• United States




Security and the Internet of Things – are we repeating history?

Jul 13, 20155 mins
Internet of ThingsNetwork Security

The Internet of Things (IoT) refers to the networking of endpoint products and objects that can be accessed via the Internet. The objective of this level of networking is to make our every day experiences more streamlined and efficient. Such an evolution is a logical progression in an increasingly networked world that favors optimum performance.

However, as we head toward an even more interconnected existence, this raises a very pertinent question: given the difficulties and various success rates of implementing cybersecurity practices in our professional and personal lives, are we ready to secure IoT devices and products?

[ ALSO ON CSO: Welcome to the Internet of Things. Please check your privacy at the door. ]

Our cybersecurity landscape is rife with well-publicized breaches committed by cyber criminals and cyber espionage actors. They have proven remarkably resourceful, innovative, and persistent in exploiting known and unknown vulnerabilities.  Considering that a 2014 HP report revealed that 70 percent of IoT devices were vulnerable to hacking, it appears that the bad guys will have even more opportunities to gain unauthorized access in pursuit of their nefarious activities.

There have been many discussions among cybersecurity experts regarding the security challenges that IoT presents. Gartner forecasts that 4.9 billion connected things will be in use in 2015, up 30 percent from 2014, and will reach 25 billion by 2020. The additions of these devices will make our networks more complex, and in turn, increase the greater potential impact that can occur as a result of a breach. Nevertheless, despite the recent events of cybersecurity failures, we seem committed to adopting IoT technology without having a security plan in place. 

The IoT era brings with it more security questions than answers. Among the more pressing topics that keep coming up include but are not limited to:

If IoTs are integrated into a personal or enterprise network, they represent potential entry points for malicious actors. No longer will attackers need to focus on targeting individuals or trying to exploit their computers, laptops, or mobile phones, IoT will provide them an opportunity to breach seemingly innocuous devices and potentially gain the same level of access. 

And herein lies the two-edged nature of IoT – the very technology that is being positioned to touch every aspect of our lives is the same technology that if exploited can pose a grave security threat to our information. If unregulated access is a serious security concern with Bring Your Own Device into the workplace, this threat is magnified substantially as more devices are invariably introduced into the network.

It’s often said that the current Internet was built and developed for performance and usability and not with security in mind. Our cybersecurity reality certainly reflects this contention; a 2014 report estimated financial losses to the world economy as a result of cyber crime and cyber espionage at $445 billion, a sobering figure that is indicative of our inability to address the threat in front of us.

Before we fully embrace the IoT, it might be best to pause and consider how these devices can be built with security in mind so we can prepare for the future threat.  Right now, technology is headed toward the IoT with the goal of transforming our lives via efficient, interconnected communications and data transfers. Failing to incorporate the necessary security applications prior to the full adoption of these devices will result in us making the same mistake again.

Intelligence may be built into devices, but common sense is not. There is a reason why people who don’t learn from history are doomed to repeat it. We need to break that cycle now.


Over the last two decades Brian Contos helped build some of the most successful and disruptive cybersecurity companies in the world. He is a published author and proven business leader.

After getting his start in security with the Defense Information Systems Agency (DISA) and later Bell Labs, Brian began the process of building security startups and taking multiple companies through successful IPOs and acquisitions including: Riptech, ArcSight, Imperva, McAfee and Solera Networks. Brian has worked in over 50 countries across six continents and is a fellow with the Ponemon Institute and ICIT.

The opinions expressed in this blog are those of Brian Contos and do not necessarily represent those of IDG Communications Inc. or its parent, subsidiary or affiliated companies.