Weak Entry Points
Poorly secured IoT devices on a corporate network with known, or easily guessed, passwords and passcodes are the perfect entry point for cyber criminals. If the device is a router or other kind of control or network device, then it's even better for criminals because they can modify the firewall and network services to their nefarious ends. And even if the IoT device is deemed a risk-free endpoint, for example an Internet-connected fridge, there are potential exploits because Internet-connected white goods still have susceptible functions such as sending emails.
So corporate IT departments, and consumer users, need to lock down their IoT devices, including locking down admin rights and changing default passwords, adding in as much complexity as possible. Organizations may also want to consider putting IoT devices on a firewalled, and possibly non-routable, network.