IoT Privacy & Security

IoT Privacy & Security

September 30, 2021

IoT (Internet of Things)

The growth and acceptance of IoT (Internet of Things) have been astronomical. From 2017-2019 some sectors that adopted IoT reached a CAGR of 50% while the market as a whole was projected to reach $520B in revenue. IoT surpassed these projected numbers in 2020 when reaching $761.4B and although the CAGR has dropped at an average market-wide to 10.53%, the new projection in 2026 is currently at $1,386B in revenue. The ROI (Return on Investment) has been monumental as industry leaders have seen a direct and indirect benefit to the adoption of IoT. A reduction in business expense has been a direct benefit for many businesses with IoT implementation strategies. This has also improved customer satisfaction and improved long-term strategic planning indirectly. IoT devices have taken the world by storm but the insurmountable growth has come at a cost. Consumer privacy and data security are a concern for all IoT service providers and manufacturers.


Privacy with the growth of IoT devices is being compromised and regulators are under continuous pressure to make sure consumers’ privacy is being protected. Many IoT devices collect data that consumers are not aware of, and the privacy regulations currently do not prevent consumer data from being collected. Companies operating without a (PIA) Privacy Impact Assessment are completely unaware of the risk. PIA allows a company to become aware of the risk, and security concerns that any new IT/OT endeavor may bring about. IoT service providers and manufactures must constantly battle to protect their consumers’ data.

The ability does exist to track information, yet consumers are unaware that their data is being captured for analysis. Businesses are able to create public profiles that help build target audiences and price points for each of their customers. 

These privacy concerns can also attract the potential of hackers who can intercept unencrypted data that has been built from public profiles of individuals. There are ways to counter this issue of releasing too much consumer data, and it is important in the future to address it to ensure consumer confidence, as the industry expands. Increasing consumers’ capability of managing access control to their data could be a mitigating factor for privacy concerns. This will also allow the consumers to understand what is really happening with their data, such as analytics, where it is stored, and if shared. Ensuring consumer confidence with the help of regulators could benefit IoT in the future. But privacy will be a constant challenge the industry will face as innovation advances.


Technology advancement over the past decade has been phenomenal, with the transition to mobile devices and the immediate rise in data, we have seen innovation take off in ways we could not imagine. With constant innovation and research being done, experts are now trying to prevent security from being compromised. Global IoT security spending to prevent compromised endpoints is supposed to grow to $3.1 billion this year.  The possibility of hacking is a huge risk that IoT devices will continue to face. In 2018, Samsung had to immediately update its firmware as several security flaws were found within its ‘smart’ devices. This exposed Samsung to numerous threats that could comprise user data as well as application infrastructure. As the footprint of IoT endpoints increases so does the opportunity for a hacker to install malware or disrupt services.

The configuration of IoT devices is at extreme risk of malware attacks and botnets exploiting vulnerabilities because of the easy access to stored information. Botnets can perform DDoS (Distributed Denial of Service) attacks that will send multiple web requests to a server and disrupt the functionality of the device. Default passwords are one of the largest risks IoT devices face when it comes to security exploitation as attackers can easily identify these internet-connected devices.  AT&T Vice President of Security Solutions, Jason Porter, recently reported that IoT devices have multiple authentication layers that must cover to prevent devices from being compromised.

There are many points in the security of IoT devices that need to be addressed and although 80% of senior executives across all industries believe that IoT devices are essential, it will be very crucial for them to take into account the privacy and security concerns that develop. Lawmakers are also an important part of the progression of IoT devices. Congress in November 2020, passed a bill that enhances the cybersecurity of IoT. This effort to keep government regulations up to date, will help to maintain consumer confidence while IoT devices continue to grow as an industry standard worldwide.


In my opinion, it is paramount that the IoT industry makes every effort to secure consumer data, which includes making it known how the data will be used. For businesses with current IoT projects, having a Privacy Impact Assessment performed will provide awareness of the risk and what processes are required for mitigation. Hiring a third party to perform a Privacy Impact Assessment is the best method to receive an objective assessment!                                                                  

Will Robinson has worked in the Information Technology field for the past twenty-nine years. First, serving his country as a Radioman in the United States Navy for four years. After his Navy tour, he pursued a career in Information Technology and has earned a multitude of advanced computer certifications, currently holding, and maintaining the Certified Information Systems Security Professional (CISSP) and the Certified SCADA Security Architect (CSSA) certificates. For the past thirteen years, Mr. Robinson has served on many security teams responsible for assessing cyber risk for Information Systems and Control Systems and the Internet of Things.