The growing number and diversity of connected devices in every industry presents new challenges for organizations to understand and manage the risks they are exposed to. Most organizations now host a combination of interconnected computing, OT, and IoT devices in their networks, which has increased their attack surface.
A Ponemon Institute The study noted that 65% of organizations surveyed say IoT/OT devices are one of the least secure parts of their networks, while 50% say attacks against these devices have increased.
IT security practitioners in 88% of these organizations have IoT devices connected to the Internet, 56% have OT devices connected to the Internet, and 51% have the OT network connected to the IT network.
Threat actors are aware of these trends. Precursor recently reported how ransomware groups have started massively targeting devices such as NAS, VoIP and hypervisors. Unsurprisingly, most of these devices were among the riskiest identified in the 2020 Business Object Security Report.
Many of the device types seen among the riskiest in 2020 remain on the list, such as networking equipment, VoIP, IP cameras, and programmable logic controllers (PLCs). However, new entries such as hypervisors and human-machine interfaces (HMIs) are representative of trends, including critical vulnerabilities and increased OT connectivity.
The riskiest connected devices of 2022
Using Forescout’s scoring methodology, Vedere Labs identified the top five riskiest devices across four device categories: IT, IoT, OT, and IoMT.
- Computing: router, computer, server, wireless access point and hypervisor
- IoT: IP camera, VoIP, videoconference, ATM and printer
- OT: PLC, HMI, uninterruptible power supply (UPS), environmental monitoring and building automation controller
- IoMT: DICOM workstation, nuclear medicine system, imaging, picture archiving and communication system (PACS) and patient monitor
How Organizations Can Mitigate Risk
“We saw two recurring themes in Vedere Labs’ research, which this report reinforces,” said Daniel Dos SantosHead of Security Research at Vedere Labs of Forescout, noted two recurring themes: “First, attack surfaces are growing rapidly due to the growing number of devices connected to corporate networks, and second, threat are increasingly able to exploit these devices to achieve their goals.
“Unfortunately, the attack surface now encompasses IT, IoT and OT in almost every organization around the world, with the addition of IoMT in healthcare. defenses on risky devices in one category, as attackers will leverage devices from different categories to carry out attacks. Vedere Labs demonstrated this with R4IoT, demonstrating how an attack that begins with an IP (IoT) camera, can be move to a workstation (IT) and deactivate the automata (OT).
Daniel Dos Santos
What to do
Forescout advises organizations to undertake a proper risk assessment to understand how their attack surface is developing. Granular classification information, including device type, vendor, model, and firmware version, is needed for an accurate assessment.
Once this assessment is complete, organizations should mitigate risk with automated controls that are independent of security guards and apply across the enterprise, instead of silos like the IT network, OT network or specific types of IoT devices.
Once the risk assessment is complete, organizations need to mitigate risk with automated controls that don’t rely solely on security officers and apply across the enterprise, instead of silos like the network computer, the OT network or specific types of IoT devices.
Forescout Continuum enables these types of controls by accelerating the design and deployment of dynamic network segmentation in the digital field while automating policy enforcement by enabling countermeasures to mitigate threats, incidents, and compliance gaps .
Understand what makes the most risky connected devices so risky. Then strive to have full visibility into how many people are connecting to your digital terrain so you can secure your attack surface.