The tech world moves at a tremendous pace, unleashing wave after wave of innovation intended to improve our everyday lives. Many new devices, from security cameras to fridges, or TVs to baby monitors, are now internet connected. This affords us remote access and facilitates the collection of data, which is ostensibly used to make our systems \u201csmarter.\u201dHowever, it also opens new doors into our offices and homes through which hackers can come uninvited.There were around 6.4 billion connected things in use worldwide in 2016, and that\u2019s set to grow to 8.4 billion this year, according to Gartner. There\u2019s no doubt that the Internet of Things (IoT) will bring many benefits, but it also brings greater risk.Awareness is growing, but everyone needs to take steps to secure IoT devices.Hacking your IoT devicesSecurity has yet to catch up with the IoT trend. A couple years ago, an HP study found that 70 percent of IoT devices were vulnerable to attack. You may wonder how hackers gain access to these devices in the first place. Often, it\u2019s because default passwords and credentials are used. In some cases, devices are woefully insecure by design with administrator logins that have been baked into the firmware.The success of the Mirai DDoS botnets, which took control of devices such as routers, DVRs and digital cameras, was based on malware that scans a broad range of IP addresses and tries to log in to devices using default usernames and passwords. A botnet of more than half a million devices was assembled to attack one of the key domain name service providers, Dyn. It took down large parts of the internet last October, impacting major websites, including eBay, Amazon, Netflix, PayPal, Reddit and Spotify.Devices are also frequently hacked through phishing emails, where users are tricked into opening attachments or clicking links that install malware or redirect them to false website fronts designed to steal their credentials. Malware can even be delivered through an old USB drive, so don\u2019t be tempted to plug one in if you find it lying around and don\u2019t know where it came from. Curiosity can kill the cat. For years we\u2019ve seen cases of people picking up USB fobs in parking lots dropped there on purpose by the bad guys.Building botnetsHackers seize control of vast numbers of devices quite quickly and build botnets, which are networks of thousands, or even hundreds of thousands, of devices. They use these botnets to carry out volumetric attacks that flood target websites or servers with traffic, sometimes managing to make them completely inaccessible for normal folks. They may also be used to send spam, scan for further vulnerabilities, exfiltrate stolen data, or conduct brute force attacks.These botnets often span the globe, and the devices often lack static IP addresses, so it\u2019s very difficult to reliably identify them and block them. There\u2019s little indication for the victim that their device has been infected and is now being used for nefarious activities.To make matters worse, many hackers are just looking to turn a quick profit, so they offer botnets for hire to anyone willing to pay. Since the malware required to build a botnet can be bought, or a botnet can be rented directly, there\u2019s no real skill barrier to deploying one.Defending your networksYou\u2019ll need to do some homework to make sure your network is safe. To start, make sure you change the default passwords that come with your IoT devices. This is an easy first step, but it\u2019s not enough. You should also look into the manufacturer and be vigilant for admin credentials that are hardwired in the firmware.The next thing you need is a decent firewall and a security platform that scans your network in real time and analyzes traffic to uncover threats. Look for malicious traffic detection, botnet detection, and command and control call-home traffic detection. You want a system that can identify suspicious traffic and highlight an infected host quickly, then isolate it until you can take action.We must also bring more scrutiny to bear on IoT device manufacturers and software developers. If we don\u2019t collectively start taking security more seriously, the IoT could be our downfall.\u00a0The opinions expressed in this Blog are those of Michelle Drolet and do not necessarily represent those of the IDG Communications, Inc., its parent, subsidiary or affiliated companies.