Enterprise IoT device counts are growing explosively, yet most devices have weak security design. This article provides a practical IoT security management framework to help organizations effectively reduce risk.
According to Gartner forecasts, the global count of connected IoT devices surpassed 30 billion in 2025. Enterprises are facing the challenge of rapidly expanding IoT device deployments: factory sensors and PLCs, hospital medical devices, office IP cameras and smart access control systems, retail POS terminals and digital signage — all connecting to enterprise networks at an unprecedented pace.
The problem is that the security design of IoT devices often lags far behind IT devices. Many vendors prioritize time-to-market and cost reduction, with security as an afterthought. This creates a paradox: the devices that are hardest to protect often have the most direct physical access (cameras, access control) or the most sensitive data (medical monitors, industrial sensors).
The 2021 Oldsmar water treatment plant cyberattack and the 2023 IoT intrusion at a Taiwanese semiconductor manufacturer's supplier clearly demonstrate that IoT security is not optional — it is a critical component of enterprise security.
Large numbers of IoT devices ship with identical default credentials (such as admin/admin or root/1234), while IT departments often fail to include these devices in password management policies. The Shodan search engine can easily find tens of thousands of Taiwanese enterprise devices exposed on the internet still using default credentials.
Many IoT devices have poorly designed update mechanisms, or vendors have stopped providing security patches (End of Life). Once a vulnerability is discovered, these devices remain exposed to risk until replaced. In budget-constrained SME environments, replacement cycles often span 5–10 years.
Some IoT devices still use plaintext protocols such as Telnet, HTTP, and FTP for management and data transfer, or use known weak algorithms (such as MD5 or RC4). An attacker only needs to perform packet capture on the network to obtain complete management credentials and business data.
The first step in IoT security management is knowing what is on the network. This sounds simple, but in practice it is often the biggest challenge. Shadow IT is particularly severe in the IoT domain, as department heads frequently purchase and connect smart devices without notifying IT.
Effective asset inventory methods include:
The asset inventory should include: device name and model, firmware version, management interface location, business function, risk level, and responsible owner. This inventory is the foundation for all subsequent IoT security work.
Network segmentation is one of the most effective technical controls for IoT security. The core principle: even if an IoT device is compromised, it should be unable to perform lateral movement to the enterprise core network.
Cameras, sensors, printers, HVAC — only necessary management traffic allowed, lateral communication prohibited.
Servers, workstations, ERP, AD — traffic from the IoT zone is strictly limited.
Guest WiFi and contractor devices, completely isolated from all internal networks.
Define strict access control policies (ACLs) on the NGFW for each zone, and set a "Default Deny" rule: only explicitly required traffic is allowed, all other communication is blocked.
Healthcare IoT security (commonly referred to as IoMT, Internet of Medical Things) faces even more severe challenges than typical enterprise environments:
Hexion recommends that healthcare institutions adopt a "device micro-segmentation" approach: establish individual virtual firewall rules for each high-risk medical device, allowing the device to communicate only with its corresponding Hospital Information System (HIS), with all direct connections to other devices or the internet completely prohibited.
Even with good segmentation and access controls in place, IoT devices may still be used as a pivot point for launching attacks. Anomaly behavior detection is the key mechanism for identifying already-compromised devices.
IoT device behavior is typically highly predictable: an IP camera should only communicate with its NVR (Network Video Recorder); a temperature and humidity sensor should only send data back to a fixed collection server. Any activity that deviates from this "normal behavior baseline" should trigger an alert, such as:
Modern NGFW behavioral baseline capabilities can automatically learn the normal communication patterns of each IoT device and immediately alert and isolate when anomalies are detected, without requiring manually defined rules for each case.
Contact Hexion Networks for a tailored security assessment and solution designed for your organization.