IoT footprints have outgrown the security models most enterprises built for them, with 21 billion connected devices and roughly half of IoT-to-IT connections classified as high-risk. The operational challenge is that many devices have long support tails and default credentials that rarely get rotated. This guide explains the inventory and segmentation work that strengthens IoT security without slowing the operational teams that depend on the devices.
Key Points
- 48% of IoT-to-IT connections come from high-risk devices, and roughly 21% of IoT devices carry at least one known vulnerability.
- Most organizations underestimate IoT device counts, and therefore their attack surface, by an order of magnitude on the first pass.
- Shadow IoT, the devices deployed outside IT by other business units, is the typical source of unmanaged risk in enterprise environments.
- Network-based intrusion detection works well for embedded devices that can’t run agents, watching device behavior at gateways and segmented choke points. Even a single compromised sensor can still delay a product launch, corrupt routing, or trigger a safety shutdown, which is why segmentation and monitoring matter. That’s the real IoT (Internet of Things) risk: business processes chained to devices that weren’t designed for today’s threat tempo.
IoT Analytics estimates 21.1 billion connected IoT devices globally this year, up 14% year over year. Palo Alto Networks adds a tougher operational detail: 48.2% of IoT-to-IT connections come from high-risk IoT devices, and roughly 21% of IoT devices carry at least one known vulnerability.
Basic security measures still work, prove identity, segment by blast radius, patch what you can, monitor the rest, but execution must fit devices with long support tails and default credentials that never die.
Industry-Specific Use Cases: Expanding Opportunity, Expanding Risk
IoT adoption spans nearly every industry, driven by automation, telemetry, and real-time decision-making, but each environment introduces different security risks:
- Healthcare: IoT devices in healthcare, wearables, remote monitors, and networked clinical equipment, extend care beyond the hospital, but they also handle regulated patient data and influence treatment decisions. We typically treat them as high-consequence assets, with strict identity, patching, and change-control requirements, plus clear ownership between clinical engineering, IT, and security.
- Manufacturing: IoT sensors keep lines running and reduce unplanned downtime, but a single compromised gateway can halt a plant or expose proprietary process data. That’s why we usually treat production networks as high-consequence zones with stricter segmentation and change control.
- Logistics: Connected trackers and environmental sensors give end-to-end shipment visibility, yet a compromised device or platform can falsify routes, hide theft, or disrupt just-in-time operations. In practice, we focus on securing gateways, standardizing device onboarding, and defining who owns incident response when a logistics partner’s device behaves abnormally.
- Automotive: Connected vehicles and telematics platforms generate valuable operational and usage data, but they also create paths into safety-critical systems if not properly isolated. We advise separating infotainment and telematics from control networks, enforcing strong update and signing policies, and clarifying accountability across OEMs, Tier-1 suppliers, and software vendors.
- Retail: In-store IoT, cameras, beacons, smart shelves, and POS-adjacent devices, improves customer experience and operations, but weak segmentation can expose payment environments and customer data. We generally group retail IoT into tightly controlled network zones, require vendor-hardening baselines, and document who can deploy or modify devices across store fleets.
Step One: Map Your Full IoT Footprint
A critical first step in strengthening IoT security is understanding what you actually have. IoT devices can often be deployed by teams outside of IT, operations, marketing, or facilities, creating an ecosystem of unmanaged, “shadow” devices that evade standard controls.
Maintaining an accurate, up-to-date inventory of all connected devices is essential. This inventory should capture:
- Device type and purpose
- Operating system and firmware versions
- Network access patterns
- Associated data flows
Untracked devices are a leading cause of vulnerabilities exploited in distributed denial-of-service (DDoS) attacks and data breaches. A full audit enables risk assessment and sets the foundation for governance.
Most organizations underestimate IoT device counts by an order of magnitude on the first pass. Expect surprises. The goal of your first inventory is enough visibility to prioritize risk.
Managing Third-Party Exposure
IoT risk doesn’t just come from inside your organization. Vendors, suppliers, and service providers can bring in risk through the devices they install, the updates they push, or the people they send onsite. To reduce that third-party risk, have vendors complete a security assessment before you onboard them, give their users and devices access only through the same Zero Trust controls you use internally, and make sure contracts spell out clear expectations for breach notification and coordinated incident response.
Build a Cybersecurity Playbook for IoT
Even the best policies fall short without execution. A policy binder won’t save you during a live incident. A short, practiced playbook might. Aim for something a plant manager and a security lead can run together.
Define who owns which IoT devices. Classify systems by consequence. Document containment steps per segment. Establish escalation paths with vendors. Decide how to recover: rekey, rebuild, replace, or isolate. Make decisions about downtime explicit, especially for critical infrastructure and OT systems.
Run tabletop exercises that include engineering, operations, facilities, and legal. IoT incidents cross those boundaries fast.
Your Next Steps: Don’t Assume You’re Secure
Many organizations assume that if they haven’t suffered an IoT breach, their controls are working. That assumption is dangerous. The better approach is to assume exposure and take proactive steps to reduce it.

By making IoT security an integral part of your broader security strategy, you reduce your risk profile, protect customer data, and support operational continuity.
Final Thoughts
Every new IoT deployment promises efficiency. Security should promise resilience: fewer outages, fewer breaches, faster recovery, and more predictable risk.
The numbers support urgency, yet the winning strategy still looks refreshingly familiar: inventory, segmentation, access controls, monitoring, and disciplined vendor management.
A stronger IoT security posture protects your ability to operate, ship, bill, and maintain customer trust.


