And a case in point
http://www.theregister.co.uk/2016/03/30/router_infecting_malware_gets_remastered/
provides a good example of a specific vulnerabilities Goodman sees in the IOT.
I'm not very -- actually not at all -- au courant with IT. The days (Today-45 years and counting) when I could code in machine language by punching the binary indicators/switches on the panel of a Naval Tactical Data System 642B are long gone. However, while I may have difficulty figuring out where I am at any given moment, I fancy I still, in the words of the salesmen's song from "The Music Man" have a feel for the territory.
My take is that we are in deep kimchi.
For marketing and competitive advantages, technology providers require that users allow them to load hundreds of programs and God alone knows how many lines of executable code. This is code that in most cases cannot be readily removed by the average user; code that if can be disabled can be reenabled by other system functions, and that regardless of user preferences runs unobserved and unattended in the background.
Every one of these is a mechanism for system failure, and a vector for potential malware attack and infection Marketing and support practices appear deliberately designed to obscure and deny users access to information to enable them to clean up their systems.
Those who govern, in their lust for unfettered hoovering every iota of data on everyone have been fully complicit by establishing policies that restrict user access to and impede development and use of technology that might allow end users to protect themselves.
I see no practical defense against the cyber threat under these conditions.