CW500 club

CW500: Internet of things to pose 'huge security and privacy risks'

Bill Goodwin

The emergence of the internet of things will expose businesses and individuals to security risks of unimaginable scale, it was claimed last week.

By 2020, trillions of sensors will be feeding data across the internet, recording everything from people’s movements to what they have just bought.

network_news_2012_05b.jpg

And there is growing interest from business and government planners in harnessing mobile phone location data from the public.

Such data may prove invaluable for city planning or alerting consumers to special offers on their favourite products in a nearby shop.

Unprecedented privacy and security risks

But it also poses unprecedented risks to individuals' privacy and security, a meeting of senior IT leaders heard.

“The attack surface by 2020 for an IT organisation will be infinitely bigger than today,” said Dan Wood, senior marketing manager of HP, which has conducted a study on the use of smart devices on the internet.

Hackers are well resourced, and they will target sensitive data from internet-based sensors, he said, speaking at a meeting of Computer Weekly's 500 club.

Traditional defences not enough 

Traditional perimeter and data defences are not going to be enough, he says. “You are going to have to look at human body as an example, and evolve adaptive self-healing security systems.”

Research by HP suggests that companies will give more board-level executives responsibility for security, as organisations seek to manage the risks.

“Your brand, your customer reputation, is tied up in how responsible and secure you are with customers' data. We have seen far too many examples of large organisations being attacked and suffering huge damage to their reputation,” says Wood.

Privacy risks 

As organisations gain greater access to data on their customers, including their location and context, they will have to make ethical decisions on how to use customers' information.

“As an business, to what extent is it acceptable to use all of that information? Are there some pieces of information we really should regard as private?” said Wood.

One answer is for companies to give their customers control over their data and the ability to choose who will have access to it, and where it will be used.

Lessons from the former Soviet Union 

“When I go to Marks & Spencer, I should know what it does with my data,” said Nick Bromley, portfolio programme manager at Transport for London, speaking at the same event.

“I should give one click on the website, and know where that data is, who is sharing it, and for what purpose,” he said.

Estonia is one of the leading countries at protecting privacy and transparency in the use of data. When the country won independence form the Soviet Union, it decided to make civil liberties a priority.

Estonia should be a model for the UK's approach, said Bromley.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy