I try to avoid \u201cbuzz words\u201d and jargon; information security is complex enough without them. The security industry is overrun with companies that intend to confuse you with marketing bullet points, wrapped up as new concepts and trends, in the hopes that you will cut them a check. Meanwhile, you are the one that will bear the ultimate responsibility for risks they know you don\u2019t understand.\nThis is a game I refuse to play. I think it\u2019s possible to carefully communicate security risks associated with new technologies and trends without intentionally confusing the issue. The so-called \u201cInternet of Things\u201d is the one of the latest buzz words being used by vendors and service providers. It\u2019s a relatively simple concept, yet represents a set of serious security concerns for your business.\nThe Internet of Things (or, IoT) is a blanket term used to describe all of the technology that is being deployed in homes and businesses. That is, technology that isn\u2019t normally considered part of traditional IT infrastructure -- things your IT staff already manage, like computers, mobile devices, network equipment, etc. These new devices connect to the public Internet and communicate in ways that make them \u201csmarter\u201d. They include security cameras, climate control, inventory logistics, power meters, and even \u201csmart beds\u201d in hospitals.\nWhile the improvements in efficiency and cost savings that IoT devices can bring to a business cannot be ignored, it\u2019s important to understand the risks associated with \u201csmart\u201d devices. Despite being physically located on your premises, many IoT devices are managed \u201cin the cloud\u201d, meaning that the device communicates with an external entity (probably the vendor) across the public Internet, and that you (or your IT staff) manage and interact with it using a web browser or mobile application that also connects to this external entity. This opens up the attack surface (ways in which a cybercriminal can attack you) for both your network and the data you\u2019re trying to protect.\nThe IoT industry is quickly growing. To stay competitive, IoT vendors are developing new products rapidly, and are often not spending the time and resources necessary to develop secure software that runs on these devices. It can be difficult to design and develop a secure embedded device, especially one that requires so much connectivity. IoT devices are often \u201copaque\u201d as well, meaning that your IT staff, however talented and experienced they are, may not have insight into how it works, nor have the ability to change its configuration in any useful way with regards to security.\nThe teams of hackers that we employ for network penetration tests have identified vulnerabilities in many of these devices on almost every single client we have tested over the past year (a sharp increase over previous years). Mitigating these vulnerabilities requires designing your network to limit connectivity between IoT devices and sensitive systems and data.\nCybercriminals understand the Internet of Things all too well. The largest network denial of service attacks in history occurred in recent months, and the systems used to carry out these attacks were not powerful servers. These attacks were carried out by criminals that controlled thousands of network connected security cameras that they had hacked. Traditional network security monitoring solutions may not identify the latest IoT attacks, especially if you\u2019re not constantly updating those monitoring systems with information on the vulnerabilities associated with your specific IoT devices.\nMy advice is to take advantage of new technologies that can help you become more efficient and profitable, but to only do so when you\u2019ve carefully addressed the risk. Actively test your network for vulnerabilities, and monitor for intrusions by cybercriminals. See to it that you\u2019re protected, and look forward to my future columns on other issues in cyber security.