Hackers enjoyed a banner year in 2014. Target customers had their credit card numbers stolen through a lapse in company security, while an online bug called Heartbleed put many user passwords at risk on major websites. And then there was the very public, and very creepy, personal data breach where hackers gained access to the iCloud accounts of numerous Hollywood celebrities and posted their private photos online.
In response, Apple issued a press statement saying it was “outraged” about the incident and that an internal investigation found no specific flaw with the iCloud system -- that it was a “very targeted attack on usernames, passwords and security questions.”
While having your bank account information stolen is no walk in the park, the Apple (NASDAQ:AAPL)iCloud hack hit a different note -- it revealed a growing problem in our ultra-connected world, showing how easily our private information can be made very public.
This time it is personal
Consider how many photos and videos you have stored on your smartphone, tablet, and computer, compared to even five years ago. Now, consider the fact that all it takes is just one password to access them and that having that one password can often give hackers access to your other accounts as well.
Back in 2012, a senior staff writer for Wired had his entire digital identity erased because of a vulnerability in Apple and Amazon password security. The hackers wiped his MacBook, iPhone, and iPad and then deleted his Gmail account (that he had for eight years), only to start posting as him on Twitter.
In his case, most of the data was stored on his devices. That is likely because at the end of 2011, just 7% of consumer content was stored in a personal cloud, according to Gartner. By the end of next year, that number will rise to 36%.
In a blog post about Internet security, Malwarebytes Labs -- which makes anti-malware products -- said recently:
Cloud security is now more important than Desktop security, this is due to the fact that users are uploading tons of personal data like images or documents to "cloud" storage.
And as we connect more of our daily lives to the network, the stakes are getting even higher.
More than just photos and videos
While we may consider our photos and videos some of our most personal digital content out there right now, that may change very soon. The Internet of Things, or IoT -- where devices connect to the Internet in order to collect and analyze data and automate systems -- will soon become a big part of our lives.
Cars that know where we go, thermostats that know when we come home and when we leave, and ingestible medical transmitters that track whether or not we have taken our medication are already part of the IoT. And it is only growing -- by 2020, Cisco Systems estimates there will be 50 billion things connected to the Internet.
All of this personal data -- previously kept offline -- will need to be secured on the network. And the current lack of IoT security has already caught the attention of the U.S. government.
Speaking at the Consumer Electronics Show back in January, Federal Trade Commission Chairwoman Edith Ramirez said:
In the not too distant future, many, if not most, aspects of our everyday lives will leave a digital trail. That data trove will contain a wealth of revealing information that, when patched together, will present a deeply personal and startlingly complete picture of each of us -- one that includes details about our financial circumstances, our health, our religious preferences, and our family and friends.
The following month, the Senate held its first meeting to address the need for more Internet of Things security.
These concerns are not unfounded. Right now, tech companies can create inexpensive IoT devices that collect data without much regard to how well that data is protected, whether or not it is encrypted, or how long the company will support software updates to keep the data safe in the future.
In fact, according a Hewlett-Packard report released last year, 70% of the most common IoT devices "contain serious vulnerabilities."
While the Internet of Things is still a new concept for many people, Malwarebytes Labs expects "A major Internet of Things (IoT) attack in the new year against an Internet connected device that was previously not connected. Take for example a thermostat that can be controlled over the Internet."
So all of our personal data is doomed, right?
The threat is real, and companies know it
Admittedly, all of this talk about hackers and cybersecurity can be a bit overwhelming. But it is not as if the major tech companies of the world do not already know that protecting personal data is extremely important.
At a Congressional hearing for IoT security, Doug Davis, vice president of the Intel (NASDAQ:INTC)Internet of Things division, said that security is a key part of its IoT strategy "and it is fundamental to Intel's roadmap planning."
Intel has teamed up with several other tech companies to build an Internet of Things platform that has security baked in. Cisco, General Electric, Samsung, and others have also joined up with Intel to create the Open Internet Consortium, or OIC. One of their goals is to set up security standards for the Internet of Things. This is just one of many groups working to make open and secure platforms for IoT devices.
Of course, there will be more lapses, data breaches, bugs, and direct attacks in the future. And hackers will be even more motivated to steal our information as more of it is stored on cloud networks and collected by Internet of Things devices. But just as with other forms of technology, companies will adapt to new threats, and users will realize the technological benefits outweigh the risks.