In partnership with

👋 Welcome to Unlocked

This week, we’re looking at a cybersecurity blind spot hiding in plain sight — the devices that surround us every day. From office printers and conference cameras to smart lighting and thermostats, the modern workplace is now a network of connected endpoints.

The problem? Many of these devices were designed for convenience, not security. And attackers know it.

According to Microsoft and the Ponemon Institute’s State of IoT and OT Cybersecurity in the Enterprise report, 88% of organizations have IoT devices connected to the internet, and 56% have OT systems online. Even more concerning, 51% say their OT network is directly linked to the corporate IT network, dramatically expanding the attack surface.

Let’s unpack why the smallest device in your environment could become your biggest risk.

🌟 Exclusive Offer from Our Sponsor

Free, private email that puts your privacy first

A private inbox doesn’t have to come with a price tag—or a catch. Proton Mail’s free plan gives you the privacy and security you expect, without selling your data or showing you ads.

Built by scientists and privacy advocates, Proton Mail uses end-to-end encryption to keep your conversations secure. No scanning. No targeting. No creepy promotions.

With Proton, you’re not the product — you’re in control.

Start for free. Upgrade anytime. Stay private always.

Get free private email

🖨️ When “Smart” Becomes a Security Liability

We don’t often think of printers as computers — but that’s exactly what they are.

Printers, scanners, and multifunction devices often store data locally, connect via Wi-Fi, and interact with internal systems. When left unpatched or misconfigured, they become open gateways.

A compromised printer can:

  • Store and leak scanned documents.

  • Be used to pivot into internal networks.

  • Serve as a command-and-control hub for malware.

According to HP Wolf Security’s 2025 Threat Report, over 60% of organizations experienced at least one printer-related security incident in the past year. Smart signage, cameras, and even connected HVAC systems have been exploited in similar ways — often through weak default credentials or outdated firmware.

Takeaway: Treat every device with network access as a potential endpoint — because that’s exactly what it is.

🌐 The Expanding IoT Attack Surface

IoT adoption has accelerated faster than most security teams can keep up.

Microsoft’s research found that 60% of IT professionals consider IoT and OT devices the least secure part of their infrastructure, and 44% have experienced a cyber incident involving one or more of these devices.

The reasons are familiar:

  • Default credentials never changed.

  • Unpatched vulnerabilities left open for months.

  • Lack of visibility — many IT teams don’t even know all devices that exist on their network.

Meanwhile, attackers are using automated scanning tools to find exposed IoT endpoints across the internet in minutes. Once compromised, devices can be turned into entry points or bots in massive distributed denial-of-service (DDoS) networks.

(See: Microsoft – The State of IoT and OT Cybersecurity in the Enterprise (Ponemon Report))

🔍 From Smart Homes to Hybrid Offices

As work-from-home and hybrid setups become the norm, the corporate attack surface doesn’t stop at the office door. Employees’ home routers, smart TVs, and even voice assistants can create new risks for enterprise data.

According to Check Point’s 2025 Security Report, remote work–related IoT attacks increased by over 35% in the past year, as threat actors exploited poorly secured home networks used for business operations.

Devices like smart plugs and personal webcams can become pivot points for attackers to move laterally from home systems into VPN-connected corporate environments.

Pro tip: Security awareness training should now include home IoT hygiene. IT can’t control every thermostat or Alexa, but it can teach employees how to segment networks, disable unused services, and apply firmware updates regularly.

🚨 Real-World Incidents: When Smart Tech Turns Against You

The risks aren’t theoretical — they’re happening right now.

  • Casino Fish Tank Breach (2018): Hackers infiltrated a casino’s high-roller database through a connected fish tank thermometer (CNN).

  • Smart Camera Botnets: IoT botnets like Mirai continue to evolve, exploiting weak passwords on cameras and DVRs to launch global DDoS attacks (Cloudflare).

  • Healthcare IoT Breaches: Medical device vulnerabilities — from infusion pumps to connected imaging systems — have led to regulatory scrutiny and life-critical risks (CISA Medical Device Cybersecurity Guidance).

These examples underscore a single truth: IoT security isn’t just IT’s problem — it’s an organizational imperative.

(See: Cloudflare – Understanding Mirai and Modern Botnets)

🧠 Why IoT Security Is So Hard

Securing IoT and smart devices isn’t just a technical problem — it’s an architectural one.

Unlike traditional IT systems, many IoT devices:

  • Have limited processing power, making encryption and monitoring difficult.

  • Run on proprietary firmware that can’t be easily updated.

  • Are deployed by departments outside IT, bypassing standard governance.

And because these devices are often “set and forget,” they linger in environments for years — long after their security support ends.

That’s why experts now advocate for a Zero Trust approach to IoT: verify every connection, authenticate every device, and assume every endpoint is potentially compromised.

(See: CISA Zero Trust Maturity Model)

🧩 Lessons for CISOs and IT Managers

CISOs can’t secure what they can’t see. Building visibility into IoT networks is the foundation for defense.

Key steps to start today:

  • Inventory and segment IoT devices — know what’s on your network and isolate non-essential ones.

  • Apply access controls and monitoring — treat IoT like any other endpoint.

  • Use encrypted communication — ensure data between devices isn’t exposed.

  • Plan for lifecycle management — replace unsupported devices proactively.

(See also: InfoSecurity: Strengthening Protection Across Systems and Organizations)

💡 Unlocked Tip of the Week

Take 15 minutes this week to audit your “invisible” network. Check your router logs or endpoint management console and look for devices you don’t recognize.

If you find one you can’t identify — disconnect it first, investigate later.

📊 Poll of the Week

🙋 Author Spotlight

Meet Ethan Cole

Ethan Cole is a Senior Security Engineer with more than a decade of experience building secure SaaS products and protecting cloud-native infrastructure. He specializes in identity and access management, anomaly detection, and secure deployment pipelines — helping product teams bake threat modeling and privacy-first design into everyday engineering work. When he’s not reviewing alert triage playbooks, he’s mentoring junior engineers, contributing to open-source tooling for secure CI/CD, and experimenting with home lab automation.

Wrapping Up

The rise of IoT and smart devices has blurred the lines between convenience and vulnerability.

What used to be “IT’s problem” is now everyone’s — from facilities teams managing smart lighting to marketing teams using digital signage. Each connected device represents not just an innovation, but an obligation to secure it.

The takeaway is simple: if it connects, it’s part of your attack surface.

Stay alert. Stay patched. And remember — even the printer can be a hacker’s favorite backdoor.

Until next time,

The Everykey Team

Share the newsletter

Check out last week’s edition of Unlocked

Keep Reading

No posts found

© 2025 Everykey Inc.

Privacy policy

Terms of use

Powered by beehiiv