The Hidden Security Crisis: Why Your IoT Devices Are Handing Attackers the Keys to Your Network

Take the recent case where the Akira ransomware group successfully deployed ransomware across a corporate network after their initial Windows-based attack was blocked by Endpoint Detection and Response (EDR) software. Instead of giving up, the attackers pivoted to an unsecured IP webcam on the same network. The webcam had several critical vulnerabilities, including remote shell capabilities and was running a lightweight Linux operating system that supported command execution. From this compromised camera, Akira mounted Windows SMB network shares of the company’s other devices and launched their Linux encryptor to encrypt files across the victim’s network.

This isn’t an isolated incident. Cybersecurity firm S-RM reported that Akira accounted for 15% of the ransomware incidents they responded to in 2024, and security researchers are seeing a troubling pattern where cybercriminals use Internet of Things (IoT) devices as stepping stones into corporate networks. What’s worse? Most organizations have no idea how many connected devices are on their networks, let alone how to secure them.

This expanded ecosystem is referred to as “extended IoT” or xIoT—everything from smart thermostats and security cameras to industrial sensors and medical devices. While IT departments have spent decades learning how to secure computers and servers, xIoT represents largely uncharted territory where the old playbook doesn’t work.

Why IT Security Rules Don’t Apply to IoT

Walk into any IT department and you’ll find established processes for managing computers. Every laptop gets antivirus software, regular patches, and EDR (Endpoint Detection and Response) agents. User accounts connect to Active Directory. Backups run nightly. Someone owns each system and knows its current security status.

Now ask that same IT team about the smart conference room displays, WiFi-connected printers, or building automation controllers spread throughout their facilities. You’ll likely get blank stares.

The fundamental problem is that IoT devices weren’t designed with IT security principles in mind. Here’s what makes them different:

IT systems typically run Windows, Mac, or Linux with standardized security features. They receive regular updates, support encryption, and can run security software. IoT devices often use custom firmware that’s rarely updated, communicate over unencrypted protocols, and lack basic security controls.

IT systems connect to managed networks with clear access policies. IoT devices often join guest networks or use their own cellular connections, bypassing security controls entirely.

IT systems have clear owners in the IT department. IoT devices might be purchased by facilities management, installed by contractors, or deployed by individual departments without IT involvement.

This creates a perfect storm where vulnerable devices sit on corporate networks with minimal oversight or protection.

How Hackers Exploit the IoT-to-IT Highway

The real danger isn’t just that individual IoT devices get hacked—it’s how attackers use them as launching pads for bigger attacks. Modern networks are interconnected, and a compromised smart speaker can provide access to the file servers sitting on the same network.

Here’s how these attacks typically unfold:

The Easy Entry Point: Attackers scan for IoT devices with default passwords, known vulnerabilities, or weak security configurations. A single device provides network access.

Reconnaissance Phase: Once inside, attackers use the compromised device to map the network, identify valuable targets, and look for ways to move laterally to IT systems.

Credential Theft: Many IoT devices store network credentials, certificates, or authentication tokens that attackers can extract and use to access other systems.

Persistent Access: IoT devices make excellent backdoors because they’re rarely monitored or updated, allowing attackers to maintain long-term access even after cleaning up other traces. 

The Akira attack demonstrates this perfectly—the webcam wasn’t protected by the same EDR software that had successfully blocked their Windows-based ransomware, creating an unmonitored pathway into the network.

Data Theft: With network access established, attackers pivot to high-value IT systems containing customer data, financial information, or intellectual property.

One security team told me they found attackers had compromised over 200 IP cameras across their facilities, using them to create a mesh network for moving stolen data without detection. The cameras had been invisible to their security tools for years.

Building Real-World xIoT Security

Securing extended IoT requires a different approach than traditional IT security. You can’t just install antivirus software and call it done. Here’s what actually works:

Know What You Have

Most organizations severely underestimate their IoT footprint. Start with network discovery tools that can identify and classify connected devices automatically. Don’t rely on IT procurement records—IoT devices have a way of appearing through facilities management, individual departments, or even employees bringing personal devices to work.

Create a living inventory that tracks each device’s manufacturer, model, firmware version, network location, and business purpose. The challenge is to safely discover and assess the devices, which requires taking extra precautions. Traditional security tools and vulnerability scanners can be too aggressive and were not designed with xIoT device types in mind. 

Phosphorus was designed specifically for these devices and safely discovers and quickly identifies them in a safe manner. The asset inventory needs to be updated continuously as devices come and go, Phosphorus helps you do this with ease. 

Lock Down Network Access

Network segmentation is your best friend for IoT security. Create separate network zones for IoT devices and strictly control what they can communicate with. A smart thermostat doesn’t need access to your customer database.

Use firewalls to block unnecessary communication between IoT and IT networks. Implement monitoring to detect when devices try to communicate outside their expected patterns—this often indicates compromise.

Clean Up the Authentication Mess

Default passwords are IoT security enemy number one. Many devices ship with credentials like “admin/admin” or have backdoor accounts for technical support. Change every default password and use unique, complex credentials for each device. Rotate passwords regularly.

Where possible, move beyond passwords entirely. Certificate-based authentication is more secure and easier to manage at scale. Some organizations are having success with network access control systems that authenticate devices based on their digital certificates. One of the challenges here is to do this at scale. In traditional IT environments, there are ways to manage large numbers of devices, but in xIoT environments, that hasn’t been the case until now. Although Phosphorus does not offer certificate authentication, it can address these challenges and make it easy to manage a large xIoT environment, including certificate management on some devices. 

Manage the Lifecycle

Unlike computers that get replaced every few years, IoT devices often run for decades with minimal maintenance. This creates huge security gaps when vendors stop releasing updates.

Establish policies for tracking device support lifecycles and replacing devices that no longer receive security updates. Create procedures for securely disposing of old devices as many contain sensitive configuration data or credentials.

Monitor Behavior

Traditional security tools often miss IoT device compromises because they focus on file-based malware and user activities. IoT attacks typically involve network communications and protocol abuse that standard tools don’t detect.

Implement monitoring tools specifically designed for IoT environments that can baseline normal device behavior and alert on anomalies. Look for tools that understand IoT protocols and detect when devices start communicating unexpectedly. Phosphorus can be used to discover devices, which can be added to monitoring solutions that monitor for suspicious activity. 

Plan for Incidents

When an IoT device gets compromised, you need to act quickly to prevent lateral movement. Develop incident response procedures that include rapid device isolation, forensic data collection, and assessment of potential IT system impact. 

Practice these procedures regularly—many organizations discover during real incidents that they can’t easily isolate IoT devices or don’t understand how they connect to other systems.

Making xIoT and IT Security Work Together

The biggest mistake organizations make is treating IoT and IT security as separate problems. Attackers don’t respect these boundaries, and neither should your security strategy.

Build security teams with expertise across both domains. Train IT staff on IoT security challenges and ensure IoT specialists understand how their devices connect to broader IT infrastructure.

Integrate IoT security events into your security operations center. Correlate IoT alerts with IT security events to detect multi-stage attacks that span both environments.

Most importantly, include IoT considerations in your overall risk assessment process. A vulnerability in a building automation system might seem minor until you realize it provides access to the same network as your financial systems.

The Bottom Line

Extended IoT security isn’t just about protecting individual devices—it’s about preventing them from becoming the weak link that compromises your entire IT infrastructure. As organizations deploy more connected devices and attackers become more sophisticated at exploiting them, the stakes continue to rise.

The companies that get ahead of this trend will build integrated security strategies that protect both their traditional IT assets and their growing ecosystem of connected devices. Those that don’t may find themselves explaining to customers and regulators how a compromised printer led to a major data breach.

How many IoT devices are on your network right now, and do you have any idea how secure they are? If you want an easier, more scalable, and cost-effective way of managing your connected device security posture, consider implementing Phosphorus in your organization. 

Take action today. Request a demo at phosphorus.io

If you enjoyed this article, check out this article Identifying Banned Chinese Devices in Your Environment.