IoT devices are acquired and used by many customers: individuals, companies, government agencies, educational institutions, and other organizations.
Unfortunately, IoT devices often lack device capabilities that customers can use to help mitigate their cybersecurity risks, such as the functionality customers routinely expect their desktop and laptop computers, smartphones, tablets, and other IT devices to have.
Consequently, IoT device customers may have to select, implement, and manage additional or new cybersecurity controls or alter the controls they already have. Compounding this task, customers may not know they need to alter their existing
processes to accommodate the unique characteristics of IoT. The result is many IoT devices are not secured in the face of evolving threats; therefore, attackers can more easily compromise IoT devices and use them to harm device customers and conduct additional nefarious acts (e.g., distributed denial of service [DDoS] attacks) against other organizations.