For the longer term, if the IoT is ever to improve from being a security minefield, Wisniewski believes it will take a major mindset shift.
“Today almost all of the responsibility is on the consumer, who more often than not is not aware of the risks and doesn't know what to do to mitigate them,” he said. “The burden should be almost entirely on the manufacturer to make it as simple as possible. The devices I've analyzed tend to lean towards terrible, and absolutely none of my devices would get a ‘responsible’ rating.
“Consumers have some responsibility, but shouldn't have to become security specialists,” he said.
Spiezle said in the long run that attitude would save money for IoT developers. “The cost to address a bug in a device prior to shipping is less than $200,” he said. “To do it post release can cost of $15,000. The economics are pretty clear, and unlike a site vulnerability, the liability exposure for a device that is compromised can risk putting a company out of business.”
For now, however, Lynch said public concern is well warranted. “These attacks are bringing awareness of just how dependent on the internet we are, and how the IoT will be a critical failure point if future cybersecurity attacks succeed,” he said.
Sign up for CIO Asia eNewsletters.