As Black Friday and Cyber Monday approach, American consumers are likely to be buying more connected internet of things toys and devices than ever before. However, with those devices come a host of security risks, though few consumers care, according to a report released Nov. 20 by Keeper Security.
Keeper Security surveyed 1,000 U.S. adults and found that Millennials (age 25-34) were the most likely to buy IoT devices. According to the survey, 65 percent of Millennials said they are not aware of IoT security risks. The survey also found that IoT device security is not something the same percentage of Millennials take seriously either.
The report found that there are multiple categories from which respondents said they are looking to purchase IoT devices. More than half (53 percent) indicated they plan to purchase IoT toys, 23.6 will purchase wearable devices, while the remaining 22.4 percent of IoT purchases will be connected home devices, including thermostats.
"Most of the findings were in line with my expectations, but I was surprised to learn that 1 in 5 connected devices are abandoned because the owner forgets the password," Darren Guccione, co-founder and CEO of Keeper Security, told eWEEK.
Keeper Security's finding that consumers don't care as much as they should about IoT security is consistent with other recent studies. On Nov. 14, McAfee released its annual Most Hackable Holiday Gifts list, which reported that 20 percent of consumers would buy an IoT device with known security risks. Consumers often expect the things they buy in stores to be safe, which is not necessarily an incorrect assumption, according to Guccione. He noted, however, that consumers still need education when it comes to IoT security.
"I think [consumers] are just assuming these products are safe," Guccione said. "IoT manufacturers won't begin to take security vulnerabilities and concerns to heart until consumers demand it from them or the government enacts regulations that force them to make them safe."
Guccione isn't the only one who believes the government needs to get involved to help improve IoT security. The idea of forcing regulations to help improve IoT security is one that IBM Resilient CTO Bruce Schneier advocated for in a keynote address at the SecTor security conference on Nov. 15. The risks from IoT devices that have not been properly secured are well-known to the U.S. government as well. In July, the FBI released an advisory on the potential risks of IoT and connected toys.
"Unfortunately, most of these products were created to be first to market and provide convenience to their customers," Guccione said. "These priorities seem to be top of mind to consumers, too. They want to be the first to have the device and tend to buy them for the convenience factor."
Looking forward, Guccione said he expects the adoption rate for IoT devices to continue to expand.
"I also believe there will be more security incidents and data breaches involving IoT devices throughout 2018 and that these attacks will prompt more awareness and education with the public," he said. "It will also, most likely, push the government to pass more regulations."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.