Recent research has shown that large-scale Internet of Things (IoT)-based load altering attacks can have a serious impact on power grid operations such as causing unsafe frequency excursions and destabilizing the grid's control loops. In this work, we present an analytical framework to investigate the impact of IoT-based static/dynamic load altering attacks (S/DLAAs) on the power grid's dynamic response. Existing work on this topic has mainly relied on numerical simulations and, to date, there is no analytical framework to identify the victim nodes from which that attacker can launch the most impactful attacks. To address these shortcomings, we use results from second-order dynamical systems to analyze the power grid frequency control loop under S/DLAAs. We use parametric sensitivity of the system's eigensolutions to identify victim nodes that correspond to the least-effort destabilizing DLAAs. Further, to analyze the SLAAs, we present closed-form expression for the system's frequency response in terms of the attacker's inputs, helping us characterize the minimum load change required to cause unsafe frequency excursions. Using these results, we formulate the defense against S/DLAAs as a linear programming problem in which we determine the minimum amount of load that needs to be secured at the victim nodes to ensure system safety/stability. Extensive simulations conducted using benchmark IEEE-bus systems validate the accuracy and efficacy of our approach.