Whyn you think about cybersecurity, you might have the stereotype hacker in your mind: hoodie, lurking in the dark in front of a computer. On the victim’s side, similarly, you might think of someone clicking a phishing link and watching in horror as their accounts starts emptying.
This is not how cybersecurity – and cyber attacks – work. In fact, if you look around your house or office, you’ll be surprised which of your devices are the most risky. Spoiler: It’s not your computer.
Starting in 2020, Forescout Research – Vedere Labs began its tracking of the riskiest devices within networks. This led to the release of two significant reports: the inaugural Enterprise of Things Security Report in 2020 and the subsequent Riskiest Connected Devices in Enterprise Networks report in 2022. Over the years, those reports observed a consistent presence of certain device types on these lists, such as IP cameras, VoIP equipment, and Network Attached Storage devices (NAS). Their risk stems from either their inherent criticality or the unfortunate neglect from security teams and developers. However, the ever-evolving threat landscape also influences the risk levels of other devices.
What are the connected devices with the highest risk profile in 2023?
The reports mentioned above pinpoint the top five riskiest device types across four distinct categories: IT, IoT, OT, and IoMT.
| IT | IoT | OT | IoMT | |
| 1 | Computer | Network attached storage (NAS) | Uninterruptible power supply (UPS) | Healthcare workstation |
| 2 | Server | Printer | Programmable logic controller (PLC) | Imaging |
| 3 | Router | IP camera | Engineering workstation | Nuclear medicine system |
| 4 | VPN gateway | Out-of-band management (OOBM) | Building automation | Blood glucose monitor |
| 5 | Security appliance | VoIP | Remote terminal unit (RTU) | Patient monitor |
Of course, the IoMT category contains some devices most people do not have at home or in their office, but there are interesting details about the other devices which everyone running a home or small office network should consider.
Some more facts about the riskiest connected devices of 2023:
In the report, over 4,000 vulnerabilities that affect connected devices were identified, with varying distributions among different categories:
- IT devices are the most affected, accounting for 78% of the vulnerabilities.
- IoT devices are impacted by 14% of the vulnerabilities.
- OT devices are affected by 6% of the vulnerabilities.
- IoMT devices face 2% of the vulnerabilities.
Although the majority of vulnerabilities are found in IT devices, nearly 80% of them are “only” classified as high severity. On the other hand, IoMT devices have fewer vulnerabilities overall, but a striking 80% of them are critical, which can lead to complete device takeover. Additionally, more than half of the vulnerabilities affecting OT and IoT devices are classified as critical.
Across all industries, at least 10% of devices equipped with endpoint protection have it disabled. This percentage is most pronounced in the government and financial services sectors, both having nearly 24% of devices with endpoint protection deactivated, followed closely by healthcare at 21%.
Healthcare emerges as the riskiest industry in 2023, followed by retail and manufacturing. Devices in the healthcare industry are more prone to having dangerous ports like Telnet, SSH, and RDP open. Specifically, close to 10% of healthcare devices still have Telnet ports accessible, a considerably higher percentage compared to other industries (3-4%).
The government sector exhibits the highest risk reduction observed between 2022 and 2023. However, indicators of compromise (IOCs), such as known malicious IPs and domains, were most frequently detected in government environments (63% of IOCs), with healthcare (19%) and financial services (8%) trailing behind.
The Top 5 dangerous devices in your home
What does that mean for your home or small office network? Some devices in the table above do not come as a surprise. You probably knew that your computer was vulnerable, and since a NAS is a full-fledged computer as well, its inclusion seems logical as well.
IP cameras, on the other hand, are not real computers, are they? In fact, IP cameras have been one of the biggest dangers in IoT devices in the past and today. Besides the fact that they often record and stream images not everyone would like to see public, IP cameras are often unsecured and unpatched. One of the reasons might be the strong competition in that particular market, which leads to low prices where every investment in security will significantly decrease the vendor’s margin. When selecting a connected camera, therefore, a low price should not be your highest priority.
More surprisingly, printers are also on the list of the five most dangerous devices. A printer cannot be that harmful, could it? Today’s printers, especially those with a network connection (wired or wireless) are different. The problems mentioned above are similar for printers: outdated software, high competition in market sensitive to pricing. Hackers know that, too, and often use printers as their entry point to networks.
Last, but not least, consider your router. This is your gateway to the public internet – and hence the devices which is attacked first. Luckily, manufacturers are mostly aware of this, too. Todays’ routers are far away from the security nightmares with unsecured Wifi-Access and easy-to-guess administrative passwords they have been in the past. Nevertheless, make sure that your security measures are active and the firmware is up to date.
Looking Beyond the Rankings: Safeguarding Your Attack Surface
Looking beyond mere rankings, risk evaluation encompasses more than just the likelihood of attacks; it also factors in elements such as criticality. As a result, the list of riskiest devices may not perfectly align with those that face the most attacks. Nevertheless, be aware that several of the identified riskiest devices will indeed be targeted by attackers. Specifically, IT network infrastructure devices like routers, security appliances, and VPN gateways, along with NAS in IoT, are showing signs of increasing popularity among attackers.
Beyond these specific recommendations, the heightened risk profiles of diverse devices emphasize the need to embrace innovative security approaches in today’s evolving threat landscape. Identifying and reducing risk necessitates comprehensive coverage across all device categories. Solutions that cater only to specific devices prove inadequate in reducing risk as they remain oblivious to potential threats from other parts of the network. For instance, solutions exclusively tailored for OT or IoMT cannot assess risk for IT devices, and IT-only solutions overlook the nuances of specialized devices.
In addition to risk assessment, risk mitigation strategies should rely on automated controls that extend beyond security agents and apply holistically across the entire enterprise, rather than being confined to silos like the IT network, OT network, or specific types of IoT devices. A unified and inclusive approach to risk management becomes imperative in safeguarding the organization from the evolving threat landscape.