Should CIOs worry about the Internet of Hackable Things?

Should CIOs worry about the Internet of Hackable Things?

From wearables to appliances to e-readers, there’s no shortage of possible security holes when almost every device is connected. What’s a CIO to do?


If 2015 was the year of the Internet of Things, 2016 could be the year of the hacked Internet of Things. That could mean a lot of headaches for CIOs, whether they're fans of these new devices themselves or will be dealing with employees connecting them at work and managing the potential security exposure that brings.

"The issue to date is that devices are vulnerable just by the fact that they exist and can connect to the Internet," says Jerry Irvine, member of the U.S. Chamber of Commerce’s Cybersecurity Leadership Council and CIO of Prescient Solutions. "Anybody can get to a device if you don't secure them properly."

One of the reasons why it's a big hacker target: It's, well, big. Gartner estimates that 6.4 billion connected things will be in use by 2016, up 30 percent from last year. They also predict that 5.5 million new things will get connected every day.

That's a lot of possible portals for bad players to get in.

The IoT threat

One big problem with these devices, says Irvine, is that they're not always built with security in mind, which is why they can be the backdoor into infiltrating a system that's otherwise guarded.

Think of e-readers, Irvine says. “They're easily hackable because they have no antivirus system, no data loss applications." Another example he gives: smoke alarms. There's no real security protection on them, not like you'd find with your typical laptop or smartphone. If someone gets in through that smoke alarm, and you don't have a wall between where it connects to your computer, that bad guy can get right in.

"Remember, when Target was hacked, they were hacked through their heating and air conditioning system," Irvine says.

[Related: Consumers think IoT security is a piece of cake; IT pros have another name for it]

However, there are some steps you can take. The first is to keep devices updated. "Operating systems on their firmware become vulnerable," Irvine says. "Updates are made because someone outside of the company has notified the company that there is some kind of weakness."

Another no brainer, he says: a strong password – one that's not also used for anything else, especially any banking programs. As many blockades as your financial institutions put up against bad guys, nothing will stop them if someone yanks your username and password from the database of what you thought was a harmless thing that connects to the Internet.

If you're going to be connecting a lot of smart devices at home – TV, thermostat, baby monitor, garage door opener, these kinds of things – Irvine suggests setting up a separate network from those devices, one that works on Wi-Fi your computer never touches. He recommends a virtual private network (VPN) so that, if one of your new connected things gets infected with a virus, it won't bleed over onto your important devices to grab passwords and sensitive information.

Zulfikar Ramzan, CTO of RSA Securitysuggests thinking hard about what information you're willing to share with these devices, and how you'd feel if the device or the information it's collecting about you were made public. If you don't want that out there, then maybe anything tracking that kind of information isn't something you want in your life. Or at least maybe it’s something you don’t want connected to the Web.

For the CIO

CIOs are between a rock and a hard place when it comes to all of these connected devices, Ramzan says.

"Every single one of these devices can be one or more entry points," he says. "It's one more way for the bad guy to do something and cause problems."

But turning into Chicken Little screaming that the sky is falling because someone syncs his Fitbit through his work laptop may be going a bit too far.

"We haven't seen a large-scale expectation of those risks," Ramzan says. CIOs, he says, "may perceive this to be something to worry about, but there may be nothing today to worry about."

How CIOs will balance the potential risks without being an alarmist is something that will shake out this year. But striking that right balance will be crucial going forward, especially since the potential exposure is huge....and there's no question that most IoT devices need better security.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Internet of Thingssecurity IoT



Join key decision-makers within Environmental, Social, and Governance (ESG) that have the power to affect real change and drive sustainable practices. SustainTech will bridge the gap between ambition and tangible action, promoting strategies that attendees can use in their day-to-day operations within their business.

EDGE 2023

EDGE is the leading technology conference for business leaders in Australia and New Zealand, built on the foundations of collaboration, education and advancement.


ARN has celebrated gender diversity and recognised female excellence across the Australian tech channel since first launching WIICTA in 2012, acknowledging the achievements of a talented group of female front runners who have become influential figures across the local industry.

ARN Innovation Awards 2023

Innovation Awards is the market-leading awards program for celebrating ecosystem innovation and excellence across the technology sector in Australia.

Show Comments