Research conducted by global IT association ISACA shows that, of 1,000 employed consumers surveyed in the UK, only 4% named the makers of their mobile phone apps as the entity they most trust with their personal data. Yet, according to ISACA’s 2013 IT Risk/Reward Barometer, 90% don't always read privacy policies before downloading apps to their devices. This apparent gap between belief and behaviour is likely to matter even more in the future, as consumers use mobile apps to interface with everyday objects that increasingly share data via the Internet.
The term “Internet of Things” refers to machines, devices, sensors, cars, cameras and other items that are connected to the Internet and often to each other. It is estimated that there will be 50 billion connected devices that make up the Internet of Things by the year 2020.*
Conducted by ISACA, a global association of 110,000 IT security, assurance, governance and risk professionals, the IT Risk/Reward Barometer examines the risks and rewards of key trends, including the Internet of Things, Big Data and BYOD. The Barometer consists of two components:
• A survey of 2,013 IT professionals and ISACA members from around the world
• A survey of more than 4,000 consumers in four countries, including 1,000 in the UK
IT professionals worldwide say the benefits of the Internet of Things are many. In fact, about half (51%) of institutions have plans to capitalise on the Internet of Things and 31% say their enterprises already have benefitted from the increased access to information it provides. More than half say they hope to achieve greater efficiency and increased customer satisfaction as a result of the Internet of Things.
“As organisations embrace technologies whose success depends on collecting and sharing data, they need to proceed by placing the needs and concerns of consumers at the forefront of their decisions. Clearly, consumers have mixed feelings about how connected devices are sharing their information, so businesses need to establish policies and communicate them openly to preserve trust in information,” said Ramsés Gallego, international vice president of ISACA and security strategist and evangelist at Dell Software.
While 86% of UK consumers expressed concerns about the Internet of Things, half of IT professionals (50%) believe that, for average consumers, the benefit of the Internet of Things outweighs the risk. However, they do not agree with consumers about what the greatest risk is. Consumers are most concerned about people hacking into their connected devices (24%), but IT professionals surveyed believe consumers should be most concerned about not knowing who has access to the information (44%) or how their information will be used (29%).
“The rapid increase in connectivity, via the Internet of Things, is fundamentally changing the way we live, work, play and behave. What this survey clearly shows is the shift in perception about risk and privacy as the world becomes increasingly connected,” said Gallego. “Consumers need to understand the personal implications of allowing applications to access our personal data on mobile devices. While we might think that some services or apps are free, they are not really - since we are constantly making 'micro-payments' with the data we are sharing. And it will be very difficult if not impossible to get this data back. We need to check the terms and conditions, not only for what they allow in the present, but also for what our permissions might grant them the ability to do in the future. There are many benefits to using apps, but we need to ask ourselves what level of risk we are willing to accept for the benefits they provide.”
Gallego recommends four considerations for consumers regarding sharing their data with apps and Internet-connected devices:
1.Recognise that apps you download may appear innocent, but may be doing things in the background with your pictures, emails or credit card information. Know that an application can request super-user/administrator rights into your phone. In other words, you may be giving 'the keys to the kingdom' to someone else. If this makes you uncomfortable, don't do it.
2.Be selective when sharing location-based data. Your phones and other Internet-connected devices know where you are and may be sharing that information with others.
3.Read and understand what the application or company does with your data. If it isn’t clear, use a different app or device.
4.Make a personal risk assessment on what will happen if your data is shared, lost or stolen. What impact would it have? Answer that question and share information accordingly.
For full survey results, including related infographics, visit www.isaca.org/risk-reward-barometer.