FIGURE 7-27. Internal email message between Sony Pictures executive and producer Scott Rudin leaked as part of the
attack
Actions committed by certain threat agents can lead to the compromise of personal or
corporate reputations, which in turn can lead to negative effects on the careers of exposed
individuals who have been targeted. Loss of brand reputation can also lead to loss of con-
sumer confidence that can have a long-term and sustained effect on business.
IoT manufacturers must think through how disgruntled employees with access to cus-
tomer information can put confidential information at risk. Employees involved in customer
support often have access to customer accounts so that they are able to troubleshoot situations
to serve support requests. Customer support agents in the case of an Internet-connected door
lock company are likely to be able to lock or unlock doors remotely. This could make them
attractive targets for a social engineering attack, whereby the support representative may be
tricked into opening a door lock belonging to someone else. This situation could also be
abused by disgruntled agents who could cause havoc by having all door locks that are online
unlock, thereby flooding the customer support lines, damaging the company’s reputation, and
putting customers at physical risk.
220 CHAPTER 7: SECURE PROTOTYPING—LITTLEBITS AND CLOUDBIT