Can IoT projects overcome security and privacy challenges?
When Wi-SUN Alliance published its first Internet of Things (IoT) ‘state of the nation’ report in 2017, we were not surprised to see security as one of the main concerns among survey respondents (IT decision makers at UK and US organisations), with the majority ranking security as one of their top three challenges when rolling out IoT.
In 2022 we revisited the study to see how attitudes and adoption patterns have changed within organisations across a range of different industries, from utilities and telecoms to government and energy companies.
IoT is a bigger IT priority than ever. The vast majority agree they must invest in IoT technologies to gain a competitive advantage, reduce costs, and create business efficiencies.
Looking at the two studies over a five-year period, it’s clear that there are more companies not just thinking about the technology, but also planning to roll out IoT initiatives. These include more established use cases for security and surveillance, distribution automation and advanced meter infrastructure (AMI). It’s good to see growing enthusiasm for other IoT applications designed for smart cities, such as smart parking and electric vehicle charging.
With the market maturing and a growing range of IoT solutions and devices available, organisations are becoming more ambitious and open to the idea of planning and deploying services and applications. Such projects, however, can remain challenging.
Security still a concern, as data privacy concerns increase
Security remains a challenge for some organisations, but it’s becoming less of a concern five years on. Respondents ranking security as one of their ‘top three challenges when rolling out IoT’ fell from 58% in 2017 to 24% in 2022.
The number of respondents viewing it as a technical challenge also fell, from 65% in 2017 to 42% in 2022, indicating fewer concerns but still highlighting it as an issue. Organisations might be less worried about security, but it is still on their risk list.
While security is seen as less challenging than it used to be, there are growing fears over data privacy.
IoT projects like smart metering, streetlighting, and smart city applications using hundreds and possibly thousands of devices and sensors have the potential to generate huge amounts of data. Even if this information is secure, handling it responsibly represents a privacy risk.
Managing large volumes of data is technically difficult, especially when regulators interpret it as sensitive personal information. Organisations who mishandle or misuse it risk running into compliance issues.
Data privacy regulation was ranked the second-highest political, economic, or social challenge for IoT adopters, with 36% placing it in their top three, just behind the need to reprioritise spending due to Covid and ahead of budget cuts resulting from the pandemic.
Fears over big data have jumped to 19% from 11%, placing it in their top three IoT rollout challenges in the last five years, and one in four respondents citing regulatory concerns.
This is no surprise, given the focus on data protection in recent years. Since our first study, stricter privacy laws have put pressure on organisations to protect sensitive data, including the introduction of the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and other privacy regulations.
There’s evidence of a growing number of attacks targeted at IoT devices, applications and services in recent years, leading to the launch of denial of service (DDoS) attacks. Mirai is perhaps the most well-known IoT attack. Dating back to October 2016, it took advantage of insecure IoT devices, such as CCTV and routers, to launch a massive DDoS attack.
Astonishingly, it’s still used today by malware developers to attack vulnerable systems, from manufacturing to critical infrastructure.
The journey to IoT is maturing, with organisations becoming more ambitious in their thinking and their approach. It is now a bigger priority than ever across all sectors, and the scale of what is being planned over the next few years is encouraging.
It is clear that this journey continues towards true IoT maturity. Obstacles remain, and organisations will need to work to overcome them.