How Data Breaches Are Hitting Consumer Wallets

IOT_Icons_Security.png

As more devices get plugged into the Internet of Things (IoT), more vulnerabilities for data breaches emerge. These weaknesses in the IoT infrastructure come at a weighty cost not only for organizations, but individual consumers as well.

In 2017, the average cost of one data breach for organizations was $3.62 million. This figure was calculated in the 12th Annual “Cost of Data Breach Study,” sponsored by IBM and independently conducted by the Ponemon Institute. IoT security becomes a crucial issue in face of these breaches, which are no longer a rare occurrence, but rather a weekly headliner. More than 1,500 data breaches occurred in 2017, with viruses, hackers, botnets and underground thieves hitting organizations, retail establishments, restaurants, hospitals and companies designed to protect data in the first place.

Photo by matejmo/iStock / Getty Images

The human cost to breaches is a more often overlooked consequence. A handful of researchers from the University of California at Berkeley noted the dearth of information regarding the harm to individual consumers. Armed with a grant from the Center for Long-Term Cybersecurity, the researchers set out to identify the costs to consumers in the context of three malware attacks:

  • Consumer IoT devices infected with Mirai malware
  • Consumer costs of large-scale distributed denial of service attacks (DDoS) on Dyn, Inc. and KrebsOnSecurity website caused by IoT botnets
  • A hypothetical worst-case scenario attack on a large pool of insecure IoT devices

According to the researchers’ cost calculator, the median cost of one security breach of a consumer’s device, including electricity and bandwidth consumption—costs borne by consumers—comes to $323,973.75. This staggering number is a distinct call for IoT security.

Because consumer costs resulting from what the researchers call “insecure IoT devices” are not widely known or available, manufacturers have no real incentive to design more secure products.

This research paper is a frontrunner in exploring the issue, and provides a thorough examination as to how consumers may be affected by these breaches and possible regulations that could be used to promote a more secure IoT ecosystem.

You can read the full paper here.

Featured
Making Connected Health Safe and Secure Under Smartphone Control
Making Connected Health Safe and Secure Under Smartphone Control

Solution providers must go beyond mobile devices’ inadequate built-in security mechanisms while also ensuring the necessary “always-on” connectivity for reliably exchanging safety-critical data and commands between smartphone apps, the IoT devices and the cloud.

IoT Deployments of Any Size Can Now Be Protected with Pre-provisioned Hardware-based Secure Elements
IoT Deployments of Any Size Can Now Be Protected with Pre-provisioned Hardware-based Secure Elements

The IoT has massively broadened the potential threat landscape for the entire market. To mitigate this vulnerability, industry best practices dictate that the authentication model of the connected device be strengthened using a secure element that has been configured for storing private keys and handling crypto-algorithmic secrets. Unfortunately, due mostly to supply chain logistic constraints, this approach has been challenging to onboard for most small-to-medium sized deployments.

The Secure Technology Alliance, formerly the Smart Card Alliance, developed this website to provide information and resources on the Internet of Things.

 

We want to hear from you

What do you want to know about the IoT security? Let us know what you think using the online form, and follow our activities on Twitter and Facebook!