The first edition of The Enterprise of Things Security Report by Forescout looks into the top-ten riskiest IoT devices in 2020. In the study, Forescout Research Labs undertook a study within the greater cybersecurity industry to assess the risk posture of more than eight million devices deployed across five verticals: financial services; government; healthcare; manufacturing and retail.

The riskiest devices include smart buildings, medical devices, networking equipment and voice over internet protocol (VoIP) phones. Alongside this, Windows workstations continue to represent a major risk to organisations with more than 30% of managed devices in manufacturing and more than 35% in healthcare are running recently unsupported versions of Windows.

Using carefully-defined metrics and data from the Forescout Device Cloud, Forescout has identified points of risk inherent to device type, industry sector and cybersecurity policies. These findings have been translated into data-informed recommendations to help cybersecurity and risk stakeholders mitigate and remediate these identified points of risk.

“Organisational leaders are starting to understand the inherent cyber risks that IoT devices pose; however, there are many questions around which devices pose the highest risk,” Forescout regional director Rohan Langdon says.

“Knowing the potential risk is critical in helping organisations identify which devices to proactively take action on or potentially block from the network.

“Cyber risk modelling, such as that made possible by Forescout’s Device Cloud data lake, provides boards and executives with a way to know where the highest risk is as well as benchmark against their peers.”

The data shows which devices are most likely to be compromised and exploited, helping security teams focus on key areas according to threat. The devices identified are:

1. Physical access control solutions
2. HVAC systems
3. Network cameras
4. Programmable logic controllers
5. Radiotherapy systems
6. Out-of-band controllers
7. Radiology workstations
8. Picture archiving and communication systems
9. Wireless access points
10. Network management cards

Rohan says that the number and diversity of connected devices in virtually every industry has presented new challenges for all organisations and indirectly make every business leader a cybersecurity stakeholder.

“Part of reducing this risk is applying security controls and tools that can help identify and automate controls,” he says.

“This includes: having device visibility across the network; accelerating the design, planning and deployment of dynamic network segmentation; enhancing endpoint manageability; automating and enforcing policy-based control; and highlighting operational technology IoT exposure by continuously and passively discovering, classifying and monitoring network-connected OT and IoT devices.”