In a recent penetration test against a 500-person manufacturing company, the path from external to domain admin ran through a misconfigured Hikvision camera on the factory floor. The camera had its default password. It was reachable from the corporate network. IT didn't know it existed. This is not unusual.
The Scale of the Problem
The average enterprise has 3-5x more IoT devices than managed endpoints. Most were deployed without security review, never get firmware updates, and have no monitoring agent. Network segmentation — putting IoT devices on isolated VLANs with strict egress rules — is the single highest-leverage control. Claroty, Armis, and Forescout all do reasonable IoT discovery and monitoring. None of them solve the firmware problem.