A new study conducted by asset security company Forescout is revealing the most risky pieces of technology commonly found within the enterprise. 

“The device has evolved from a pure asset to a reliable, sophisticated, intelligent platform for communications and services, driving a transformation in the relationship between devices, people, and networks,” said Elisa Costante, VP of threat research at Forescout. “We analyze millions of data points to publish the Riskiest Connected Devices report to integrate important threat context into how organizations use different devices and to redefine what it means to connect and interact securely.”

The results are divided across four categories: IT, IoT, operational technology (OT), and Internet of Medical Things (IoMT).

The report found that overall IT devices contain the most vulnerabilities, with endpoints such as servers, computers, and hypervisors posing the greatest risk. These remain high-risk because they’re typically not patched as often as they should be, Forescout explained.

Network infrastructure devices, such as routers and wireless access points, also pose a risk because they have open ports and are often exposed online. 

IoT devices have the highest persistent risk, with the number of devices with vulnerabilities jumping by 136% since last year. The riskiest IoT devices are NAS, VoIP, IP cameras, and printers. Network Video Recorders, which store recorded videos from IP cameras, also made the list this year for the first time. 

The riskiest OT devices include Programmable Logic Controllers (PLC), Distributed Control Systems (DCS), Uninterruptible Power Supplies (UPS), and Building Management Systems (BMS).

And finally the riskiest IoMT devices used in healthcare included Medical Information Systems, Electrocardiographs, DICOM workstations, Picture Archiving and Communication Systems (PACS), and Medication Dispensing Systems. 

“Modern risk and exposure management must include devices in every category, to identify, prioritize and reduce risk across the whole organization. Beyond risk assessment, risk mitigation should use automated controls that don’t rely only on security agents and also apply to the whole enterprise instead of silos like the IT network, the OT network, or specific types of IoT devices,” said Costante.

You may also like…