Despite rampant outbreak of cybersecurity incidents, consumers are still not taking proper steps to safeguard their internet-connected devices, concluded an ESET survey study with 4,000 participants.
With a tally of 7 billion and counting, the number of IoT devices is expected to rise to 21 billion by 2025. According to IoT Analytics, the number of breaches will grow accordingly. The most vulnerable consumer devices include cars, cameras, appliances, thermostats, and smart home systems.
The ESET report revealed that Canadian consumers are not properly vetting where their data is being sent off to.
Only 29 per cent of Canadian respondents said they research where their data goes before purchasing a device. After installation, just 42 per cent of Canadians turn off needless features that collect data.
“Be aware of the information that you’re sharing, you’re agreeing to share, and understand who they’re sharing that information with,” said Bob Bonneau, country manager for ESET Canada. “And oftentimes that gets buried in app permissions and other things that people quickly go through in an effort to get access to or to have a plugged in or have it function. I think it falls back to the individual who doesn’t have an appreciation for the potential risk and doesn’t spend the time to understand what they’re actually agreeing to do.”
Furthermore, Bonneau said that education is the key to helping consumers understand the risk of today’s cybersecurity world. In addition, companies need to use simple, concise language when conveying their security policies.
“I think it would be great to see schools starting to take some notice and doing training. And I think you’re starting to see that in spots. We’re educating the kind of students and our children as they grow up and kind of use these devices more and more.”
The topic of education in cybersecurity of awareness has been stressed time and time again. Bonneau said that despite big pushes from both the public and private sectors to highlight the risks, consumers need to gain an impetus to seek out this information. More often than not, consumers fall into a dangerous complacency, like how fish feel safer when swimming in a school.
“If you appreciate a certain level of risk, if it’s high, you’re going to spend more energy trying to mitigate yourself from it. And I think there’s a bit of comfort in [thinking] ‘what do they want from me? I’m kind of small potatoes.’ or ‘there’s nothing they can get from me, I’m kind of that low guy on the totem pole.’ And it’s that kind of false sense of reassurance that they’re giving themselves that I think allows people to just kind of gloss through some of that stuff.”
While the burden of hardening security rests largely on the device manufacturer, it doesn’t remove users of that responsibility. Consumers also need to diligently educate themselves on the potential risks and protect their devices.
Maintaining good password habits is an easy way to protect IoT devices. Frequently using unique, strong passwords is effective at thwarting brute force attacks. Although attack vectors are becoming increasingly sophisticated, brute force attacks (where attackers try to guess the correct authentication key) are still prevalent because of their simplicity and reliability. An eSentire 2017 Annual Threat Report revealed that the prevalence of brute force attacks rose by 400 per cent in 2017 alone.
Despite the risks, 61 per cent of survey participants have not changed their router password or do not know it has ever been changed since installation. More troubling, only 38 per cent of Canadian consumers set a unique password for each of their devices. British Colombia ranks highest with 43 per cent, while Quebec sits at the bottom at just 20 per cent.