SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Top 10 riskiest IoT devices for enterprises, according to Forescout
Mon, 29th Jun 2020
FYI, this story is more than a year old

Internet of things (IoT) technologies are becoming more popular as businesses look for unique and successful ways to capture and utilise data.

However, according to Forescout, IoT devices exist in every vertical, can be hard to monitor and control, and can present risk to modern organisations both as entry points into vulnerable networks or as final targets of specialised malware.

Essentially, IoT devices can become attack vectors for hackers to gain access to enterprise networks, and recent Forescout research shows businesses need to be aware of this and put adequate security measures in place.

In Forescout's The Enterprise of Things Security Report, the company identified the 10 riskiest IoT devices for 2020.

In the study, Forescout Research Labs assessed the risk posture of more than eight million devices deployed across five verticals: financial services, government, healthcare, manufacturing and retail.

The data illustrates which devices in the cyber-physical realm are most likely to be compromised and exploited, helping security teams focus on key areas according to threat.

The devices identified are:

  1. Physical access control solutions
  2. HVAC systems
  3. Network cameras
  4. Programmable logic controllers
  5. Radiotherapy systems
  6. Out-of-band controllers
  7. Radiology workstations
  8. Picture archiving and communication systems
  9. Wireless access points
  10. Network management cards

Within this the report found the riskiest device groups include smart buildings, medical devices, networking equipment and Voice over Internet Protocol (VoIP) phones.

The device types posing the highest level of risk are those within physical access control systems. These devices are ubiquitous and literally open the doors to the physical world, bridging the gap between the cyber and physical realms, Forescout states.

According to the data sample, physical access control solutions are the systems at highest risk due to the presence of many critical open ports, a lot of connectivity with risky devices, and the presence of known vulnerabilities.

Other top 10 riskiest device types include medical devices and networking equipment. These devices, especially medical devices, have enormous potential impact if compromised, and frequently have critical open ports that expose dangerous services on the network, the researchers find.

Windows workstations continue to represent a major risk to organisations. More than 30% of managed Windows devices in manufacturing and more than 35% in healthcare are running recently unsupported versions of Windows.

Additionally, almost 30% of managed Windows devices in financial services are running operating systems that are not patched against the BlueKeep vulnerability.

Commonly exploited network services are spread out across industry verticals. Almost 10% of devices in government have default Telnet port 23 open, and almost 12% have default FTP ports 20 or 21 open, the research found.

In financial services, government and healthcare, close to 20% of devices have default SMB port 445 open and close to 12% have default RDP port 3389 open.

These services leave devices open to attacks from automated threats, such as botnets and ransomware, and advanced persistent threats (APTs).

Forescout regional director of Australia and New Zealand Rohan Langdon says, “Organisational leaders are starting to understand the inherent cyber risks that IoT devices pose; however, there are many questions around which devices pose the highest risk.

"Knowing the potential risk is critical in helping organisations identify which devices to proactively take action on or potentially block from the network.

“Cyber risk modelling, such as that made possible by Forescout's Device Cloud data lake, provides boards and executives with a way to know where the highest risk is as well as benchmark against their peers.

Langdon says, “The number and diversity of connected devices in virtually every industry vertical has presented new challenges for all organisations and indirectly made every business leader a cybersecurity stakeholder. Part of reducing this risk is applying security controls and tools that can help identify and automate controls.

“This includes: having device visibility across the network; accelerating the design, planning and deployment of dynamic network segmentation; enhancing endpoint manageability; automating and enforcing policy-based control; and highlighting operational technology IoT exposure by continuously and passively discovering, classifying, and monitoring network-connected OT and IoT devices.