Cyber Monday Sale! 50% Off All Access

Yes, Hackable Dolls and Insecure Fridges Really Are a Thing If it's connected to the internet, it's at risk.

By Sudhakar Ramakrishna Edited by Heather Wilkerson

Opinions expressed by Entrepreneur contributors are their own.

solarseven| Getty Images

The premise of Bruce Schneier's new book, Click Here to Kill Everybody, is that "the internet is powerful, but it is not safe. As "smart' devices proliferate, the risks will get worse, unless we act now." I couldn't agree more.

If you've seen Maximum Overdrive, Stephen King's 1986 horror movie in which the world's home appliances rise up and start attacking their owners, you'll have a good idea of the kind of climate in which the Internet of Things (IoT) hacks are often talked about. Admittedly, the hacks detailed below are much more mundane, but if IoT security issues are not dealt with soon, King's movie may not be so absurd after all.

Related: The Dangers of the Internet of Things

There are serious security flaws that permeate the build process for IoT devices -- security cameras to pacemakers, cars, home security devices and yes, potentially even your net-enabled fridge. However, as far as how those flaws can be exploited, it's still relatively early to say. To date, the objective of IoT hacks appear to be either experimentation or the same as with any other kind of targeted hacking -- to steal or otherwise manipulate data for financial gain or malicious intent. Here are some notable examples:

In 2016, the IoT-driven Mirai virus perpetrated some of the largest DDoS attacks ever seen. A DDoS attack pointed at U.S.-based DNS provider Dyn, Mirai took down large parts of the internet, including Netflix and Amazon, and in a different attack, the country of Liberia, with an army of enslaved IP cameras, printers and baby monitors.

Ransomware attacks on IoT devices underscore how critical the proper IoT security can be, especially when you consider that a smart device can be used as a jumping off point to hijack an entire network (and vice versa). U.K. hospitals were hit hard by last year's WannaCry ransomware cyberattack, which cost the U.K.'s National Health Service almost £100m (despite its paltry $300 price tag for decrypting data) and led to the cancellation of 19,000 appointments. While the U.S. pretty much avoided the scope of the attack, there were some reports of U.S. hospitals being hit, including one hospital that had its radiology equipment hacked.

For a peek into how clever criminals can be, we can look to the Mandalay Bay Casino hack, in which its high-roller database was stolen via a compromised, internet-connected fish tank thermometer. And security researchers have demonstrated how everything from Wi-fi-enabled Barbie Dolls to Samsung TVs can be hacked.

The biggest issue with securing the IoT is that like the internet itself, the IoT ecosystem was not built with security in mind. All layers of the stack IoT -- the hardware, software, etc., are vulnerable and inherently insecure across multiple fronts, and manufacturers are not yet incentivized through regulation or public pressure to change that.

Related: Malware Hits Everyone, From Small Business to Big Government. What Are You Doing About It?

Plus, implementing standards and best practices across a global, multi-pronged supply chain requires governments working in unison to create and enforce global standards. The global manufacturers who produce so many of the cheap, rushed-to-market IoT goods in countries prized for their cheap labor costs and low regulatory bar are not likely to start thinking about cybersecurity any time soon. At the consumer level, many are still clueless or uninterested about the weaknesses in their connected doorbells, and at worst, indifferent.

The problems are massive, but Schneier spends almost half the book on how we can fix the problem. In short, he suggests a model consisting of technology and policy -- a mix of well-crafted, enforceable government regulation and industry-wide adherence to strong security standards, such as those outlined by the National Institute of Standards and Technology (NIST).

Schneier's book is particularly timely in that is was published just as signs of change have begun to appear on the horizon. Six months ago, the European Union passed the General Data Protection Regulation (GDPR), which outlines very clear requirements for the use and handling of customer data. With a recent Facebook breach that impacted 3 million users, GDPR's effectiveness will be soon be tested.

In September 2018, California Governor Jerry Brown signed SB-327, the nation's first IoT-specific law. The bill has been praised by some as a good first step and criticized by others as being too vague. Either way, it's paving new ground. Plus, because it applies to devices built and sold in California, it will have ripple effects that extend beyond the state.

Related: 12 Simple Things You Can Do to Be More Secure Online

We may not have to face down our own electric shavers as they try and cut our throats, but until security is baked into the manufacturing process for connected devices, we are leaving ourselves equally vulnerable. If I haven't quelled your desire to use smart devices, here are some ways to do so as securely as possible:

When evaluating products, ask salespeople questions about their security features. If they have nothing to say, or what they tell you is not easily understood, ask yourself -- do you really need that cool new smart device?

If you are using apps to control your IoT devices (think smart home alarms or thermostats), consider using a VPN for your phone that includes basic web protections. There are plenty of options, both free and for a small annual fee.

Stay vigilant. any network-connected device can be hijacked, and phishing is still one of the most effective ways to deliver malware. Don't assume your IoT devices are immune from email or web-based attacks accidentally unleashed on your smart devices from your laptop or desktop.

Sudhakar Ramakrishna

CEO of Pulse Secure

As CEO of Pulse Secure, Sudhakar Ramakrishna oversees business strategy and execution. He has 25 years of experience across the cloud, mobility, networking, security and collaboration markets. Previously, he was SVP and GM at Citrix, where he had P&L responsibility for a $2.5 billion portfolio.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Business News

'Something Previously Impossible': New AI Makes 3D Worlds Out of a Single Image

The new technology allows viewers to explore two-dimensional images in 3D.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Business News

'I Stand By My Decisions': A CEO Is Going Viral For Firing Almost All of the Company's Employees — Here's Why

The Musicians Club CEO Baldvin Oddsson fired 99 workers at once over Slack for missing a morning meeting. But there's a catch.

Fundraising

They Turned Down an Early Pay Day to Maintain Control of Their Business. And Then Went on to Raise $190 Million.

Jason Yeh, co-founder and General Partner of Patron, explains the early-stage venture firm's creation and future outlook.

Real Estate

Why Real Estate Should Be a Key Part of Your Wealth-Building Strategy in 2025 and Beyond

Real estate remains a strong choice for building wealth in 2025 and beyond, from its ability to generate passive income to offering long-term appreciation and acting as a hedge against inflation.