What are the riskiest connected devices right now?
By 2028, connected Internet of Things (IoT) devices will expand to over 25 billion. Yet, today’s connected devices are raising the stakes for assessing risk and managing cybersecurity. They have significantly expanded the attack surface creating new challenges and vulnerabilities.
The need for accurate, rapid information from systems across every industry is essential for business operations. From the electric power grid to electrocardiograms, connected devices monitor our health, report changes in conditions or trigger automated actions.
Robots on assembly lines. IP cameras monitoring the physical security of nuclear power plants. Wireless access points and routers in offices, cafes and airports. Medical devices in hospitals. They help improve business outcomes and streamline efficiencies. Everything is connected and serves a purpose.
Business purpose, however, does not replace the need for secure and safe experiences. In fact, we see a proliferation of special purpose operating systems (OS) – in the range of 2,500 across all vertical industries. As valuable as each one of these OSes is to its industry, managing the security of them can be a nightmare.
You do not need to look much further than some of the latest ransomware attacks in healthcare and in critical infrastructure to understand how connected assets are principal door openings for bad actors.
Our latest research is a deep dive on the riskiest device categories by technology and within industry verticals — with a global perspective. This is our fourth annual report on asset risk. We have been tracking connected device risk for the last five years in our customer data lake which includes 19 million devices.
Riskiest connected devices: What has changed in 2024?
There are certain device and system categories that always land on our annual report. Programmable logic controllers. VoIP equipment. They are here again because these technologies are either inherently insecure or because security configurations are simply ignored.
We have identified the five riskiest device types in four device categories: IT, IoT, OT and IoMT — for a total of 20 device types. Out of these 20 types, 11 were included in the 2023 report and remain on the list. Nine device types are new: wireless access points, hypervisors, NVRs, robotics — and every device in the IoMT category.
Out of these nine, four were included in the 2022 list and returned while four are completely new: NVR, robotics, medical information systems, electrocardiographs and medication dispensing systems.
Here are some key takeaways for 2024:
- IoT has become even riskier — increasing by a whopping 136%
- IT-centric devices are the riskiest category
- Network devices are now topping endpoints
- Within OT, industrial robots are an emerging risky-device area to watch
- Our data isolated several risky Internet of Medical Things devices including:
- Medical information systems
- Electrocardiographs
- DICOM workstations
- Picture archiving and communication system (PACS)
For the complete picture, including a breakdown of riskiest devices by vertical industry and by global region, access the full report.
Every organization needs high quality asset intelligence to reduce and manage risk. Because attackers use connected devices as entry points for malicious activity, it is paramount for security teams to understand the risk of everything on the network including unmanaged assets.
Our previous research, R4IoT, examined the next generation of ransomware. The need for R4IoT emerged from observing the growth and diversity of IoT, IoMT and OT devices connected to corporate IT networks. These devices expand the attack surface and the risk posture in nearly every business that deals with IT/OT convergence and the rise of supply chain vulnerabilities. Today, there are over 1,100 ransomware kits attackers can use to extort organizations. In 2023, ransomware attacks grew by 73% — with 4,611 total cases, according to the SANS Institute.
What’s behind our riskiest connected devices: A risk scoring methodology
To measure risk, we use a multifactor risk scoring methodology which is calculated based on three factors: Configuration, behavior and function.
- Configuration is the number and severity of vulnerabilities on a device, plus the quantity and criticality of open ports.
- Behavior tracks inbound and outbound malicious traffic to devices and inbound internet traffic towards the devices.
- Function is the potential impact to the organization if a device is compromised.
Each device is assigned a risk score between one and 10. After measuring the risk of each individual device, we calculate averages per type of device to understand which types are the riskiest.
For this report, we analyzed device data in Forescout’s Device Cloud between January 1 and April 30, 2024. Device Cloud is one of the world’s largest repositories of connected enterprise device data. It includes IT, OT, IoT and IoMT data. The anonymized data is collected from our customer deployments and contains information from nearly 19 million devices – and grows monthly.