The growing number and diversity of connected devices in every industry presents new challenges for organizations to understand and manage the risks they are exposed to. Most organizations now host a combination of interconnected computing, OT, and IoT devices in their networks, which has increased their attack surface.
According to a recent report from the Ponemon Institute, 65% of organizations surveyed say IoT/OT devices are one of the least secure parts of their networks, while 50% say attacks against these devices have increased. IT and IT security practitioners in 88% of these organizations have IoT devices connected to the internet, 56% have OT devices connected to the internet, and 51% have the OT network connected to the IT network.
Threat actors are well aware of these trends. We recently reported how ransomware groups started massively targeting devices such as NAS, VoIP and hypervisors. Unsurprisingly, most of these devices were among the riskiest we identified in the 2020 Enterprise Thing Security Report.
In this blog post and our full report, we update our findings from two years ago by analyzing millions of devices in Forescout’s Device Cloud using the new Multifactor Risk Scoring Methodology. of the Forescout Continuum platform, described below.
Many of the device types seen among the riskiest in 2020 remain on the list, such as networking equipment, VoIP, IP cameras, and programmable logic controllers (PLCs). However, new entries such as hypervisors and human-machine interfaces (HMIs) are representative of trends, including critical vulnerabilities and increased OT connectivity.
Quantify the cybersecurity risk of devices
To get a representative dataset of the current landscape of devices in enterprise networks, we analyzed device data between January 1 and April 30 in Forescout’s Device Cloud, one of the world’s largest repositories of data from connected enterprise devices including IT, OT, IoT and IoMT. The anonymized data comes from Forescout customer deployments and contains information on nearly 19 million devices, a number that is growing every day.
To measure risk on this dataset, we rely on Forescout’s Multi-Factor Risk Scoring Methodology, in which a device’s risk is calculated based on three factors: configuration, function, and behavior.
- Configuration takes into account the number and severity of vulnerabilities on the device as well as the number and criticality of open ports.
- Function considers the potential impact to the organization if the device is compromised.
- Behaviour takes into account the reputation of the device’s incoming and outgoing connections, as well as its exposure to the Internet.
After measuring the risk of each individual device, we calculate averages by device type to understand which types are the most risky.
The most risky connected devices in 2022
Using the dataset and scoring methodology described above, we identified the top five riskiest devices across four device categories: IT, IoT, OT, and IoMT.
|1||Router||ip camera||Programmable logic controller (PLC)||DICOM workstation|
|2||computer||VoIP||Human Machine Interface (HMI)||Nuclear medicine system|
|3||Waiter||Video conference||Uninterruptible power supply (UPS)||Imaging|
|4||wireless access point||AT M||Environmental monitoring||Picture Archiving and Communication System (PACS)|
|5||Hypervisor||Printer||building automation controller||patient monitor|
For an analysis of what makes these devices so risky and their breakdown by industry (finance, government, healthcare, manufacturing, and retail) and geography (Americas; Asia-Pacific; Europe; and Middle East, Turkey, and Africa) , read the full report .
Takeaways and Mitigation Recommendations
Two recurring themes in recent Vedere Labs research have been the growing attack surface due to the greater number of devices connected to corporate networks and how hackers exploit these devices to achieve their goals.
The attack surface now encompasses IT, IoT, and OT in nearly every organization, with the addition of IoMT in healthcare. It is not enough to focus defenses on risky devices in one category, as attackers can take advantage of devices in different categories to carry out attacks. We demonstrated this with R4IoT, an attack that starts with an IP camera (IoT), moves to a workstation (IT) and disables PLCs (OT).
You need a proper risk assessment to understand how your attack surface is developing. However, assessing device risk is not easy. For example, to determine whether a device is vulnerable or not, granular classification information is needed, such as device type, vendor, model, and firmware version.
As an example, consider some of the advisories issued by HP in response to Ripple20 vulnerabilities. First, HP offers several versions of its Integrated Lights Out (iLO) out-of-band controllers, at least one confirmed vulnerable (v2) and one confirmed not vulnerable (v5). Simply classifying a device as an “out of band controller” (function) or as an “HP iLO” (vendor and model) is not specific enough to determine if that device is vulnerable: we also need the version of the model. Second, some HP printers are also vulnerable, but they receive automatic firmware updates, so determining if a printer is vulnerable depends on the vendor, model, and a firmware version which may change automatically with an update not planned.
The Forescout Continuum platform solves the problem of risk assessment by continuously discovering, classifying, and granularly assessing devices without active agents or techniques that could compromise business operations.
Once you understand your attack surface, you need to mitigate risk with automated controls that don’t rely solely on security guards and apply across the enterprise, instead of silos like the IT network, OT network, or specific types of IoT devices.
Forescout Continuum enables these types of controls by accelerating the design and deployment of dynamic network segmentation in the digital field while automating policy enforcement by enabling countermeasures to mitigate threats, incidents, and compliance gaps .
Understand what makes the most risky connected devices so risky. Then strive to have full visibility into how many people are connecting to your digital terrain so you can secure your attack surface.
The post The Most Risky Connected Devices in Enterprise Networks appeared first on Forescout.
*** This is a Forescout Security Bloggers Network syndicated blog written by Vedere Labs. Read the original post at: https://www.forescout.com/blog/the-riskiest-connected-devices-in-enterprise-networks/