Earlier this year an alarming story hit the news: Hackers had taken over the electronic key system at a luxury hotel in Austria, locking guests out of their rooms until the hotel paid a ransom. It was alarming how physical devices connected to the internet, collectively known as the internet of things (IoT), can be hacked and manipulated.
The problem is that many IoT devices are not designed or maintained with security as a priority. According to a recent study by IBM Security and the Ponemon Institute, 80% of organizations do not routinely test their IoT apps for security vulnerabilities. That makes it a lot easier for criminals to use IoT devices to spy, steal, and even cause physical harm.
Some observers attribute the failure to the IoT gold rush, and are calling for government to step in to regulate smart devices. When it comes to cybersecurity, however, regulation can be well-intentioned but misguided. Security checklists that are drafted by slow-moving government bodies can’t keep up with evolving technology and hacking techniques, and compliance regimes can divert resources and give a false sense of security.
