I want you to imagine this scene: in the back room of a flashy casino, a cybersecurity quick response team is on alert after discovering that a hacker is at work somewhere on the casino floor.\u00a0 A couple of genius tech team members realize that the hack is actually happening right now, and they\u2019ve found the source. The call goes out to the security guards, \u201cSector 20 Zulu\u2026 Go! Go! Go!\u201d Now teams Alpha, Bravo, and Charlie enter simultaneously from various points around the floor and rush to the scene where they meet at the source of the breach\u2026a fish tank.While you may certainly agree that the above scene is seriously lacking in a climax, you might be amazed to know that it\u2019s a true story. In 2017, a hacker had scanned casino IP addresses searching for a device they could control. The scan revealed a smart thermometer attached to a large aquarium that shared temperature data with the employees responsible for the aquarium\u2019s upkeep. The thermometer needed a network to connect to in order to share its data, and which one did it use? You guessed it, the casino\u2019s private network.After the device was hacked, the attacker gained access to the casino network and stole private data on casino customers, uploading the data to their server overseas. If you wonder why I call IoT \u2018the internet of threats,\u2019 I hope the above story gave you a good enough reason.There are more threats than you thinkThe threats are truly all around us.\u00a0 We\u2019ve got digital assistants that are constantly listening to us in our kitchens, video game consoles with cameras, digital locks on our doors, and more. You don\u2019t have these types of items in your office though, so nothing to worry about, right? Well, do you have networked printers that also have wifi capability?\u00a0 Security systems linked to external vendors?\u00a0 A thermometer on the fish tank in the lobby? Many aren\u2019t aware of all the IoT devices that are actually connected to their network, and this can lead to very dangerous situations.\u00a0 IoT is broadly considered to be anything in your domain that could possibly connect to the internet, or even just your network.\u00a0 To say it\u2019s time to pay attention to this threat is an understatement.Why is this happening?The first step we need to take is grasping how and why these devices are a threat to begin with.\u00a0 With all we\u2019ve learned about security, why are devices that seem so easy to hack into getting deployed?\u00a0 The simple fact is, for many manufacturers the notion of security might come as an afterthought to innovation.\u00a0 For example, if a company is producing hundreds of thousands of network-connected thermometers, the notion of installing and managing unique encryption keys between those devices might seem ridiculous and expensive.\u00a0 Sometimes the security is there, but when mismanaged, it\u2019s like leaving the front door not only unlocked but wide open.\u00a0 A great example of this is when you install your new networked printer in your house and totally ignore the fact that the printer itself has a wifi router installed that you both neglected to disable and forgot to change the default access password to.\u00a0 The chance that the printer doesn\u2019t have a vulnerability allowing an attacker to bridge those connections and access your personal file shares is a very high risk to completely ignore.In a world of best intentions, your corporate brand and the private data of your users is simply too valuable to play games with. We must go the extra mile and do everything we can to make sure all devices are secure.\u00a0 Let\u2019s take a look at a couple of approaches that will certainly help close the gap.How to address the internet of threatsWhen I was young, the G.I. Joe cartoons always ended in a short PSA from one of the characters who would shout, \u201cknowing is half the battle!\u201d\u00a0That same PSA could also be applied here.\u00a0 Just having a basic awareness of possible threats can change your interaction with teams, third-party partners, or strange devices potentially connecting to your network. I recommend asking as many questions around security as possible to those who connect to your network, like printer vendors, to see if they can disable certain network features you know your company won\u2019t need.\u00a0Or ask about the possibility of enhanced security on these devices where a user must own a signed certificate that proves their ability to connect.\u00a0 Most printers these days actually support certificate-based authentication and that might not be a bad idea to embrace.Have a thermometer in the lobby collecting temperature data for your maintenance vendor?\u00a0 Consider setting up a public network specifically designed for guests or devices that have no access to your company\u2019s internal assets.\u00a0 As a warning, it is very difficult to tell if these IoT devices are creating a vulnerability on your network, so why would you allow such an unknown and unpredictable threat onto the corporate network?Finally, and most interestingly, many have begun to realize that there are some very significant similarities between networked devices and users.\u00a0 In fact, an entire boutique industry has sprung around the notion of IAM for IoT. (Full disclosure: While my employer One Identity doesn\u2019t fit in this category, it does offer a feature to manage IoT devices through its IAM platform.)Think of it this way, a device\u2019s lifetime in your domain follows many common principles of IAM:An individual device can be provisioned and recorded into the IAM systemA device is often associated with a specific account or credential for obtaining accessThe device\u2019s credential should be restricted in what it can and cannot have access to on the networkAdevice\u2019s account should be closely monitored and observed via analytics for unusual behaviorIt should be possible to remotely kill a device's access without unplugging it from the networkThe list could go on for sure, but one highlight in the list above is that we don\u2019t simply give users credentials and allow unfettered access to the network, so why wouldn't we apply the same controls to a networked device?\u00a0 If you have absolutely no visibility into what the device does or how it does it, you might want to choose another vendor, or as mentioned, at least isolate the device on a whitelisted network.To put it simply, knowing is\u00a0half the battle.\u00a0For too long users have blindly plugged devices into any network available without ever even dreaming of the consequences. (I mean, honestly, who would have ever dreamed an aquarium thermometer could be the source of a breach.)\u00a0 But those days are long gone.\u00a0 I\u2019m willing to bet you have networked printers, monitored security cameras, and possibly even more network-connected devices.\u00a0 It\u2019s time to do a review and get those devices secured and managed.