In a survey conducted by SANS, IT managers said their biggest concerns with Internet-connected devices related to smart buildings, industrial control systems, medical devices and consumer devices.
"The use of embedded computing in those devices, versus layered operating systems and applications in PCs and servers that IT is accustomed to managing and securing, will cause major breakage in existing IT management and IT security visibility," Pescatore said.
4. The IoT will enable physical and physiological damage
While online threats mainly affect data, in an IoT world there will be physical and physiological risks as well, said Michael Sutton, vice president of security research at Zscaler.
Hackers have already shown how IP-enabled insulin pumps, glucose monitors and pacemakers can be compromised to cause physiological damage to the wearer of such devices. Attacks like those enabled by Stuxnet show how physical equipment can be damaged via cyberattacks.
With the IoT, such attacks will also be possible against such products as cars, smart heating, ventilation and air conditioning systems, Web-enabled photocopiers, printers and scanners and virtually every other device with an IP address. The only reason that attackers haven't gone after such devices already in a major way is because there is so much other low-hanging fruit to attack, Sutton said.
In many cases, the bad guys won't even need software or hardware flaws to compromise a device. One of the biggest dangers companies will face in a world where everything has an IP address is configuration errors, Sutton said. Many of the devices that companies allow on their networks, like IP-enabled printers, photocopiers and webcams, will be put online with default settings that allow almost anyone with web access to take control.
5. The IoT will create a new supply chain
In a majority of cases, enterprises will have to either rely on device manufacturers for patching, firmware and operating system support or find a way to support the technologies on their own. Many of the devices that connect to the enterprise network in the not-too-distant future will be from companies that traditional IT security organizations are not familiar with.
"Like BYOD, traditional enterprises will need to adapt to developing policy and systems that integrate with and potentially manage many more devices than IT has ever worked with before," said Jason Hart, CEO of Identiv, a vendor of device authentication and identity management technologies.
"In addition to employees bringing new enabled devices into the physical and virtual work places, traditional non-connected devices, from a coffee machine to new ergonomic chairs, will place new workloads on IT support and information security," Hart said.
The vendors that will succeed in an IoT environment are those that can help enterprises manage the complex interdependencies there will be between new IP-enabled devices and the enterprise network, said Chris Yapp, a fellow of the British Computer Society and an independent security consultant.
Sign up for CIO Asia eNewsletters.