Data breaches that expose sensitive data of millions of customers and cost large companies millions of dollars are now pervasive in the news.  As cyber-criminals formulate new ways to attack, many companies and consumers are now more aware of the vulnerabilities involved in providing and using connected products and services.

Despite the fact that cybercriminals are consistently devising new attack strategies, device manufacturers and consumers are yet to pull out all the stops to guard against these attacks in a hyper-connected era. Several factors contribute to this occurrence:

• While 40% of consumers report having high concerns about their devices being hacked, concerns about unauthorized personnel getting access to consumer devices is noticeably lower among consumers than concerns for virus and spyware infection, identity and data theft, and personal information on devices being made public.
• In an effort to drive product adoption, many device manufacturers have put device security on the back burner to focus on product innovation and strengthening product value proposition.
• Among device manufacturers, there is a perception that highlighting potential security risks (even if it is in an effort to educate consumers on how to secure their products) draws negative attention to their product, which they would rather avoid.

At Parks Associates' CONNECTIONS conference in May 2016, industry experts share thoughts on whether device security vulnerabilities pose a challenge to widespread adoption of emerging connected devices. Most of these experts expressed the belief that consumers are just not that concerned about their devices being hacked. Some of not particularly moved by the idea of a complete stranger viewing images from their security camera—for example.

The cyber hacks over the weekend, which affected the services of large companies including Amazon, PayPal, Netflix, Twitter, and Spotify have, however, exposed the fact that device protection can no longer be a personal choice. Consumers who opt out of protecting their devices, do not only put themselves at risk, but their actions can also lead to large scale disruption of services on which other consumers rely.

By owning connected devices, consumers hold greater responsibility than many previously thought and maintaining device security has to be a part of the broader conversation—along with product capabilities, value, and performance.

• Device security measures must be a mandatory part of the customer onboarding process. Measures like creating complex password for devices access should not be optional. Device manufacturers and service providers must also utilize two-factor authentication for device access, where applicable.
• While the Federal Trade Commission (FTC) has only proposed best practices, device manufacturers must seek out and uphold industry standards and best practices for Internet of Things (IoT) device security.
• Regular vulnerability checks must be a part of device manufacturers’ product strategy. Devices must be also be able to receive security patches where new areas of vulnerability are discovered.