An IoT device is an internet-connected sensor, camera, appliance, controller, or similar embedded system. These devices often run lightweight software, have limited memory and logging, and may be difficult to patch or monitor. Because they are built for convenience and automation, security controls are sometimes minimal compared with laptops or servers.
IoT devices matter in cyber security because attackers can use them as easy entry points or as launch pads for wider compromise. Common abuse includes default passwords, exposed management interfaces, outdated firmware, and weak network isolation. Once compromised, an IoT device may be recruited into a botnet, used for scanning, or moved through as part of lateral movement. Defenders reduce risk with strong authentication, firmware updates, device inventory, network segmentation, and traffic monitoring to catch unusual outbound connections or repeated login attempts.