IoT, cybersecurity and product development: the Samsung case
Show some balls!
Last week Samsung USA posted a tweet about their QLED TVs, which was deleted shortly afterwards. The tweet advised Samsung users to prevent problems by regularly checking their QLED TVs for malware. The incident was a further illustration of the tension that exists between cybersecurity and the Internet of Things (IoT).
IoT device security is a sensitive issue
The jumpy media response and subsequent removal of the advice showed what a sensitive issue the security of smart devices is in the context of the relationship between manufacturers and consumers. Are TVs unsafe? Am I at risk? It seems that users find it difficult to accept that durable consumer goods such as TVs are more and more like computers... and should therefore be treated like computers.
No need to delete the tweet
In my eyes, Samsung's decision to delete their tweet is regrettable, since the advice given was sound. Samsung's QLED TVs have an extra security feature: a malware scanning function. That's something that everyone should welcome, and it shows that the company's product developers are aware of the issues in this field.
Association with malware
Unfortunately, the people in charge of communication at Samsung take a different view. We can only guess at their true motives, but they may well have been worried that associating their products with malware would put off potential buyers. Marketeers and communication professionals generally want to give their products the most positive associations possible in consumers' minds.
Keeping quiet about an important feature
However, that kind of thinking can have unfortunate consequences where cybersecurity is concerned. By keeping quiet about cybersecurity, manufacturers are de-incentivising investment. In a competitive environment, an important product feature isn't highlighted for fear of negative publicity. With the result that consumer awareness of cybersecurity remains low, and many people fail to take the necessary steps to secure their devices. Not a healthy situation. In that respect, Samsung would do well to follow the lead of Microsoft. Ever since 2003, the software giant has drawn its partners' and users' attention to Patch Tuesday, when new security updates for Windows are published.
Inadequate risk awareness
Another undesirable outcome of not talking about cybersecurity is the effect on product developers. Product marketeers tend to define priorities on the basis of customer perceptions of added value. If consumers lack proper awareness of the internet-related risks associated with smart products, they will perceive little value in security features. And that will lead to product developers prioritising investment in other features, such as sharper displays or convenient remote controls. That would be remiss, and a policy that could well come back to haunt any manufacturer that pursues it.
Security matters to 85 per cent of consumers
According to our survey of Trends in Online Security & e-Identity, 85 per cent of consumers already consider security when making purchase decisions. Although it's the decisive consideration for only 10 per cent, that could change very quickly if disturbing incidents start grabbing the media headlines. And the implications for the manufacturers whose products are involved could be very serious indeed.
How to secure smart devices
A recent study by Delft University of Technology illustrated that most consumers don't really know how to make IoT devices secure. What features should you look for when buying? Is there a quality approval system for security? The challenge of managing an ever-expanding 'stable' of devices seems well-nigh impossible to many.
Router is the key to IoT security
Fortunately, there are convenient options for keeping the IoT secure. A device whose security has been compromised can only create problems if it has access to the internet. And, for that, it's ultimately reliant on a router or modem. Router-based detection and blocking of suspect traffic can therefore make a major contribution to issue prevention. And that can be realised using the open-source SPIN application developed by SIDN Labs, for example. In the meantime, I would urge manufacturers such as Samsung to be more bullish. Cybercrime is part of internet reality. So how about showing people that you're facing up to it in a grown-up, professional way? Tell your customers how to use their gadgets safely.
Show some balls!