Riskiest Connected Devices in Corporate Networks Revealed: Forescout Vedere Labs
AAutomated cybersecurity firm Forescout’ Vedere Labs has unveiled research into the most risky computing, IoT, OT and IoMT devices on enterprise networks, including what it says reveals what makes devices so risky and how mitigate the cyber risks associated with them.
According to Forescout, the growing number and diversity of connected devices in every industry presents new challenges for organizations to understand and manage the risks they are exposed to – and most organizations now host a combination of computing, OT and IoT devices. interconnected in their networks which increased their attack surface.
Forescout notes that according to a recent report by the Ponemon Institute, 65% of organizations surveyed say IoT/OT devices are one of the least secure parts of their networks, while 50% say attacks against these devices have increased – and security practitioners 88% of these organizations have IoT devices connected to the Internet, 56% have OT devices connected to the Internet and 51% have the OT network connected to the computer network.
Forescout warns that threat actors are well aware of these trends.
“Forescout recently reported how ransomware groups began to massively target devices such as NAS, VoIP and hypervisors. Unsurprisingly, most of these devices were among the riskiest identified in the 2020 report. Enterprise Object Security Reportsays Forescout.
“Many of the device types seen among the riskiest in 2020 remain on the list, such as networking equipment, VoIP, IP cameras, and programmable logic controllers (PLCs). However, new entries such as hypervisors and human-machine interfaces (HMIs) are representative of trends, including critical vulnerabilities and increased OT connectivity.”
Forescout lists the riskiest connected devices of 2022:
Using Forescout’s scoring methodology, Vedere Labs identified the top five riskiest devices across four device categories: IT, IoT, OT, and IoMT.
- THIS: Router, computer, server, wireless access point and hypervisor
- IoT: IP camera, VoIP, videoconference, ATM and printer
- TO: PLC, HMI, uninterruptible power supply (UPS), environmental monitoring and building automation controller
- IoMT: DICOM workstation, nuclear medicine system, imaging, picture archiving and communication system (PACS) and patient monitor
“For an analysis of what makes these devices so risky and their breakdown by industry (financial, government, healthcare, manufacturing and retail) and geography (Americas, Asia-Pacific, Europe and Middle East, Turkey and Africa) , read the full report,” says Forescout.
On how organizations can mitigate risk, Daniel Dos Santos, Head of Security Research at Forescout’s Vedere Labs says “We saw two recurring themes in the Vedere Labs research, which this report reinforces.
“First, attack surfaces are expanding rapidly due to the growing number of devices connected to corporate networks, and second, threat actors are increasingly able to exploit these devices to achieve their goals.
“Unfortunately, the attack surface now encompasses IT, IoT and OT in almost every organization around the world, with the addition of IoMT in healthcare. defenses on risky devices in one category, as attackers will leverage devices from different categories to carry out attacks. Vedere Labs has demonstrated this with R4IoTdemonstrating how an attack that starts with an IP camera (IoT), can move to a workstation (IT) and disable the automation (OT)”, concludes dos Santos.
Forescout says it advises organizations to undertake a proper risk assessment to understand how their attack surface is developing – and granular classification information, including device type, vendor, model and version. firmware, are necessary for an accurate evaluation.
“Once this assessment is complete, organizations need to mitigate risk with automated controls that don’t rely on security guards and apply across the enterprise, instead of silos like the IT network, network OT or specific types of IoT devices,” warns Forescout.
“Once the risk assessment is complete, organizations need to mitigate risk with automated controls that don’t rely solely on security officers and apply across the enterprise, instead of silos like the computer network, the OT network or specific types of IoT devices
” Prospecting Continuum enables these types of controls by accelerating the design and deployment of dynamic network segmentation in the digital field while policy enforcement automation enabling countermeasures to mitigate threats, incidents and compliance gaps.
“To understand what makes the most risky connected devices so risky. Then strive total visibility know how many are connecting to your digital field so you can secure your attacking surface.”