Cybersecurity experts have warned about IoT threats for years. But as the IoT security landscape continues to expand and evolve, so do the risks—making this a topic worth revisiting. While solutions to secure IoT devices exist, MSPs must stay immersed in understanding the constantly shifting threat landscape.
Closing the IoT security gap
Independent researcher Shiuaatali Badami told SmarterMSP.com that the threat shifted dramatically in 2026. Attackers now use automated AI tools to quickly identify and exploit unmanaged devices as entry points for lateral movement into corporate environments. “The biggest gap right now,” Badami says, “is that while MSPs have secured user laptops, these IoT devices remain a blind spot.”
Others agree, and the picture they paint is more complex than a simple perimeter problem.
Stanislav Kazanov, Head of GRC, Cybersecurity and Sustainability at Innowise, a global software development and IT services firm, says the threat has fundamentally shifted in what attackers are after. “The threat agents are not interested only in encryption ransomware,” he says. “Many are more concerned about getting the data extracted before anything else.” When hackers target an IoT device, he explains, the device itself is rarely the ultimate goal. “Once they have gained access to the IoT device, attackers move laterally using automated processes, something often missed by security’s automated systems — since their primary focus is on endpoints.” The example he gives is instructive: a compromised break room IP camera can become the launch point for reconnaissance directly into a corporate Active Directory or cloud environment.
Practical MSP actions
Sergey Matikaynen, Founder and CTO of GoGloby, an AI engineering and technology firm, frames the defensive response in terms that MSPs can act on immediately. For devices lacking built-in security, he recommends starting with a least-privilege model, combined with network segmentation and strong egress monitoring.
But the work doesn’t stop at configuration.
“There must be some baseline network understanding activity that could reveal any deviations related to volume of traffic, suspicious DNS activity, or unknown communication protocols,” Matikaynen says. He’s describing a broader shift many MSPs still face: moving beyond perimeter-only defense to continuous monitoring and limiting the impact of any compromised endpoint.
Kazanov takes a deeper dive offering architectural controls he considers indispensable. Zero-trust micro-segmentation tops his list, meaning separating all IoT devices and operational technology machinery into hard-blocked, non-routable VLANs. “Any IP camera connected to a network should only send audio and video data to specified recording devices,” he says. “It is impossible for an IP camera to communicate with a payroll server.” He also advocates for deploying edge firewalls with deep-packet inspection for IoT-specific protocols, and for behavioral whitelisting, establishing a baseline for every non-human network entity and automatically isolating any device that deviates from it. If an automated HVAC system tries to establish an SSH connection or conduct an IP address scan, the network should isolate it immediately.
His underlying principle is one for MSPs to remember: “A cybersecurity solution based on the integrity of a device’s OS or firmware fails at the architectural level. Implement security at the architectural level and assume all IoT and OT devices will be compromised at some point.”
Modernize security approach
Kazanov also flags a broader strategic shift that MSPs need to internalize on behalf of their SMB clients. He says “old-school approaches based solely on backups no longer work. Businesses need cybersecurity strategies built on governance, combining telemetry, behavior analysis, approval mechanisms, and network segmentation.” Treat IoT as a governance challenge—not edge infrastructure—by adopting a dedicated strategy that includes continuous asset inventory, restricted outbound access, disabled unnecessary remote interfaces, and monitoring east-west traffic, not just inbound threats.
Taking a proactive, resilient approach
The numbers make the resilience case impossible to ignore. One in three data breaches now involves an IoT device. Industrial IoT attacks have increased 75 percent over the past two years. Edge devices and VPNs now serve as the top initial access vector. MSPs must assume some IoT devices will be compromised and build a resilient strategy that prevents lateral movement.
For MSPs, client conversations drive the outcome. An IoT compromise in 2026 goes beyond data theft. IoT attacks can disrupt physical operations, manufacturing processes, environmental controls, and workplace safety systems. The stakes are no longer just digital.
Photo: Migma__Agency / Shutterstock
