A recent massive IoT-fueled DDoS attack made clear that internet of things (IoT) devices pose a huge security threat. Many of these devices are being purchased and approved far away from IT or the CISOs team. Train all employees in all departments what constitutes an IoT device. Require that IT or CISO’s office approve all of them, without exception. This kind of change has to come from the CEO or, at the very least, the CFO, who does ultimately control the approval.”]
Source: https://www.csoonline.com/article/3130161/let-s-get-serious-about-iot-security.html