As more devices get plugged into the Internet of Things (IoT), more vulnerabilities for data breaches emerge. These weaknesses in the IoT infrastructure come at a weighty cost not only for organizations, but individual consumers as well.
In 2017, the average cost of one data breach for organizations was $3.62 million. This figure was calculated in the 12th Annual “Cost of Data Breach Study,” sponsored by IBM and independently conducted by the Ponemon Institute. IoT security becomes a crucial issue in face of these breaches, which are no longer a rare occurrence, but rather a weekly headliner. More than 1,500 data breaches occurred in 2017, with viruses, hackers, botnets and underground thieves hitting organizations, retail establishments, restaurants, hospitals and companies designed to protect data in the first place.
The human cost to breaches is a more often overlooked consequence. A handful of researchers from the University of California at Berkeley noted the dearth of information regarding the harm to individual consumers. Armed with a grant from the Center for Long-Term Cybersecurity, the researchers set out to identify the costs to consumers in the context of three malware attacks:
- Consumer IoT devices infected with Mirai malware
- Consumer costs of large-scale distributed denial of service attacks (DDoS) on Dyn, Inc. and KrebsOnSecurity website caused by IoT botnets
- A hypothetical worst-case scenario attack on a large pool of insecure IoT devices
According to the researchers’ cost calculator, the median cost of one security breach of a consumer’s device, including electricity and bandwidth consumption—costs borne by consumers—comes to $323,973.75. This staggering number is a distinct call for IoT security.
Because consumer costs resulting from what the researchers call “insecure IoT devices” are not widely known or available, manufacturers have no real incentive to design more secure products.
This research paper is a frontrunner in exploring the issue, and provides a thorough examination as to how consumers may be affected by these breaches and possible regulations that could be used to promote a more secure IoT ecosystem.
You can read the full paper here.