{"id":3968,"date":"2024-06-10T16:26:59","date_gmt":"2024-06-10T21:26:59","guid":{"rendered":"https:\/\/www.darkreading.com\/cyber-risk\/riskiest-connected-devices-2024"},"modified":"2024-06-10T16:26:59","modified_gmt":"2024-06-10T21:26:59","slug":"a-look-at-the-riskiest-connected-devices-of-2024","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/06\/10\/a-look-at-the-riskiest-connected-devices-of-2024\/","title":{"rendered":"A Look at the Riskiest Connected Devices of 2024"},"content":{"rendered":"
<\/a><\/div>\n
<\/div>\n

For nearly every organization, the cyberattack threat landscape is made up of a mix of IT, Internet of Things (IoT), and operational technology (OT) like HVAC systems, offering plenty of “ways in” for cyber threat actors. Plus, the medical field has its own specialized set of IoT equipment, extending the targeting options for would-be bad guys even further.<\/span><\/p>\n

To help organizations assess where danger might be lurking this modern, complex device landscape, Forescout Research\u2013Vedere Labs examined nearly 19 million devices to determine which categories represent the greatest risk to organizations. The findings are based on the potential for misconfiguration, the number of vulnerabilities found, exposure to the Internet, and the potential impact to an organization in the case of compromise.<\/span><\/p>\n

Baseline data points include the fact that IT devices still account for most vulnerabilities (58%), but that the category is down from 78% in 2023. <\/span>IoT vulnerabilities,<\/a><\/span> however, were up a whopping 136%, increasing the percentage of known bugs from 14% last year to 33% today.<\/span><\/p>\n

Overall, the most vulnerable device types are: wireless access points (WAPs), routers, <\/span>printers<\/a><\/span>, voice-over-IP (VoIP) devices, and IP cameras. The most-exposed unmanaged gear includes VoIP devices, networking infrastructure, and printers.<\/span><\/p>\n

Meanwhile, the top three riskiest verticals are: technology, education, and <\/span>manufacturing<\/a><\/span>. Healthcare had the biggest decline in risky devices for 2024, but the most-problematic devices in the <\/span>Internet of Medical Things (IoMT)<\/a><\/span> are all new entries for this year, indicating that this is a swiftly changing landscape.<\/span><\/p>\n

Overall, it’s important to take a holistic view when risk-assessing one’s environment, according to Forescout.<\/span><\/p>\n

“It is not enough to focus defenses on risky devices in a single category since attackers can leverage devices of different categories to carry out attacks,” according to <\/span>Forescout’s report<\/a><\/span>, out today, which includes a proof-of-concept attack dubbed “R4IoT” that starts with an IP camera, moves to a workstation (IT), and disables programmable logic controllers (PLCs).<\/span><\/p>\n

 “Modern risk and exposure management must encompass devices in every category to identify, prioritize and reduce risk across the whole organization,” according to the firm. “Solutions that work only for specific devices cannot effectively reduce risk because they are blind to other parts of the network being leveraged for an attack.”<\/span><\/p>\n

Here’s a breakdown of 2024’s most-risky connected devices:<\/span><\/p>\n

IT Devices<\/h2>\n

IT endpoints have traditionally been the category most targeted by cyberattackers for initial access, but since the beginning of 2023, network infrastructure devices have outpaced endpoints in terms of riskiness, according to Forcepoint \u2014 largely due to increase in the number of vulnerabilities found and exploited in this category.<\/span><\/p>\n

\n