More than ever this year, attackers are crossing siloes to find entry points across the full spectrum of devices, operating systems, and embedded firmware. “The device has evolved from a pure asset to a reliable, sophisticated, intelligent platform for communications and services, driving a transformation in the relationship between devices, people, and networks,” said Elisa Costante, VP of threat research at Forescout.
The Forescout Technologies report, The Riskiest Connected Devices in 2024, identifies the five riskiest device types in four categories, IT, IoT, OT and IoMT.
Most risky: IT devices
IT devices, comprising of network infrastructure and endpoints are the most vulnerable at 58% despite being down from 78% in 2023.
Network infrastructure devices – routers and wireless access points – are often exposed online and have dangerous open ports. Endpoints – servers, computers and hypervisors – remain high-risk as entry points for phishing or because of unpatched systems and applications.
Persistent risk: IoT devices
IoT devices with vulnerabilities expanded by 136% since 2023.
The riskiest IoT devices include the most persistent suspects – NAS, VoIP, IP cameras and printers. These are commonly exposed on the internet and have been historically targeted by attackers. A new entrant in this category is the Network Video Recorder (NVR).
NVRs sit alongside IP cameras on a network to store recorded video. Like IP cameras, they are commonly found online and have significant vulnerabilities that cybercriminal botnets and APTs have exploited.
Ubiquitous and insecure: OT devices
The riskiest OT devices include the critical and insecure-by-design PLCs and DCSs. It also consists of the UPSs in many data centres with default credentials — and the ubiquitous, often invisible building automation systems.
Industrial robots are a new entrant in this category. Often used in logistics and military applications, robots are growing in use in industries like electronics and automotive manufacturing. Many robots share the same security challenges as other OT equipment, including outdated software, default credentials, and lax security postures.
Healthcare device security: IoMT devices
Forescout research suggests that healthcare organisations are closing ports by replacing remote management of devices from Telnet to SSH. Healthcare marked the highest decrease in open ports from 10% in 2023 to just 4% this year. The industry has also had the highest decline in RDP from 15% to just 6%.
Despite this good news, IoMT devices – the IT equipment used for healthcare like medical information systems and workstations – continue to pose a risk for the industry, especially in medication dispensing systems.
Medication dispensers have been known to be vulnerable for almost a decade, yet they represent the sixth most vulnerable device type overall and the second most in the category.
“Modern risk and exposure management must include devices in every category, to identify, prioritize and reduce risk across the whole organization. Beyond risk assessment, risk mitigation should use automated controls that don’t rely only on security agents and which also apply to the whole enterprise instead of silos like the IT network, the OT network, or specific types of IoT devices,” adds Costante.
Steps to reduce device risk are:
Upgrade, replace or isolate OT and IoMT devices running legacy operating systems known to have critical vulnerabilities.
Implement automated device compliance verification and enforcement to ensure non-compliant devices cannot connect to the network.
Improve network security efforts, including segmentation, to isolate common, exposed devices such as IP cameras and dangerous open ports such as Telnet.