CW500: Internet of things to pose 'huge security and privacy risks'

The internet of things will pose enormous security and privacy challenges, a recent CW500 Club meeting heard

The emergence of the internet of things will expose businesses and individuals to security risks of unimaginable scale, it was claimed last week.

By 2020, trillions of sensors will be feeding data across the internet, recording everything from people's movements to what they have just bought.

And there is growing interest from business and government planners in harnessing mobile phone location data from the public.

Such data may prove invaluable for city planning or alerting consumers to special offers on their favourite products in a nearby shop.

Unprecedented privacy and security risks

But it also poses unprecedented risks to individuals' privacy and security, a meeting of senior IT leaders heard.

"The attack surface by 2020 for an IT organisation will be infinitely bigger than today," said Dan Wood, senior marketing manager of HP, which has conducted a study on the use of smart devices on the internet.

Hackers are well resourced, and they will target sensitive data from internet-based sensors, he said, speaking at a meeting of Computer Weekly's 500 club.

Traditional defences not enough 

Traditional perimeter and data defences are not going to be enough, he says. "You are going to have to look at human body as an example, and evolve adaptive self-healing security systems."

Research by HP suggests that companies will give more board-level executives responsibility for security, as organisations seek to manage the risks.

"Your brand, your customer reputation, is tied up in how responsible and secure you are with customers' data. We have seen far too many examples of large organisations being attacked and suffering huge damage to their reputation," says Wood.

More on data privacy

  • Consumers demand action to protect their privacy online
  • Big data privacy concerns spur research, innovation
  • Data Protection Masterclass: Global Privacy
  • Beyond privacy policies: Practical privacy for websites and mobile apps
  • NSA surveillance leads to tighter data privacy policies

Privacy risks 

As organisations gain greater access to data on their customers, including their location and context, they will have to make ethical decisions on how to use customers' information.

"As an business, to what extent is it acceptable to use all of that information? Are there some pieces of information we really should regard as private?" said Wood.

One answer is for companies to give their customers control over their data and the ability to choose who will have access to it, and where it will be used.

Lessons from the former Soviet Union 

"When I go to Marks & Spencer, I should know what it does with my data," said Nick Bromley, portfolio programme manager at Transport for London, speaking at the same event.

"I should give one click on the website, and know where that data is, who is sharing it, and for what purpose," he said.

Estonia is one of the leading countries at protecting privacy and transparency in the use of data. When the country won independence form the Soviet Union, it decided to make civil liberties a priority.

Estonia should be a model for the UK's approach, said Bromley.

Read more on Wireless networking