By Andrew Thomas, Managing Director, Europe, for CSID
In today’s digital age, identity management is a complex task that requires not just a hefty dose of common sense when sharing information on the Internet, but also a reliance on third-party businesses to safeguard that information and respect consumer privacy. Prolific media coverage about cyber security is keeping us on our toes. Data breaches at well-known retailers have created more general awareness around threats like malware and phishing scams, but just as we begin to feel more confident about our preparedness, we hear rumblings of a new cybercrime frontier: The Internet of Things (IoT). Suddenly the conversation around identity management heats up, as our lives become increasingly intertwined with technology.
Born out of the convergence of wireless technologies, micro-electromechanical systems and the Internet, the IoT will allow data to be automatically transferred over a network without human-to-human or human-to-computer interaction. With the advent of the IoT, robust personal information is being continuously tracked and captured, many times without the consumer knowing the data is being collected. The growing number of devices being connected is astounding. Cisco estimates that there will be 50 billion connected devices by 2020, up from 10 billion in 2013. Wearables, such as fitness trackers and connected watches, intelligent home appliances like thermostats and refrigerators, even the cars we drive will soon be collecting and sending data on our driving habits. To put it in perspective, the IoT will become larger than the smart phone, tablet and PC markets combined.
While this connectedness brings everyday life conveniences, it also exposes consumers and businesses to an era of data sharing ignorance. Up until this point, though often questioned and debated, consumers have largely been aware of the types of data that they are sharing (and with whom) through social media interactions and ecommerce transactions. This will not be the case with the IoT, since much of the data is accumulated passively. As such, it is unknown what the implications will be on identity management and privacy protection.
As we move further into the era of the IoT, these smart devices will contain a range of sensitive personal information: from standard details like email, home address and birthdate to more behavioural data, such as which TV programmes we watch, how much we exercise, what hours we are typically at home or away, and where we are. Thermostat makers using smart technology will suddenly be able to tell the company about its users and their behaviour without any active decisions being made on the consumers’ part to share that information. This presents a lucrative opportunity for hackers.
Last year, security firm Proofpoint uncovered a cyber attack that had more than 100,000 connected devices sending out spam emails. One of these devices was a refrigerator. Although an Internet-connected fridge does not yet house much personal information about its user, this example does show the vulnerability of these newly connected devices.
So, as we approach this relatively unchartered territory of automatic and passive connectivity, what are the best identity management practices for mitigating the risks along the way?
• Awareness and education. It is important for consumers to be aware of the tradeoffs of sacrificing data capture for convenience and utility in this more connected life. It is also equally important for businesses to understand the risks of collecting this information, and ensure they are properly securing consumer data.
• Read the fine print. When it comes to connected devices, understanding what personal data is being collected and how it will be used may help you determine if you want to opt-in or not. Businesses have a responsibility to be transparent about the information they collect and how they will use it
• Identity monitoring. As we confront this new frontier, identity monitoring services provide advance warning of potential compromise of your personal information and other fraudulent activity – a key component in the mitigation practices for all cybercrime.
To keep up with the ever-changing technology environment, identity management will need to adapt and evolve at a similar pace, as our devices become increasingly integrated into our everyday lives.