The business risk Pretending the Internet of Things risk does not raise exposure to investor-backed enterprises is also cosmically naive. Last year, there was a hack of the automated hotel locks, of all things, made by global conglom Onity that went surprisingly underreported. Pretty much anybody with a spare Magic Marker, some cheap circuit boards and access to a few YouTube videos could create a master key that opens millions of hotel rooms around the world. Despite isolating the issue last summer and shipping north of 4 million patch kits, Onity still apparently faces hack-based burglaries. In May, hotel rooms in Tempe, Ariz., were robbed, and hotel video shows the Onity hack was probably involved.
And that's just the locks. It does not take much imagination to dream up exploits to other connected things found in the average commercial building, including the elevators, heating and cooling systems, the security cameras ... "You have to assume that the underlying system is compromised when you develop a new product now," Turner says. "If you don't put up that first-level wall, it's very tough to move logically forward." Not enough good guys What really stokes the security flames singeing the Internet of Things, Turner says, is that companies do not share information about attacks as they should. That creates a vacuum where the tested, private market tools of risk management cannot flourish. "Some sort of information compromise insurance should be available by now," he said. "But since nobody fully discloses, it's tough to create the basics, such as actuarial tables for information security risk." And get ready for the final investor insult: Considering the downside, it's not like addressing the Internet of Things risk is prohibitively expensive. "At most we are talking about a 2% to 5% bump in the total cost to produce a product. That is far less than marketing or R&D," Turner said. "I am baffled by the apathy in the space."