IoT device owners complacent in wake of recent cyber attack

Tom FullerResearch Director
Dan TochenResearch Director
November 03, 2016, 3:07 PM GMT+0

Two-thirds of connected device owners say recent cyber attack unlikely to motivate them to beef up security

On October 21, a major cyber attack caused the disruption of service to several of the Internet’s most popular websites, including Twitter, Etsy, Spotify, Airbnb, and Netflix. The distributed denial of service (DDoS) attack was targeted at Dyn, a company that manages website domains and routes Internet traffic. According to Dyn, approximately 100,000 compromised devices - including DVRs, security cameras, baby monitors, and routers - were involved in the attack.

Although this attack highlighted one of the main concerns related to the emergence of the Internet of Things (IoT) – the security of connected devices – many consumers did not get the message. According to a recent YouGov survey, only half (48%) of US adults were aware of the attack, while three in ten only heard about it upon responding to the survey. The attack’s impact was widespread but far from universal: 20% claimed that they were personally affected, either through the inability to reach a website or slow response. Service disruptions struck key online functions such as accessing news and information and performing financial transactions: the top two websites where users experienced problems were Twitter and PayPal.

YouGov’s survey suggests that cyber attacks in the future could easily be orders of magnitude larger, leveraging millions of compromised devices – vastly outnumbering the 100,000 devices involved in the October 21 attack. About half of US adults (53%) say they have at least one connected device (other than computers or smartphones) in their home, and according to the US Census Bureau, there are 116 million households in the country. Given the scale of this potential threat, it is somewhat reassuring to see that 69% of respondents have taken steps to ensure the security of their connected home devices, including changing the default password and updating device software, among other measures. Perhaps partially as a result of these efforts, 29% say they are “very confident” about the security of these devices, while 49% are “somewhat confident”.

Nonetheless, it seems clear that users’ efforts to secure their devices fall short of what is needed to eliminate this type of attack in the future, and extensive consumer education would be needed to increase awareness of risks and change behaviors. Even though more than half of US adults say the October 21st attack increased data security and privacy concerns, only about one in three are taking concrete steps to mitigate those risks. They are far outnumbered by those who say they will stand pat or are uncertain of what they will do: 43% of respondents say they are concerned about this kind of attack but will not do anything different, either because they have resigned themselves to the inevitability of cyber attacks or don’t believe the attacks will impact them personally, and 23% are just not sure.

With 97% of US adults reporting that they use the Internet on a daily basis, but limited awareness and concern about the types of security issues brought to the surface by the recent attack, it will be imperative to improve security at the infrastructure level and / or the device manufacturer level in order to meaningfully reduce or eliminate these kinds of attacks.

All figures, unless otherwise stated, are from YouGov Plc. Total sample size was 1138 adults. Fieldwork was undertaken between October 28-30, 2016. The survey was carried out online. The figures have been weighted and are representative of all US adults (aged 18+).