Is the Internet of Things a Gaping Security Chasm?

Reading Time: 2 minutes

A couple weeks ago, Kashmir Hill wrote a pieces for Forbes about search engine Shodan, which was built for the purpose of crawling for devices on the Internet—many of which are programmed to answer and are sometimes easy to hack.

Among the devices it has discovered are some of the things that would make horrible headlines if hacked, including, “…cars, fetal heart monitors, office building heating-control systems, water treatment facilities, power plant controls, traffic lights and glucose meters.” If we really are as seriously exposed as the piece makes out, this is an enormous problem.

This is a “stop the presses” problem, in fact.

Second Chances

A similar piece was published on GigaOM by Stacey HigginbothamWhy the internet of things gives us a second chance to define digital trust and privacy. Higginbotham argues that as we enter the age of the Internet of Things, where an estimated 50 billion (that’s with a ‘b’) sensors and devices will be connected to our current Internet, we have a chance to get ahead of the privacy and security issues that cropped up as the Internet developed. We were naive then about what people would do with so much information readily available, but now we’re 20 years in and have a chance to be smarter this time.

High Stakes

And we need to be, because the stakes are far, far higher this time around. The promises of a connected world means the things we trust intimately, sometimes by necessity, are online alongside us everywhere—our houses, offices, cars, in our pockets, and as wearable. But, if this means we’ll find ourselves at the mercy of those who would hold us hostage to a new level of hacking, loss of privacy, and personal danger, this simply won’t work. We have to be better, and as the Forbes piece points out, we have to do better than we’re actually doing right now.

We’re not ready for the security and privacy requirements of the Internet of Things. We have the means to accomplish high levels of access control, logging, and event-based security; but, for the most part, the technology hasn’t been implemented due to cost, naiveté, or a lack of understanding and disregard of the risk.

Unfortunately, it will probably take high-profile failures before the right focus is applied.

To learn more, read our white paper on the four clues your organization suffers from inefficient integration. 

This post was originally featured on