Information security policies and controls are deployed in many organizations. Either for compliance or regulatory reasons or because there is an authentic concern in the organization regarding cyber-security risks, it is becoming more frequent for managers to consider security a matter of concern even from a strategic point of view. Nevertheless, it is very often that IoT devices are not considered in the scope of information systems security management leaving a door open to attackers. Actually, in many cases, many doors. IoT devices present many vulnerabilities and can increase the attack surface in the environment where they are deployed. There are many examples of this, from data stolen from a casino through a smart fish tank to IP camera, routers, printers, and vending machines used as bots for DDoS attacks. The target can be the IoT system itself, an adjacent network or a third party, in any case, the attack can remain undetected for a long period of time because these systems are not being monitored. This book gives examples from the past of IoT attack cases to use them as lessons and avoid making the same mistakes in the future.
