Too late to change?
But even if we ensure IoT devices are manufactured with cybersecurity safeguards from now on, there are already billions of routers, Hello Barbie toys and remote home control tools from vendors like Nest (nest.com).
Just days before the October 2016 takedown of backbone provider Dyn, research warned half a million IoT devices were vulnerable to botnets like the notorious Mirai which has CISO's sweating bullets.
"Manufacturers of connected devices should be providing the means to upgrade software and firmware regularly," Destiny Bertucci of SolarWinds says. "Also they should ensure security is built in from the outset to combat new security vulnerabilities, and users should make sure they're actioning them."
In a world where IoT devices and their flaws already surround us, the only resource disgruntled consumers might have available to them will be the law.
Paul Gordon, senior associate of Adelaide firm NDA Law, specialises in technology cases, and to him, it will take 'significant backlash' before anything changes.
"The laws will need to change not only to be more protective of individual privacy, but also to raise the expectations on manufacturers and operators of new technologies to be more mindful of regulations," he says.
But to Robin Schmitt, Australian GM of Neustar, a provider of real time information services, the only possible way is up.
"As IoT evolves, collaborating openly and adopting standards and certifications will strengthen the industry as a whole," he says.
Schmitt points to the EU's developing framework for better regulation of connected devices, including the drafting of legislation around the time of the Dyn DDoS attack.
"[It] would include a certification system notifying consumers of the level of security of their device," he says."
And while the National Plan to fight Cybercrime adopted by the Australian government doesn't mention IoT devices specifically, Schmitt says it's been listed as one of the next priorities in the government's cybersecurity strategy.
All of which isn't to say there aren't already standards and credentials the industry itself is touting. The enterprise arm of US mobile provider Verizon has a service offering security credentials between users and products, one which provides a standard making the tracking of and fixing vulnerabilities easier.
But in the absence of any formal framework which applies to your industry, Bertucci of SolarWinds thinks we should approach IoT with the same policy-based approach we would any security risk.
"Policies and procedures need to be strategised now, before the first device even enters the door," she says. "In fact it's likely the first connected device is already in the organisation and the IT team just doesn't know about it yet."
Drew Turney is a freelance technology journalist