By: Nir Kshetri, University of North Carolina – Greensboro

IOTThe world is full of connected devices – and more are coming. In 2017, there were an estimated 8.4 billion internet-enabled thermostats, cameras, streetlights and other electronics. By 2020 that number could exceed 20 billion, and by 2030 there could be 500 billion or more. Because they’ll all be online all the time, each of those devices – whether a voice-recognition personal assistant or a pay-by-phone parking meter or a temperature sensor deep in an industrial robot – will be vulnerable to a cyberattack and could even be part of one.

Today, many “smart” internet-connected devices are made by large companies with well-known brand names, like Google, Apple, Microsoft and Samsung, which have both the technological systems and the marketing incentive to fix any security problems quickly. But that’s not the case in the increasingly crowded world of smaller internet-enabled devices, like light bulbs, doorbells and even packages shipped by UPS. Those devices – and their digital “brains” – are typically made by unknown companies, many in developing countries, without the funds or ability – or the brand-recognition need – to incorporate strong security features.