Source: This article was Published securityintelligence.com By Jasmine Henry - Contributed by Member: Deborah Tannen

The dark component of the deep web is the primary highway for the exchange and commerce among cybercriminal groups. In fact, very few cybercriminals work alone. Eighty percent of cybercrime is linked to criminal collectives, and stolen data-shaped goods surface rapidly on darknet forums and marketplaces following cybersecurity incidents with data loss.

Adapting to these trends is essential. Organizations with the ability to extract threat intelligence from data-mining these elusive online sources can achieve a significant security advantage.

Deep Web and Darknet: What’s the Difference?

The part of the web accessible through search engines and used for everyday activities is known among researchers as the surface web. Anything beyond that is defined as the deep web. While estimates vary, some researchers project there is 90 percent more deep websites than surface ones, according to TechCabal. In the deep web are unindexed websites that are not accessible to everyday Internet users. Some restrict access, others are routed through many layers of anonymity to conceal their operators’ identity.

Darknet websites and technologies are a subset of the deep web classification, which consists of sites intentionally hidden and generally only accessible through technologies like The Onion Router (Tor), a software that facilitates anonymous communication, or peer-to-peer (P2P) browsers. This hidden web is closely associated with anonymity and (in some cases) criminal activity supported by open exchange and collaboration between threat actors.

How to Draw Dark Threat Intelligence

“Dark web intelligence is critical to security decision-making at any level,” said Dave McMillen, senior analyst with X-Force IRIS at IBM X-Force Incident Response and Intelligence Services (IRIS). “It is possible to collect exploits, vulnerabilities and other indicators of compromise, as well as insight into the techniques, tactics, and procedures [TTPs] that criminals use for distinct knowledge about the tools and malware threat actors favor.”

When this real-time threat data is filtered through sufficient context and separated from false positives, it becomes actionable intelligence. McMillen believes there are several ways organizations can benefit from dark-sourced intelligence. These benefits include understanding emerging threat trends to develop mitigation techniques proactively. Dark-source intelligence could also help with identifying criminal motivations and collusion before attacks. It could even aid in attributing risks and attacks to specific criminal groups.

How to Identify Darknet Security Risks

For expert threat researchers like McMillen, patterns of deep web activity can reveal an attack in progress, planned attacks, threat trends or other types of risks. Signs of a threat can emerge quickly, as financially-driven hackers try to turn stolen data into profit within hours or minutes of gaining entry to an organization’s network.

The average time it takes to identify a cybersecurity incident discovery is 197 days, according to the 2018 Cost of a Data Breach Study from the Ponemon Institute, sponsored by IBM. Companies who contain a breach within 30 days have an advantage over their less-responsive peers, saving an average of $1 million in containment costs.

“Employing dark web monitoring solutions that allow the use of focused filters to identify key phrases, such as your brand and product names, that may contain information that can negatively affect your organization is a good start in your effort to glean useful intelligence from the dark web,” McMillen said.

The collected data should then be alerted and routed through a human analysis process to provide actionable insights. Context-rich threat intelligence can reveal many different forms of risk.

1. Organization or Industry Discussion

Among the key risk factors and threats are mentions of an organization’s name in forum posts, paste sites, channels or chatrooms. Contextual analysis can determine whether threat actors are planning an attack or actively possess stolen data. Other high-risk discussions can surround niche industries or verticals, or information on compromising highly-specific technologies employed by an organization.

2. Personally Identifiable Information (PII) Exchange

When a breach has occurred, the sale of PII, personal health data, financial data or other sensitive information can be indicative of the aftermath of an attack. A single data record can sell for up to $20, according to Recorded Future. This data is generally stolen en-masse from large organizations — such as credit agencies and banks — so a few thousand credit card numbers can turn a huge profit.

Unsurprisingly, 76 percent of breaches are financially motivated, according to the 2018 Data Breach Investigations Report from Verizon.

3. Credential Exchange

Lost or stolen credentials were the most common threat action employed in 2017, contributing to 22 percent of data breaches, according to the Verizon report. While the presence of usernames and passwords on paste sites or marketplaces can indicate a data breach, contextual analysis is required to determine whether this is a recent compromise or recycled data from a prior incident.

In May 2018, threat intelligence company 4iQ uncovered a massive floating database of identity information, including over 1.4 billion unencrypted credentials.

“The breach is almost two times larger than the previous largest credential exposure,” Julio Casal, founder of 4iQ, told Information Age.

4. Information Recon

Social engineering tactics are employed in 52 percent of attacks, according to a February 2018 report from security company F-Secure. Collusion around information recon can surface in both open and closed-forum exchanges between individual threat actors and collectives.

5. Phishing Attack Coordination

As phishing and whaling attacks become more sophisticated, deep web threat intelligence can reveal popular TTPs and risks. Coordination around information recon is common. Threat actors can now purchase increasingly complex phishing-as-a-service software kits and if defenders are familiar with them, they can better educate users and put the right controls in place.

dir=”ltr”>Although malicious insiders cause fewer breaches than simple human error, the darknet is an established hub for criminal collectives to recruit employees with network credentials for a sophisticated attack. Dark Reading tracked nearly twice as many references to insider recruitment on darknet forums in 2016 as in 2015.

7. Trade Secrets and Sensitive Asset Discussions

Trade secrets and competitive intelligence are another lucrative aspect of threat actor commerce that can signal risks to researchers. In one recent incident reported by CNBC in July 2018, a likely Russian cybercriminal sold access to a law firm’s network and sensitive assets for $3,500. Having had that information ahead of time could have saved the victim time, money, and reputational damage.

What Are the Challenges to Deriving Value From Dark Sources?

While there is clear strategic and tactical value to darknet threat intelligence, significant challenges can arise on the road to deep web threat hunting and data-mining. For instance, it’s not ideal to equip security operations center (SOC) analysts with a Tor browser. The potential volume of false positives based on the sheer size of the hidden web necessitates a more effective approach.

“The dark web is fragmented and multi-layered,” McMillen said.

When researchers discover a credible source, it generally requires hours to vet intelligence and perform a complete analysis. Darknet commerce has also grown increasingly mercurial and decentralized as law enforcement tracks criminal TTPs as they emerge. Security leaders who can overcome these barriers have the potential to significantly improve security strategy in response to emerging threat trends and risk factors.

The 2018 Artificial Intelligence (AI) in Cyber-Security Study from the Ponemon Institute, sponsored by IBM Security, discovered that artificial intelligence (AI ) could provide deeper security and increased productivity at lower costs. Sixty-nine percent of respondents stated that the most significant benefit of AI was the ability to increase speed in analyzing threats.

As leaders consider how to deepen adoption of dark threat intelligence, it’s valuable to understand that not all intelligence sources can adequately capture the full scope of threat actor exchange on this vast, fast-morphing plane. Relying on stagnant, outdated or fully automated technologies may fail to mitigate important risks. The best mode of protection is one which combines the intelligence of skilled human researchers and AI to turn raw data into actionable intelligence effectively.

Categorized in Deep Web

 Source: This article was Published techworm.net By Payel Dutta - Contributed by Member: Linda Manly

You sign up with one of the best email service providers and you get ready to launch the campaign you’ve been working on. You believe that this undertaking will generate good revenue for your business, and you expect to have it done as soon as possible. But then…you are taken by surprise. When you upload your mailing list, your progress comes to a halt. You are told to verify your email address, and you do not know what to do. In fact, some small business owners will give up at this point and turn to other digital marketing strategies available on the market.

However, you do not need to worry, as you can easily find a great email address verification service provider on the internet. What you need to know is that regardless of the service provider you decide to work with, email verification doesn’t have to break your bank, neither does it have to waste a lot of your time. It is a quick process that is geared towards improving your marketing efforts.

Have you been yearning to learn about email address verification? Below is everything you need to know about it.

Understanding email address verification – what is it?

Basically, this is a process that ensures that all the email addresses in your mailing list are connected to a legitimate, active inbox. Simply put, this is a process that guarantees all the messages you send have a safe destination to reach.

Why is email verification necessary?

You might be tempted to think that when you fail to verify your email list, nothing will happen to you. In fact, some misleading blogs and websites will tell you that hiring a professional email address verification service is a waste of time. Well, believe this at your peril.

If you skip this process, your digital marketing strategy that incorporates email marketing will be deemed to fail. Below are some of the things that expert email verification service providers like Zero Bounce protect you from:

  • Miserable marketing results

When you kick off your email marketing campaign, you believe that it will reach as many people of possible, and you will get the best sales for your goods or services at the end of the day. However, if the emails you are sending the messages to are not valid, you will end up accomplishing dismal results.

If you have many emails bouncing back, it means that your deliverability will be adversely affected to a great extent. This means that even those email addresses that are valid will not receive your well-intended messages.

Also, if any emails are not valid, it means that you will not get reliable metrics when measuring the success of your email marketing campaign. Your goal should be to make a connection with your target audiences. Getting a good email address verification service should not be an option, it should be at the helm of your priority list.

  • Money wastage

Email service providers will charge you depending on the number of subscribers you have. This means that the higher the number of subscribers, the more the amount of money you will pay. Therefore, if you keep invalidated lists, you will bear a recurring waste which is not worth in the first place.

  • Account suspension

Yes, spam monitors, email security services, as well as internet service providers have policies for undelivered messages, unsubscribes, and spam complaints. Therefore, if your mailing list is unmanaged, your account might be suspended on grounds of the three mentioned above.

Verifying your email address will minimize the number of undelivered messages; hence your account will be safe from suspension.

Reasons why you have many invalid email addresses

Below are some of the reasons why you have very many risky emails in your mailing list,

  • The people in your mailing list stopped using the email addresses a long time ago
  • Your list is full of role addresses, e.g., This email address is being protected from spambots. You need JavaScript enabled to view it.
  • You failed to validate the emails when filling out the web forms; hence there are lots of typos. The ZeroBounce API can help you here by verifying email registrations in real time.

Even the best marketers of all time have risky emails in their lists. Therefore, do not over-blame yourself when you find them. Just know how to remove them for better performance proactively. Also, proceed with care when choosing the right email address verification service, and your campaign will never fail to yield results.

Categorized in Internet Privacy

 Source: This article was published nytimes.com By GABRIEL J.X. DANCE, NICHOLAS CONFESSORE, and MICHAEL LaFORGIA - Contributed by Member: Linda Manly

As Facebook sought to become the world’s dominant social media service, it struck agreements allowing phone and other device makers access to vast amounts of its users’ personal information.

Facebook has reached data-sharing partnerships with at least 60 device makers — including Apple, Amazon, BlackBerry, Microsoft and Samsung — over the last decade, starting before Facebook apps were widely available on smartphones, company officials said. The deals allowed Facebook to expand its reach and let device makers offer customers popular features of the social network, such as messaging, “like” buttons and address books.

But the partnerships, whose scope has not previously been reported, raise concerns about the company’s privacy protections and compliance with a 2011 consent decree with the Federal Trade Commission. Facebook allowed the device companies access to the data of users’ friends without their explicit consent, even after declaring that it would no longer share such information with outsiders. Some device makers could retrieve personal information even from users’ friends who believed they had barred any sharing, The New York Times found.

[Here’s what we know about Facebook’s partnerships with device makers.]

Most of the partnerships remain in effect, though Facebook began winding them down in April. The company came under intensifying scrutiny by lawmakers and regulators after news reports in March that a political consulting firm, Cambridge Analytica, misused the private information of tens of millions of Facebook users.

In the furor that followed, Facebook’s leaders said that the kind of access exploited by Cambridge in 2014 was cut off by the next year, when Facebook prohibited developers from collecting information from users’ friends. But the company officials did not disclose that Facebook had exempted the makers of cellphones, tablets and other hardware from such restrictions.

“You might think that Facebook or the device manufacturer is trustworthy,” said Serge Egelman, a privacy researcher at the University of California, Berkeley, who studies the security of mobile apps. “But the problem is that as more and more data is collected on the device — and if it can be accessed by apps on the device — it creates serious privacy and security risks.”

In interviews, Facebook officials defended the data sharing as consistent with its privacy policies, the F.T.C. agreement and pledges to users. They said its partnerships were governed by contracts that strictly limited use of the data, including any stored on partners’ servers. The officials added that they knew of no cases where the information had been misused.

The company views its device partners as extensions of Facebook, serving its more than two billion users, the officials said.

“These partnerships work very differently from the way in which app developers use our platform,” said Ime Archibong, a Facebook vice president. Unlike developers that provide games and services to Facebook users, the device partners can use Facebook data only to provide versions of “the Facebook experience,” the officials said.

Some device partners can retrieve Facebook users’ relationship status, religion, political leaning and upcoming events, among other data. Tests by The Times showed that the partners requested and received data in the same way other third parties did.

Facebook’s view that the device makers are not outsiders lets the partners go even further, The Times found: They can obtain data about a user’s Facebook friends, even those who have denied Facebook permission to share information with any third parties.

In interviews, several former Facebook software engineers and security experts said they were surprised at the ability to override sharing restrictions.

“It’s like having door locks installed, only to find out that the locksmith also gave keys to all of his friends so they can come in and rifle through your stuff without having to ask you for permission,” said Ashkan Soltani, a research and privacy consultant who formerly served as the F.T.C.’s chief technologist.

How One Phone Gains Access to Hundreds of Thousands of Facebook Accounts

After connecting to Facebook, the BlackBerry Hub app was able to retrieve detailed data on 556 of Mr. LaForgia's friends, including relationship status, religious and political leanings and events they planned to attend. Facebook has said that it cut off third parties' access to this type of information in 2015, but that it does not consider BlackBerry a third party in this case.

The Hub app was also able to access information — including unique identifiers — on 294,258 friends of Mr. LaForgia's friends.

By Rich Harris and Gabriel J.X. Dance

Details of Facebook’s partnerships have emerged amid a reckoning in Silicon Valley over the volume of personal information collected on the internet and monetized by the tech industry. The pervasive collection of data, while largely unregulated in the United States, has come under growing criticism from elected officials at home and overseas and provoked concern among consumers about how freely their information is shared.

In a tense appearance before Congress in March, Facebook’s chief executive, Mark Zuckerberg, emphasized what he said was a company priority for Facebook users.“Every piece of content that you share on Facebook you own,” he testified. ”You have complete control over who sees it and how you share it.”

But the device partnerships provoked discussion even within Facebook as early as 2012, according to Sandy Parakilas, who at the time led third-party advertising and privacy compliance for Facebook’s platform.

“This was flagged internally as a privacy issue,” said Mr. Parakilas, who left Facebook that year and has recently emerged as a harsh critic of the company. “It is shocking that this practice may still continue six years later, and it appears to contradict Facebook’s testimony to Congress that all friend permissions were disabled.”

The partnerships were briefly mentioned in documents submitted to German lawmakers investigating the social media giant’s privacy practices and released by Facebook in mid-May. But Facebook provided the lawmakers with the name of only one partner — BlackBerry, maker of the once-ubiquitous mobile device — and little information about how the agreements worked.

The submission followed testimony by Joel Kaplan, Facebook’s vice president for global public policy, during a closed-door German parliamentary hearing in April. Elisabeth Winkelmeier-Becker, one of the lawmakers who questioned Mr. Kaplan, said in an interview that she believed the data partnerships disclosed by Facebook violated users’ privacy rights.

“What we have been trying to determine is whether Facebook has knowingly handed over user data elsewhere without explicit consent,” Ms. Winkelmeier-Becker said. “I would never have imagined that this might even be happening secretly via deals with device makers. BlackBerry users seem to have been turned into data dealers, unknowingly and unwillingly.”

In interviews with The Times, Facebook identified other partners: Apple and Samsung, the world’s two biggest smartphone makers, and Amazon, which sells tablets.

An Apple spokesman said the company relied on private access to Facebook data for features that enabled users to post photos to the social network without opening the Facebook app, among other things. Apple said its phones no longer had such access to Facebook as of last September.

Samsung declined to respond to questions about whether it had any data-sharing partnerships with Facebook. Amazon also declined to respond to questions.

Usher Lieberman, a BlackBerry spokesman, said in a statement that the company used Facebook data only to give its own customers access to their Facebook networks and messages. Mr. Lieberman said that the company “did not collect or mine the Facebook data of our customers,” adding that “BlackBerry has always been in the business of protecting, not monetizing, customer data.”

Microsoft entered a partnership with Facebook in 2008 that allowed Microsoft-powered devices to do things like add contacts and friends and receive notifications, according to a spokesman. He added that the data was stored locally on the phone and was not synced to Microsoft’s servers.

Facebook acknowledged that some partners did store users’ data — including friends’ data — on their own servers. A Facebook official said that regardless of where the data was kept, it was governed by strict agreements between the companies.

“I am dumbfounded by the attitude that anybody in Facebook’s corporate office would think allowing third parties access to data would be a good idea,” said Henning Schulzrinne, a computer science professor at Columbia University who specializes in network security and mobile systems.

The Cambridge Analytica scandal revealed how loosely Facebook had policed the bustling ecosystem of developers building apps on its platform. They ranged from well-known players like Zynga, the maker of the FarmVille game, to smaller ones, like a Cambridge contractor who used a quiz taken by about 300,000 Facebook users to gain access to the profiles of as many as 87 million of their friends.

Those developers relied on Facebook’s public data channels, known as application programming interfaces, or APIs. But starting in 2007, the company also established private data channels for device manufacturers.

At the time, mobile phones were less powerful, and relatively few of them could run stand-alone Facebook apps like those now common on smartphones. The company continued to build new private APIs for device makers through 2014, spreading user data through tens of millions of mobile devices, game consoles, televisions and other systems outside Facebook’s direct control.

Facebook began moving to wind down the partnerships in April, after assessing its privacy and data practices in the wake of the Cambridge Analytica scandal. Mr. Archibong said the company had concluded that the partnerships were no longer needed to serve Facebook users. About 22 of them have been shut down.

The broad access Facebook provided to device makers raises questions about its compliance with a 2011 consent decree with the F.T.C.

The decree barred Facebook from overriding users’ privacy settings without first getting explicit consent. That agreement stemmed from an investigation that found Facebook had allowed app developers and other third parties to collect personal details about users’ friends, even when those friends had asked that their information remain private.

After the Cambridge Analytica revelations, the F.T.C. began an investigation into whether Facebook’s continued sharing of data after 2011 violated the decree, potentially exposing the company to fines.

Facebook officials said the private data channels did not violate the decree because the company viewed its hardware partners as “service providers,” akin to a cloud computing service paid to store Facebook data or a company contracted to process credit card transactions. According to the consent decree, Facebook does not need to seek additional permission to share friend data with service providers.

“These contracts and partnerships are entirely consistent with Facebook’s F.T.C. consent decree,” Mr. Archibong, the Facebook official, said.

But Jessica Rich, a former F.T.C. official who helped lead the commission’s earlier Facebook investigation, disagreed with that assessment.

“Under Facebook’s interpretation, the exception swallows the rule,” said Ms. Rich, now with the Consumers Union. “They could argue that any sharing of data with third parties is part of the Facebook experience. And this is not at all how the public interpreted their 2014 announcement that they would limit third-party app access to friend data.”

To test one partner’s access to Facebook’s private data channels, The Times used a reporter’s Facebook account — with about 550 friends — and a 2013 BlackBerry device, monitoring what data the device requested and received. (More recent BlackBerry devices, which run Google’s Android operating system, do not use the same private channels, BlackBerry officials said.)

Immediately after the reporter connected the device to his Facebook account, it requested some of his profile data, including user ID, name, picture, “about” information, location, email, and cell phone number. The device then retrieved the reporter’s private messages and the responses to them, along with the name and user ID of each person with whom he was communicating.

The data flowed to a BlackBerry app known as the Hub, which was designed to let BlackBerry users view all of their messages and social media accounts in one place.

The Hub also requested — and received — data that Facebook’s policy appears to prohibit. Since 2015, Facebook has said that apps can request only the names of friends using the same app. But the BlackBerry app had access to all of the reporter’s Facebook friends and, for most of them, returned information such as user ID, birthday, work and education history and whether they were currently online.

The BlackBerry device was also able to retrieve identifying information for nearly 295,000 Facebook users. Most of them were second-degree Facebook friends of the reporter, or friends of friends.

In all, Facebook empowers BlackBerry devices to access more than 50 types of information about users and their friends, The Times found.

Categorized in Social

No business is completely safe from security vulnerabilities. Just look at Target, Home Depot and TJ Maxx. While these well-known companies may seem like a more attractive target for hackers, the businesses flying under the radar face the same, if not more, threats from cyber attackers looking to cause mayhem in a company.

To help small- and midsize-businesses stay protected, we asked tech experts what the biggest security risk these companies face and how they can defend against them.

Here is what they had to say:

Cyber attackers don't discriminate:

Small and midsize businesses often make a philosophical mistake right off the bat: They assume they are too small to be relevant to hackers. I can promise you that cyber attackers believe in equal opportunity for targets.

So while larger companies often opt for corporate-owned devices, there are many products available on a per-seat basis that will work to secure proprietary data even when accessed by personally-owned devices. This is where SMBs need to focus: on the protection of their data. Even if your strategy is not as comprehensive (or expensive) as those in place at a federal agency or a massive corporation, building roadblocks on the way to exposed plaintext information is a necessary tactic to discourage hackers. Otherwise you’re an easy mark.

-- Ray Potter, CEO of SafeLogic, a company providing security, encryption and FIPS validation products to applications

Security flaws are everywhere

Right now a lot of the challenges arise from how networked and interconnected the modern marketplace is. Social media is a great example of a technology and business advancement that has brought businesses closer to customers and clients while also increasing business risk.

As employees engage in sales and networking across social networks, new pathways into the business open up and cyber criminals know how to exploit them. One of the most effective actions businesses can take to reduce the risks that come from our interconnected marketplace is to provide knowledge. Many users do not understand how cyber criminals leverage social tools and technologies to gain access to businesses and their data. A simple weekly update from IT on threats and how to avoid them is an important way to ensure your user base is well informed and avoiding risky online activity. It empowers your employees to be accountable for security, and incorporates them into your security solution.

-- Anna Frazzetto, Chief Digital Technology Officer and SVP at Harvey Nash, an IT recruiting firm

It comes back to the data

Protecting sensitive data from hackers should be the top priority for businesses of all sizes. These threats can come in the form of phishing and malware that seek to infiltrate the corporate network, endpoints and the cloud applications employees use. To mitigate against these threats:

Update patches as they become available

Use security products that protect the entire IT stack – the device, operating system, application, network, cloud and data layers
Train employees to have security awareness
-- Pravin Kothari, founder and CEO of CipherCloud, an enterprise cloud security company

People are a liability

People remain the biggest security risk to any sized organization, including SMBs. As threats become more sophisticated, even careful employees may find themselves victims of phishing or accidentally opening attachments with viruses. The best defense is ensuring that staff get consistent education to keep security at the top of mind. Security training for all employees really should start on day one.

The other large issue I see is organizations maintaining a legacy security posture, or original security plan. It’s not enough to configure the firewall and walk away. Every organization should consider bringing in a third party to get a vulnerability assessment. Even if you have a dedicated security team, a second set of eyeballs will help identify risks and start working towards remediation.

-- Cortney Thompson, Chief Technology Officer of Green House Data, an environmentally conscious data center service

Imbalance in security

The fastest growing threat are sophisticated phishing attacks, which, when not identified and stopped promptly, can lead to a loss of business.

Business needs to be smart about balancing in-house security resources and building a strong team, while also leveraging third-party security services. There are a number of third-party security services, many of them are SaaS based, that don’t require investments in hardware and are generally easier to deploy.

Perhaps the most important thing is to treat security threats seriously and to proactively assess your security measures. Many companies don’t take security seriously enough until something bad happens. It is generally a lot more expensive to clean up after a security breach, than addressing it proactively.

-- Arne Josefsberg, Chief Information Officer of GoDaddy, an Internet domain registrar and web hosting company

Source:  https://www.entrepreneur.com/article/275737

Categorized in Others

The prospective scale of the Internet of Things (IoT) has the potential to fill anyone looking from the outside with the technical equivalent of agoraphobia. However, from the inside, the view is very different. Looked at in detail, it is a series of intricate threads being aligned by a complex array of organizations.

As with any new technological epoch, questions around shape, ownership and regulation are starting to rise. Imagine trying to build the Internet again. It’s like that, but at a bigger scale.

The first hurdle is that of technological standards. We are at a pivotal moment in the development of the IoT. As the diversity of connected things grows, so does the potential risk from not allowing each “thing” to talk to one another.

This begins with networking standards. From ZigBee to Z-Wave, EnOcean, Bluetooth LE or SigFox and LoRa, there are simply too many competing and incompatible networking standards from which to choose. Luckily enough, things seem to be converging and consolidating.

Moreover, the already well-established alliances are regrouping. First in the indoors world, where ZigBee 3.0 is getting closer to Google’s Thread — albeit still challenged by the Bluetooth consortium, who are about to release the Bluetooth mesh standard. More interestingly, the Wi-Fi Alliance is working on IEEE 802.11ah known as HaLow. All three standards specifically target lower power requirements and better range tailored for the IoT.

Similarly, in the outdoors world, the Next Generation Mobile Networks (NGMN) Alliance (working closely with the well-established GSMA, ruling the world of mobile standards) is working on an important piece of the puzzle for the world of smart things: 5G. With increased data range, lower latency and better coverage, it is vital to handle the multitude of individual connections and will be a serious global competitor to the existing LPWAN (Low Power Wireless Area Networks), such as SigFox and LoRa.

Security is one of the biggest barriers preventing mainstream consumer IoT adoption.

Whilst trials are currently taking place, commercial deployment is not expected until 2020. Before this can happen, spectrum auctions must be completed; typically a government refereed scrap between technology and telecoms companies, with battle lines drawn on price. It’s important to put an early stake in the ground with regulators to ensure sufficient spectrum is available at a cost that encourages IoT to flourish, instead of being at the mercy of inflated wholesale prices.

But the challenge doesn’t stop at the network level; the data or application level is also a big part of the game. The divergence in application protocols is only being compounded as tech giants begin to make a bid to capture the space. Apple HomeKit, Google Weave and a number of other initiatives are attempting to promote their own ecosystems, each with their own commercial agendas.

Left to evolve in an unmanaged way, we’ll end up with separate disparate approaches that will inexcusably restrict the ability of the IoT to operate as an open ecosystem. This is a movie we’ve seen before.

The web has already been through this messy process, eventually standardizing itself by Darwinian principles of technology and practices of use. The web provided a simple and scalable application layer for the Internet, a set of standards that any node of the Internet could use whatever physical technology it uses to connect to the Internet.

The web is what made the Internet useful and ultimately successful. This is why a Web of Things (WoT) approach is essential. Such an approach has substantial support already. AWeb Thing Model has recently been submitted to W3C, based on research done by a mixture of tech giants, startups and academic institutes. These are early tentative steps toward an open and singular vision for the IoT.

The resolution of this issue opens up the possibility of a vast collaborative network, where uniform data can optimize a wild array of existing processes. However, as data gradually becomes the most valuable asset of a slew of once inanimate objects, what does this mean for legacy companies who build the products which have had no previous data strategy?

The tech sector is comfortable with sharing and using such information, but for companies that have their grounding in making everything from light bulbs to cars, this is a new concept. Such organizations have traditionally had a much more closed operational approach, treating data like intellectual property — something to be locked away.

 

To change this requires a cultural shift inside any business. Whilst this is not insurmountable by any means, it brings to the fore the need to effect a change in mind-set inside the boardroom. For such a sea change to happen, it will require education, human resources and technology investment.

The security of a smart object is only as strong as its weakest connected link.

Security is one of the biggest barriers preventing mainstream consumer IoT adoption. A Fortinet survey found that 68 percent of global homeowners are concerned about a data breach from a connected device. And they should be: Take a quick look at Shodan, an IoT search engine that gives you instantaneous access to thousands of unsecured IoT devices, baby monitors included! In 2015, the U.S. Federal Trade Commission stated that “perceived risks to privacy and security…undermine the consumer confidence necessary for technologies to meet their full potential.”

For manufacturers to boost consumer confidence, they must be able to demonstrate that their products are secure, something that seems to have come under increasing pressure lately. The problem with security is that it is simply never achieved. Security is a constant battle against the clock, deploying patches and improvements as they come.

This clearly can be overwhelming for product manufacturers. In order to do this, relying on an established IoT platform that has implemented comprehensive and robust security methodologies and that can guide them through such a complex area is a wise move.

Consumers also share some responsibility in increasing the security of their data — by using strong passwords for product user accounts and on Internet-facing devices, like routers or smart devices; use of encryption (like WPA2) when setting up Wi-Fi networks; and installing any software updates promptly.

However, as consumer adoption of IoT rises, it is critical for manufacturers to ensure that the security of smart, connected products is at the heart of their IoT strategy. After all, the security of a smart object is only as strong as its weakest connected link.

Coupled with security, emergent issues around data privacy, sharing and usage will become something everyone will have to tackle, not just tech companies. In the data-driven world of IoT, the data that gets shared is more personal and intimate than in the current digital economy.

For example, consumers have the ability to trade though their bathroom scales protected data such as health and medical information, perhaps for a better health insurance premium. But what happens if a consumer is supposed to lose weight, and ends up gaining it instead? What control can consumers exert over access to their data, and what are the consequences?

Consumers should be empowered with granular data-sharing controls (not all-or-nothing sharing), and should be able to monetize the data they own and generate. Consumers should also have a “contract” with a product manufacturer that adjusts over time — whether actively or automatically — and that spells out the implications of either a rift in data sharing, or in situations where the data itself is unfavorable.

The onus here also lies on regulators to ensure that legal frameworks are in place to build trust into the heart of the IoT from the very beginning. The industry needs embrace this and embark on an open and honest dialogue with users from the very beginning. Informed consent will never be more important, as data and metadata from connected devices is able to build a hyper-personalized picture of individuals.

Brands would be wise to understand that the coming influx of consumer data is a potential revenue stream that must be protected and nurtured. As such, the perception of privacy and respect are tantamount for long-term engagement with customers. So much so that it is likely that product manufacturers will start changing their business models to create data-sharing incentives and perhaps even give their products away for free.

Due to its massive potential, the Internet of Things is advancing apace, driven largely by technology companies and academic institutions. However, only through wide-scale education and collaboration outside of this group, will it truly hit full stride and make our processes, resources utilization and, ultimately, our lives, better.

Source:  http://techcrunch.com/2016/02/25/the-politics-of-the-internet-of-things/ 

Categorized in Internet of Things

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.
Please wait

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Newsletter Subscription

Receive Great tips via email, enter your email to Subscribe.
Please wait

Follow Us on Social Media

Book Your Seat for Webinar GET FREE REGISTRATION FOR MEMBERS ONLY      Register Now