A new report by Acquity Group has found that consumer adoption of connected technology is growing. The 2014 State of the Internet of Things, which surveyed more than 2,000 people in the U.S. about their use of connected devices, discovered 69 percent of consumers are planning to buy an IoT device for their home over the next five years.
Connected devices like fitness bands, security systems and smart thermostats are expected to be the most popular devices with consumers in the coming years, according to the report. Wearable IoT devices are also projected to grow in popularity, with nearly half of all consumers projected to own such a device or planning to purchase one by 2019.
The study also found that 13 percent of adults will own some type of in-home connected device by the end of next year, more than tripling the number of consumers who already own such technology, PC Magazine reported.
While IoT devices are becoming increasingly popular, their rise is worrisome to security experts. The personal data amassed by these machines provide more than enough information for cybercrimianls to conduct sophisticated social-engineering attacks. Couple the personal information available with the vulnerabilities created by the rush to connect devices and trouble is inevitable.
Researchers at this year's Black Hat security conference highlighted the vast amount of threats present in the IoT with the presentation of 13 previously unknown vulnerabilities found in network storage systems and home Wi-Fi routers, both of which are used to create the core infrastructure of smart devices. As an influx of interconnection between people and homes with devices that have yet to be fully secured, it is only a matter of time before new threats emerge and start to target the enterprise.
The more information available about someone, the easier it is to trick them into thinking something is legitimate, and devices connected to the IoT help cybercriminals to achieve this very quickly. VentureBeat contributor Sarah Isaacs relayed an instance in which a French company was defrauded by cybercriminals who gained access to personal information about the enterprise's vice president.
"Consider how hackers hit a French multinational organization in 2013," explained Isaacs. "First, they sent a phishing email to a vice president's administrative assistant, referencing an invoice hosted on a file-sharing service. Then they called the admin, impersonating the VP with perfect French, and ordered her to process the invoice immediately, which downloaded a remote access Trojan (RAT) to her computer. They eventually stole enough info and impersonated enough people to wire a large sum of money to multiple offshore accounts."
Adding to the danger of social engineering attacks is the fact that many users don't frequently update the software on their devices because updates aren't viewed as a security precaution, according to Isaacs. This leaves a large window for hackers to take advantage of vulnerabilities.
As more devices become connected, enterprises will have to start taking steps to defend against their inherent security issues. A reliable way to protect against malicious actors gaining access to sensitive information is to implement strong authentication. This technique requires multiple forms of identification to obtain privileged networks and files, putting an extra layer of security between enterprise data and cyber thieves.
Manufacturers of smart or connected devices will also begin issuing device certificates to further help authenticate a device's identity or type of access.