IoT devices from video conferencing systems to IP cameras are among the five riskiest IoT devices connected to networks, according to research highlighted by Forescout’s cybersecurity research arm, Vedere Labs.
The company identified recurring themes in their recent research, highlighting the growing attack surface due to more devices being connected to enterprise networks, and how threat actors are able to leverage these devices to achieve their goals.
“IP cameras, VoIP and video-conferencing systems are the riskiest IoT devices because they are commonly exposed on the internet, and there is a long history of threat actor activity targeting them,” The Forescout report said.
The attack surface now encompasses IT, IoT and OT in almost every organization, with the addition of IoMT in healthcare. Organizations must be aware of risky devices across all categories. Forescout recommends that automated controls are implement and that companies do not rely on siloed security in the IT network, OT network or for specific types of IoT devices.
This latest research provides an update to the company’s findings from 2020 in which networking equipment, VoIP, IP cameras and programmable logic controllers (PLCs) were listed and remain among the riskiest devices across IT, IoT, OT and IoMT in 2022.
However, new entries such as hypervisors and human machine interfaces (HMIs) are representative of trends including critical vulnerabilities and increased OT connectivity.
Vedere Labs analyzed device data between January 1 and April 30 in Forescout’s Device Cloud. The anonymized data comes from Forescout customer deployments and contains information about almost 19 million devices – a number that grows daily, according to the company.
The overall risk of a device was calculated based on three factors: configuration, function and behavior.
After measuring the risk of each individual device, Vedered Labs calculated averages per device type to understand which are the riskiest.