I was reflecting with friends and clients on a topic that concerns all of us: the security of connected devices. Whether you are a producer or a user, in private or corporate environments, no one is excluded.

Often, when I raise these points, people label me as “paranoid.” And that’s true—but for good reasons.

In today’s cloud hype, many people buy “smart” devices like connected thermostats without asking themselves what will happen when they become obsolete, no longer updatable, or even unusable. Or without wondering if the real business of certain manufacturers is not the device itself, but the collection and resale of data.

But this article is not about privacy. It is about device security and the risks of a hyper-connected world, where technological enthusiasm often runs faster than awareness.

Managing Critical Systems from a Tablet

At the beginning of my career, fixing a fault required dedicated Windows clients and stable connections; mobile access was a rare luxury.

Today, however, I see water distribution and treatment plants monitored from a tablet, anywhere. With just a few clicks, a technician can check gates and levels. “No changes can be made, it’s read-only,” I’m told.

Anyone in Cybersecurity knows how thin the line is between “read-only” and “full control”: sometimes it’s just a bit on the server side—or worse, on the client side.

That’s why incidents like the Florida water plant attack shouldn’t surprise us.

IoT and the Lightness of Industry 4.0

The real mistake behind Industry 4.0 is assuming that those who design industrial devices—always focused on physical safety—are automatically able to handle cybersecurity.

I’ve seen critical networks designed as if they were just “cables carrying information,” with no regard for network best practices . Consumer-grade switches bought in supermarkets have been used instead of industrial-grade hardware designed for extreme conditions.

It’s no surprise, then, that devices like those from General Electric revealed serious design flaws that can be easily exploited.

At the root, there’s always the same issue: lack of awareness. If you’ve never looked at systems from an attacker’s perspective, you cannot imagine the consequences of poor design choices.

The Consumer Side

The consumer IoT market is no better. On one side, some vendors are finally integrating security into their development process. On the other, the race to the lowest price floods the market with cheap, poorly designed devices—often with hardcoded backdoors that make them impossible to secure.

Conclusions

We are at the beginning of a new era, where security can no longer be ignored.

Early signals from both Europe and the U.S. already point in this direction: Cybersecurity as a mandatory requirement for product commercialization. Those who move early will gain a massive competitive advantage.

The rest, as often happens, will come running—and unprepared.