Are IoT devices a security risk?

In the world of IoT(Internet of Things) devices it is common for security to take the back seat. IoT brings the luxury of convenience to everyone's life allowing them to focus on other things that may be more important at the moment. If they are such a vital instrument in the day-to-day life of many people then why is security the last thing that matters?

It is no secret that until recently security has not truly been a topic that most people would add to their top ten list of must-discussed topics. This is also true with IoT devices. Leaving this topic to last has opened a breeding ground for them to become security risks, from weak password protections to insecure interfaces, and insufficient data protection users have left themselves open to attackers.

When a user gets a new IoT device typically they are more interested in all of the cool things that it can do than making sure to change any of the default passwords that are associated to it. These passwords that the devices are shipped with are very easy for attackers to break and gain access to the device and the data that it holds. This may cause a very common chicken and egg conversation of what should come first then changing the device password or setting it up. The answer is fairly simple. The default password has its moment during that initial setup to reduce possible troubleshooting needed if something goes wrong, but it should not be in place for much longer after that.

Now we can't put all of the blame on the users that are using the devices. The creators of these devices must adhere to the security standards that are in place for these devices. If they are not built secure by design then it is possible that an attacker can use those vulnerabilities as a way to compromise the device and once they have access there is no telling where they can continue to go. It is important that the quickness of innovation does not cause the destruction of our security.