Like what you read and curious about the conversation? Visit CISO Perspectives to get further insights into this topic. CISO Perspectives is a weekly column and podcast where Kim Jones explores the evolving landscape of cybersecurity leadership, talent, and risk—because success in cybersecurity is about people, not just technology.
Privacy needs where you least expect it.
Welcome to the CISO Perspectives Weekly Briefing, where we break down this week’s conversation, providing insights into relevant research and information to help you further understand the topics discussed.
At 425 words, this briefing is about a 4-minute read.
The internet of things.
When people think about privacy risks, they often picture big data companies harvesting personal information or algorithms analyzing their social media or shopping activity. While those concerns are real, an often-overlooked aspect of privacy involves devices we use every day. These everyday devices are grouped together and oftentimes referred to as the Internet of Things (IoT). These IoT devices include smart home gadgets, wearable technology, or industrial or vehicle systems, and many of them are constantly collecting and transmitting significant amounts of data.
Although useful, these devices raise significant privacy concerns, especially when not properly managed. The Australian Office of the Victorian Information Commissioner (OVIC) analyzed IoT devices and how they are only growing more entrenched in society.
OVIC noted how IoT devices oftentimes rely on sensors like microphones, thermometers, or accelerometers. By aggregating collected data from nearby devices, a process known as “sensor fusion,” and utilizing machine learning, these sensors can create detailed profiles about the people using these devices.
One clear example of this challenge is in vehicles. Cars have become IoT device hubs, and given that 92% of American households own at least one car, they have become unavoidable.
Understanding the gaps.
A study by Privacy4Cars found that vehicles can collect call logs, contacts, navigation history, braking habits, and even voiceprints. Much of this information is poorly protected, exposing drivers to risks ranging from data reselling to identity theft.
In one notable case, researchers were able to examine a car previously owned by a military contractor. Through their efforts, the researchers were able to discover highly sensitive personal information about the vehicle's previous owner. This data included:
- Full name and multiple personal residency addresses.
- Employer and personal email addresses.
- Smartphone contacts, call logs, and message history.
- Military research locations
This case is only one reminder that IoT risks extend far beyond what people commonly think of. Vehicles, industrial equipment, and other everyday devices silently accumulate sensitive data, oftentimes without any adequate safeguards in place. For security leaders, the challenges are not simply about acknowledging these privacy gaps but require active mitigation efforts. Ignoring these devices, especially those outside the traditional workplace setting, creates a critical privacy gap. By treating IoT devices as a central privacy issue, organizations can begin to close some of the most overlooked vulnerabilities.