In November, 2016, Armis Security announced that approximately 20 million Amazon Echo and Google Home devices were vulnerable to attacks by a malevolent exploit called BlueBorne. This announcement was coordinated with Amazon and Google, which had released patches to fix the IoT vulnerability issue on their respective devices. However, this disclosure shows how elusive and difficult it is to keep smart devices from being prone to attack. After all, if Amazon and Google are having a tough time given all of their resources, what chance do smaller IoT vendors have when making their smart devices safe against attacks by hackers intent on breaking into the devices, controlling them, stealing information, and possibly even spying on individuals? As the IoT continues to evolve, a countless number of smart devices are being exposed to zero-day attacks, new attack methods, and known and unknown vulnerabilities. Securing IoT devices is challenging due to size, memory, processing power, and other factors. Securing IoT devices is a responsibility of vendors, developers, and users, all of whom should be educated about security and its impact if ignored. Vendors and developers in particular should design and implement their IoT offerings with device security in mind and provide ways to apply security updates in a simple way. Because the controls required to secure a smart device might exceed a vendor’s core competencies, smart device makers should team up with vendors whose proven security solutions can make their devices air-tight against cyber attacks.