What Amazon’s privacy breaches say about smart-device cybersecurity

Amazon was recently fined more than $30 million for customer privacy breaches, demonstrating the rising need for cybersecurity and data protection at a time where smart devices are becoming increasingly common.

While there is some legislation in place accommodating smart devices, the sheer volume of devices coming online is still proving an industry bottleneck, and a point of concern for customers and vendors alike. 

The Rise of Smart Home Devices

According to ABI research, more than 5.5 billion smart home devices will ship to customers between 2022 and 2030, while Statistica said the number of IoT devices worldwide will almost triple from 9.7 billion in 2020 to more than 29 billion IoT devices in 2030. 

As such, regulations still need to be refined to provide more stringent guidelines on how to keep customers’ data safe, and keep companies accountable.

“The rise of these smart devices has impacted data privacy and data security simply due the volume of data these devices generate,” said Adam Strange, data security analyst at Omdia. “They do not cause any new privacy problems that are in some way outside of the existing data privacy legislation (eg GDPR) that governs other forms of data.

“The vendors offering these devices … tend to give less focus on how they manage and use these huge volumes in a way that conforms to the legislation.” 

Such a problem was seen in Amazon’s handling of data. The company’s Alexa voice assistant stored historical children’s voice data as well as geolocation, while its Ring smart security device stored thousands of videos of customers in their homes.

Under the proposed settlement, Amazon is required to delete customer videos and data that include a customer’s face obtained before 2018, as well as any inactive child accounts.

“The sheer volume of data being generated means it is very difficult to distinguish old from new, current, usable data from old or inactive and then to delete old or unused data,” said Strange. “Typically, all this data gets lumped in together. This is really the problem for these organizations – too much data to then manage in a way that conforms to the regulations. 

“As Amazon has found out, there are penalties out there for organizations that non-comply or ignore the mandate from the regulators.”

To read the complete article, visit IoT World Today.