Gartner predicts that over the next two years more than half of IoT manufacturers won’t be able to contain weak authentication methods, which can pose a data risk. It is also estimate that by the year 2020, more than 25% of identified enterprise attacks will involve IoT, though IoT will account for only 10% of IT security budgets. Security experts according to this article, mentioned that last April they projected security spending on IoT will approach $350M this year, that is almost a 24% increase from last year, but this may not be enough, experts say.
With proper measurements and security tactics we could work things out. A recent Forbes article covered the topic of IoT security, advocating “strict regulatory standards,” the need to “enhance security while simplifying compliance” and implementing “an end-to-end approach that integrates both IT and operations technology (OT).”
Authentication
Devices which must authenticate against other systems (generally in order to access or transmit data) should be configured to do so securely, such as with unique IDs and passwords. It may also be possible to implement encryption (SSH) keys to provide device identity to permit it to authenticate against other systems (securing the keys themselves is obviously a critical priority for this model to work). Examples of IoT devices with this capability can include closed-circuit TV (CCTV) or DVR devices and satellite antenna equipment.
In other instances, device SSL certificates can be issued during the manufacturing process or added later to establish device identity and facilitate the authentication process. When it comes to device updates (software and firmware, for instance) authentication should be employed where possible to ensure these can retrieve code only from approved systems, such as internal servers or authorized devices.
Depending on your IoT devices, researching and implementing the capabilities above (if not already) present would be a good first step in security.
Here is the rest of the article: http://www.techrepublic.com/article/how-to-secure-your-iot-devices-from-botnets-and-other-threats/?ftag=TRE684d531&bhid=27250068933112925186573856412477
I think regulatory standards would help with proprietary IoT devices that are sold and distributed by common manufacturers, however there are millions of devices developed using open-source software. For example, anyone can buy a RaspberryPi and download some common open source application code from github and connect the device to the internet.