The Internet of Things (IoT) collects and stores data on each and every one of us, whether we know it or not, but according to a panel speaking at Advisen’s Cyber Risk Insights conference in Chicago last week, cybersecurity often takes a back seat in favor of rushing a product to market.
When asked about the current status of security for IoT devices ranging from wireless-enabled wearable technology, to internet connected medical equipment, to smart toasters, refrigerators, hairbrushes and even rectal thermometers, Matthew Erickson, executive director, at Digital Privacy Alliance said, “The phrase ‘dumpster fire’ comes to mind.”
“There are so many small players out there and also a lot of the smart-home devices,” said Erickson. “I’ve seen Alexa in law offices. I’ve seen voice-activated remotes in law offices listening to everything the lawyer is saying. Where is that data sent?”
According to the panelists, it is often the smaller IoT manufacturers that present the biggest cybersecurity challenges.
While regulators such as the FTC and FDA are emphasizing a security-by-design approach, other IoT companies outside of their regulatory purview often rush their products to market without fully addressing cybersecurity issues.