NEW YORK (
) -- Investors are facing an Internet of really, really ... really (!) vulnerable things.
"Basically anything with an IP address is open to attack," is how Adrian Turner summed it up to me during a frankly terrifying phone call.
Turner is both CEO of
, a San Francisco information security firm, and the rarest of rarities in the security business: an executive not afraid to admit that his industry does a miserable job of communicating the preposterous risks lurking in the Information Age.
"Security vendors have fanned the flames of imminent collapse to drive sales. But the world is still in place," he said. "So people are numb to the news."
The dawning investor menace here, of course, is that value-destroying information-based attacks are no longer confined to the world's
iPads or even this or that
smartphone. Serious processing capability, network connectivity and powerful software are finding their way into the world's most mundane things. This "Internet of Things" now connects everything from pacemakers to hotel door locks. And Turner is seeing a bewildering comprehension gap about the vulnerability of this Web of smart electronics.
"There is this illusion of blind trust in the electronics around us," he said. "So when gadgets betray us, we are shocked."
Even the most casual walk-through of this newly minted Internet of Things is astonishing in revealing its vulnerability.
The individual risk
Never mind the made-for-the-Web stunts of journalists such as
' Andy Greenberg driving
. Or well-publicized conspiracy theories surrounding
in what may -- or may not -- have been a compromised vehicle. Or the stories of the critical infrastructure of everything from human
being susceptible to attack.
What's truly ghastly about the Internet of Things risk is the seeming joy Information Age boosters are taking in compromising the most intimate crevices of our lives and businesses.
I kid you not, Chicago-based security firm
reverse-engineered a high-end Japanese Internet-enabled toilet
called the LIXIL Satis. Now any creep with a Web connection can ... I can't even write the sentence,
The actual risk is probably minimal. After all, who really spends more than $5,000 on a toilet? But if after studying
, the hack and
, it's clear most everything in our homes thus connected can be compromised in similar ways.
The business risk
Pretending the Internet of Things risk does not raise exposure to investor-backed enterprises is also cosmically naive.
Last year, there was a hack of the automated hotel locks, of all things, made by global conglom
that went surprisingly underreported. Pretty much anybody with a spare Magic Marker, some cheap circuit boards and access to a few YouTube videos could create a master key that opens millions of hotel rooms around the world.
Despite isolating the issue last summer and shipping north of 4 million patch kits, Onity still apparently faces hack-based burglaries. In May,
hotel rooms in Tempe, Ariz., were robbed
, and hotel video shows the Onity hack was probably involved.
And that's just the locks. It does not take much imagination to dream up exploits to other connected things found in the average commercial building, including the elevators, heating and cooling systems, the security cameras ...
"You have to assume that the underlying system is compromised when you develop a new product now," Turner says. "If you don't put up that first-level wall, it's very tough to move logically forward."
Not enough good guys
What really stokes the security flames singeing the Internet of Things, Turner says, is that companies do not share information about attacks as they should. That creates a vacuum where the tested, private market tools of risk management cannot flourish.
"Some sort of information compromise insurance should be available by now," he said. "But since nobody fully discloses, it's tough to create the basics, such as actuarial tables for information security risk."
And get ready for the final investor insult: Considering the downside, it's not like addressing the Internet of Things risk is prohibitively expensive.
"At most we are talking about a 2% to 5% bump in the total cost to produce a product. That is far less than marketing or R&D," Turner said. "I am baffled by the apathy in the space."
This commentary comes from an independent investor or market observer as part of TheStreet guest contributor program. The views expressed are those of the author and do not necessarily represent the views of TheStreet or its management.