Secure your environment. And don't have your alarm system, your heating and air conditioning system, on the same internal network as your PCs. If they are easily hacked -- and they are -- and attacked, you don't want them to be on the exact same network.
You can put them on a virtual network using all of the consumer-based switches and systems that are readily available out in retail stores. Configure a virtual local area network (VLAN) to secure your environment.
CIO: The average consumer is not particularly security-savvy. They're probably not going to use a VPN or a VLAN, or turn off the broadcast function on their Wi-Fi router. With that in mind, do you suggest that consumers avoid IoT devices, or connected home devices, altogether at this point? Is the risk too high to justify the potential gains?
Irvine: That or engage a professional to install security measures for you. Let's say you do that. I have my home security system, I've tightened down my Wi-Fi and everything. Like you said, the average consumer is not security conscious. They pay somebody else to do that for them.
Then they drop their phone somewhere and it doesn't have a PIN on it. They have applications on their phone that allow them to control all of their IoT devices. We have to start securing our mobile devices even more critically because all of the applications are there to control our entire lives. And yet, statistics show that more than 80 percent of people don't even put a PIN on their phone. I was in a meeting of about 25 CFOs of multi-million-dollar accounts, just this week. I asked how many of them had PINs on their phones, and less than half a dozen had PINs.
CIO: Your advice isn't too different than what cybersecurity experts have been saying for years.
Irvine: That's true. It's just the risk is even greater. Now [hackers] aren't just looking at your individual PC, they're looking at all of your personal property.
CIO: It's not necessarily about taking control of your IoT devices, your home heating system, your alarm system?
Irvine: No. That's been the real mindset change in cybersecurity in the last three to four years. It's no longer about inconvenience. It's no longer DoS attacks that are occurring. It's 100 percent based on financial gain. Everything now is to get your identity, to get financial information, and to steal your identity to get more money. It's a multi-trillion dollar industry today.
CIO: What does the IoT mean for corporations, for CIOs and other enterprise security personnel? Do they need to think about how IoT affects their organizations?
Irvine: It's definitely an enterprise issue, just the same way as BYOD is an enterprise issue. Everybody now is accessing their corporate environment through their consumer systems. I'm going to have my mobile device, my phone, my tablet, my laptop, at my home on my network that can be easily breached. Just like Target was hacked through its HVAC company, somebody else can get into a user's environment and get into corporate data. So absolutely, CIOs need to always look at the weakest link.
CIO: What can CIOs do to protect themselves and their organizations?