There's a misconception among trusting mobile and Wi-Fi network users that often leaves personal data dangling on a hook over a sea of ready hackers. This misguided belief gives consumers a sense of relief when they purchase software that supposedly serves as an ultimate protector of everything. They rest peacefully at night, happily believing that their newly acquired security software or device also equals privacy. Although this thought is comforting, the harsh wake up call is that security does not equate to privacy.
I understand the temptation to entertain the idea that once a connected security device is installed, there's no more need to worry about personal data becoming public. Sadly, the reality is that security devices can't defend you fully. The time is now for IoT security companies to hone in on privacy as well. With a focus on both security and privacy, your cyber protection can be significantly improved. So, if security and privacy really don't equate to one another, what are the differences between them?
Security
Think through your day since this morning. How many emails, personal messages, and texts have you sent and received? How many sites have you visited? Each of these is an opportunity for hackers to interfere with transference. This is where security steps in. Security is the ability to protect data from being manipulated, corrupted or exchanged by unauthorised individuals or companies. While it includes many different facets - network security, data security and identity management to name a few - the general idea is to keep networks, computers, and data secure from sources that would hold them for ransom, alter or control them remotely.
It's easy to think security and privacy are one in the same when so many categories fall under the security umbrella. But when we talk cybersecurity it specifies the tools and technologies designed to protect data from malicious attacks and the use of stolen data for a profit. This year alone, global ransomware damage costs are predicted to exceed $5 billion -- an increase of 15X that of $325 million in 2015. Cybercrime has become quite a problem over the years, second only to terrorism in the eyes of Homeland Security.
When IoT security companies design and release products, their main focus is defending and protecting your data from unauthorised sources and interference from these cyber criminals. This security does not mean that you will be the only one viewing the data, just that it will only go to those companies and individuals who have contracts and permission to be able to view it. While security is needed to protect data, it's not enough to address privacy.
Privacy
The definition of privacy really depends on who you ask. Some people believe it's living life without too much intrusion; others believe it's much more than that. In the case of IoT, I say that privacy is the right to control what happens to your personal information.
We live in a hyper connected world. The whole idea behind the internet was to create a network that allowed for the exchange of information and ideas. This comes with the risk of revealing personal information to sources where it may be used without your knowledge. Understanding this, it's safe to assume that your information is already out there. Privacy is a matter of who has access to your personal data and how it is or isn't distributed.
As our world grows smarter, we must consider the safety of more than just textual information. Our smart speakers, smart cameras, voice assistance, home appliances, exercise and life-enhancing devices now have capabilities that, if misused, could severely threaten our privacy. These products, equipped with multiple sensors such as microphones, cameras, voice recognition technology and more, can be manipulated and controlled remotely if they're not secured. Who's to say when a device is or isn't listening in on mundane or sensitive conversations?
Where Cyber and Physical Threats Meet
These vulnerabilities can be quickly exploited and create a physical threat out of what should have only been a cyber threat. A prime example of this is highlighted in a recent vulnerability report that showed just how hackable our lives can be using a rather well-known smart alarm product. It highlighted the key vulnerabilities that were found when the device was hacked. What this taught us is that when devices like these are compromised, hackers can gain access to your physical whereabouts including your home address, your private data, disarm the alarm completely, essentially posting a "welcome to my home" sign to all sorts of cyber criminals, and even access the same information about all other owners of the vulnerable product.
As intimidating as all this may seem, if IoT products developers in every facet of security focus on privacy measures to prevent these kinds of weaknesses, we can enjoy peace of mind in our homes. The problem is that too many of them don't prioritise data protection when they develop these kinds of devices. Doing so is the key to true network and data protection and identity management.
2017 has seen a number of major breaches because of this lack of security built into connected devices. While IoT devices are opening a world of possibilities in our homes, they also open our back doors to cyber threats. So remember to defend your security and ensure your privacy by monitoring online communication and other activities.