Forbes Technology Council Members Outline Steps to Reduce Cyber Risks on Connected Devices

Members of the Forbes Technology Council have outlined steps to reduce cyber risks across connected devices and services. The recommendations focus on everyday exposures that can accumulate when devices, platforms, and services are added without sufficient oversight.

Christy Wyatt of Absolute stated that organizations should continuously verify whether security controls remain operational, noting that agents can fail silently and configurations can drift. She added that self-healing automation is needed as AI accelerates attacks.

Anil Pantangi of Capgemini America Inc. said shadow APIs that link legacy systems to new AI agents are often overlooked. He recommended automated discovery and schema validation at the edge, along with zero-trust treatment of internal connections.

Seemant Sehgal of BreachLock Inc. said both businesses and consumers remain unprepared for AI-enabled threats and called for faster, automatically deployed patches once exposures are confirmed. Margarita Simonova of ILoveMyQA advised turning off unneeded data sharing on smart devices and deleting accounts for devices no longer in use.

Kiran Bhujle of SVAM International Inc. said machine-to-machine API calls often operate on inherited trust with little oversight. He recommended extending zero-trust authentication to every device connection. Dima Gutzeit of LeapXpert stated that work moving into messaging platforms such as WhatsApp, Signal, and WeChat creates an attack surface without enterprise protections.

He suggested extending governance and monitoring to these channels.

Diptamay Sanyal of Crowdstrike said default credentials on IoT devices remain a common risk because many devices cannot be patched. He recommended credential rotation and firmware validation before any device joins a network. Govinda Rao Banothu of Cognizant Technology Solutions said unsecured firmware in IoT devices can be exploited at scale.

He advised automatic firmware updates and network-level isolation to limit exposure. Matthew Polega of Mark43 recommended placing IoT devices on a dedicated VLAN at work and on a guest Wi-Fi network at home to keep them separate from core systems.

Natasha Bryan of AlphaRidge said identity sprawl expands access paths that are rarely governed consistently. She recommended centralized identity management and continuous access reviews. Kathleen Erickson of Holland America Line said stronger access controls are needed as AI-driven social engineering becomes more sophisticated.

Fletcher Keister of GTT Communications, Inc. said enterprises should assign distinct identities to AI agents and limit their permissions to required systems. Judit Sharon of OnPage Corporation said organizations should treat cybersecurity as an ongoing process with regular reviews of configurations and connected systems.

Steve Carter of Nucleus Security said the gap between AI attackers and organizational response times requires automated remediation of high-risk exposures. Mark Vena of SmartTech Research said forgotten connected devices such as old routers and cameras often retain weak security.

He recommended changing default passwords, updating firmware, isolating devices, and removing unused equipment. Craig Hamill of Chicago Metropolitan Agency for Planning said opportunistic attacks target ordinary connected devices and home networks. He advised enabling multifactor authentication, keeping devices updated, and removing unused accounts.