At CEDIA Expo 2025, cybersecurity took center stage on the Smart Stage as a panel of experts urged integrators to take a more proactive stance in protecting clients’ connected homes. With high-net-worth clients increasingly working from home and IoT devices proliferating at an unprecedented pace, panelists emphasized that integrators can no longer treat cybersecurity as an afterthought.
Rising Risks for High-Value Homes
Christina Dolan of Prime Radiant opened with a sobering reality: nearly 60% of executives now work from home, making residential networks a lucrative target for cybercriminals. A breach that jumps from home to enterprise can cost millions. With billions of IoT devices worldwide and most of them insecure, she called it a “new attack vector” that hackers are eager to exploit.
“It’s easy to visualize a fire or a flood and prepare for that,” Dolan said. “But until somebody gets hacked, they don’t realize how hard it is to recover.”
Farr Shepherd of SpecOp Secure drove home the point that integrators themselves carry liability. He described dissecting a recent case where a client was hacked through neighborhood war driving, drawing in both the FBI and the client’s bank.
“If you’re installing the network, you have liability,” Shepherd said. “Offer cybersecurity as part of your service. If clients refuse, that waiver helps protect you.”
Beyond the Network: Devices, People, and Liability
The panel noted that threats often come through individual devices, not just the network perimeter. Avi Rosenthal, chair of the Z-Wave Alliance, reminded attendees that even something as simple as a thermostat can provide a way in.
“Target got hacked through a thermostat,” Rosenthal said. “Every device choice matters. Even door locks and thermostats can be just as vulnerable as a router.”
Dolan added that new SEC rules now put cybersecurity compliance on par with financial audits, meaning the risks of neglecting it extend well beyond inconvenience.
Jerry Chen, founder of Firewalla, shared how his own experience inspired him to start his company. He recalled the moment he saw his child’s camera move on its own, a sign it had been hacked.
“Cybersecurity isn’t important until you get hacked,” Chen said. “But by then, it’s too late.”
Shepherd offered another striking example of how creative attackers can be. Hackers once used a drone equipped with a Wi-Fi pineapple to infiltrate the network of a New York penthouse.
“They turned on video mute, all the cameras went black, and then they just walked in and stole a bunch of art,” he said.
The dramatic story underscored the panel’s larger message: vulnerabilities are not limited to traditional networks, and attackers are constantly evolving their methods.
Practical Steps for Integrators
When asked where integrators should start, the panelists offered practical guidance. Shepherd urged firms to sell and maintain service plans that include firmware updates. Dolan warned against buying devices from questionable online resellers, where compromised hardware can slip into circulation.
Rosenthal advised making certifications part of the sales pitch.
“Part of being a good integrator is understanding those certifications, identifying them, and educating your clients on why they matter,” he said.
Chen highlighted visibility and control as essential. He suggested using firewalls not just to track devices and traffic, but also to enforce rules such as blocking suspicious destinations, preventing trackers, and even limiting kids’ access to apps.
A Call to Action
Rosenthal compared selling cybersecurity to selling alarms. Integrators should not promise invincibility, he said, but instead frame it as risk mitigation.
“You’re not promising they’ll never get hacked,” Rosenthal explained. “You’re promising detection and response, just like an alarm alerts you when a window breaks.”
The panel agreed that integrators must take the lead rather than wait for clients to raise concerns. Shepherd urged attendees to view cybersecurity as part of their role as trusted advisors.
“Pick a partner that allows you to say yes to their needs and keeps you from being displaced,” he said.
Dolan added that regulated industries are already expecting enterprise-level protections in residential settings.
“If integrators don’t address this void, someone else will,” she warned. “And they’ll take your client relationship with them.”
