’s data, and it’s up to the end users to enforce such regulations. It’s going to get worse before it gets better, and it will get better because we require it to.