how a continued lack of due diligence can (and often will) lead to the demise of customer
confidence and the provider’s business.
Conclusion
Based on the two scenarios studied in this chapter, it is evident that situations involving secu-
rity are shaped by the actions and intentions of key individuals.
In the first scenario, John Smith intended to impress his company’s board of directors by
focusing on security issues relating to IoT devices. However, his approach was misaligned
with the interests of his employer. Instead of demonstrating a solid understanding of the
interests of the business and the technical risks pertaining to the vision of the company,
Smith focused on the IoT because it was a buzzword. Even if Smith’s intention was to lever-
age the topic to gain further support from the board and ultimately obtain funding to operate
a better team, he came across as self-serving, focusing on his own interests and career rather
than taking into account what was best for the business. This is a critical scenario to ponder
and learn from given the interest in the topic of IoT devices in the market today. It is always
good to discuss emerging technologies and be prepared for the future, but it is equally impor-
tant—if not more important—to stay focused on the business one is trying to protect, and to
be able to put forward a crisp security strategy that aligns with the organization’s goals.
In the second scenario, LifeThings quickly gained ground as an IoT platform by making
the right investments in newly constructed high-rises. However, the company’s commitment
to swift customer support was provided at a cost: anyone could use caller ID spoofing to
impersonate a customer. SmartThings’ responses to researchers and journalists showed that
the company was reacting emotionally, most likely because it did not employ talent who could
help the staff understand the importance of security and the critical processes that need to be
in place to communicate with researchers, journalists, and customers. The security architec-
ture of the platform was also poorly designed, and the company struggled to address the
issues when they were exposed. Due to the lack of understanding and proper decisions on the
part of the LifeThings leadership, customers suffered losses of privacy and even physical theft,
ultimately leading to the financial demise of the company.
These two scenarios are helpful in understanding that situations surrounding security are
dependent on the people involved. It is important for organizations to make sure they employ
the right people, who are able to generate positive outcomes for the organizations as well as
their customers.
This book has covered a range of actual IoT products in the market and the security issues
they face. We have also discussed the details of how to design and prototype new IoT devices
and think through the attacks various kinds of threat agents may be drawn to. We have predic-
ted future attack vectors that we must consider as we design and use IoT products. Finally,
we’ve seen how people themselves are highly influential in the outcomes of security incidents,
with their goals, intentions, and approaches to dealing with issues pertaining to security
CONCLUSION 263