Today's IoT Devices are not secure enough. IoT device connected with medical equipment, connected with smart miter, connected with human body so it can be track on the air/on the wire.
Next get attack can be more sophisticated because it may penetrate IoT devices on the air/on the wire..This advanced IoT device should use some encryption while transferring data on the air/on the wire. Similar fashion VPN did.
Let's be honest, IoT device implementations are not secure enough. Most device RTOSs have security features like TLS available, and items like the removal of default credentials are still required (unless you are in California!) The scary thing about IoT is numbers, the same basic hygiene as applies to any other system will go a HUGE way in protecting them, and the systems to which they are connected. More advanced solutions can use more advanced features, but they come down to same basic ideas. Don't expose services you don't need, and authenticate/authorize all communications. Beyond that you are mostly looking at lifecycle management and ease of operations.