Last October’s IoT Hack: No Black Swan

Share:

By: Phil Simon |

Photo credit: Canva

Security breaches these days have become commonplace—almost daily occurrences. It’s a lamentable sign of the times. Still, even by today’s ho-hum standards, one in October of last year proved particularly worrisome.post-1-within-article

As far as we know, hackers accessed traditionally less secure devices to cause massive outages. The culprits: DVRs and CCTV video cameras. It didn’t take long before hundreds of millions of people could not access key accounts on sites that included Twitter, Amazon, Tumblr, Reddit, Spotify, and Netflix.

Here’s a heatmap outlining the attacks:

post-1-within-article2

The hacks seemed to confirm the worst fears of industry experts and Internet of Things’ (IoT) skeptics. These newfangled devices that hold oh-so-much promise can also serve as tremendous weapons for bad actors.

Think about it. Those with pernicious motives can get at our technology stalwarts (read: our e-mail accounts, laptops, and desktops). What’s to stop them from accessing our smartwatches, TVs, refrigerators, locks, and even cars?

Answer: Apparently not very much.

If you think that this was a black swan, think again. In fact, expect outages such as these to continue for one very simple reason: design. To this end, as Jeff Bertolucci writes:

Legacy systems, in fact, weren’t designed to identify wireless communications protocols that modern smart devices use to share information.

The phrase wireless communications protocol (Bluetooth is an example here) isn’t terribly sexy but make no mistake: it’s a big deal, and you need not be a security guru to understand this. Moreover, it’s precisely these types of disconnects and mismatches that keep Chief Security Officers (CSOs) and CIOs up at nights. Collectively, these types of issues pose significant security risks to enterprises, especially those dabbling with IoT devices. What’s more, it surely deters many organizations from taking the plunge.

Simon Says

Brass tacks: organizations face an increasingly complex array of security issues in a BYOD world. (How simple do the 1990s look by comparison to today?) Adopting best practices such as two-factor authentication sure helps, but there’s no one elixir or magic wand that solves all enterprise security issues.

Still, we must march on. We cannot halt progress because some unscrupulous types wish to cause chaos. At a minimum, recent events underscore the need to establish standards.

If history is any guide, the IoT will never reach complete safety or security. Despite its considerable perils, though, the IoT also portends enormous opportunity—far too much to pass up.

Topics: ,

About The Author

Phil Simon

Professor at ASU’s W. P. Carey School of Business

Phil Simon is a frequent keynote speaker and recognized technology authority. He is the award-winning author of seven management books, most recently Message Not Received: Why Business Communication Is Broken and How to Fix It. He consults organizations on matters related to communications, strategy, data, and technology. His contributions have been featured on The Harvard Business Review, CNN, Wired, NBC, CNBC, Inc. Magazine, BusinessWeek, The Huffington Post, Quartz, The New York Times, Fox News, and many other sites.

Articles by Phil Simon
See All Posts