With the world focused on bringing employees and customers back into shared physical spaces safely, back-to-work solutions like thermal imaging have become the go-to strategies for many reopening organizations.
However, since many back-to-work solutions utilize IoT Smart Spaces technology, a number of new components likely need to be installed in order to reap the maximum benefits. Installing sensors and software, and integrating them with access control systems in order to monitor your organization, can come with numerous security challenges. How can you be sure that your new, “smart” devices or areas are secure?
Forescout Research Labs recently released “The Enterprise of Things Security Report,” which assesses the risk posture of over 8 million devices deployed across the financial services, government, healthcare, manufacturing and retail sectors. Forescout surveyed approximately 11 million devices from more than 1,200 global customers, identifying points of risk regarding device types, industry sector and cybersecurity policies.
Analyzing the risk levels of device groups as well as device-group distribution within industry verticals, Forescout measured the risk associated with specific device function and type. To identify device risk, Forescout calculated the individual risk score for each device, then aggregated that score by taking the average risk per device model.
These typically unmanaged device functions provide examples of concrete vulnerabilities of typical network configurations (like open ports and connectivity), and are by no means the only functions that should be monitored by security teams.
According to Forescout, these are the most at-risk devices today.
The Top 10 Riskiest IoT Devices of 2020:
- Physical access control solutions: These devices are used to open or close doors after detecting authorized badges. Forescout found that these devices contained serious vulnerabilities, as they were often configured with open ports or connected to other risky devices.
- HVAC systems: Forescout also found these devices to be configured with critical open ports, connected to other risky devices or with critical vulnerabilities allowing for a complete takeover of the device.
- Network cameras: There are several serious vulnerabilities associated with IP cameras. Forescout found that they were typically configured with critical ports enabled and connected to risky devices as well.
- Programmable logic controllers (PLCs): Because PLCs control critical industrial processes, a vulnerable PLC can be an especially high-risk, high-impact device.
- Radiotherapy systems: The impact of exploitation of these systems is inherently high, as they were found to be configured with several critical ports open and potentially connected to other risky medical devices.
- Out-of-band controllers: For servers integrated into the main board, out-of-band controllers provide an interface to manage and monitor server hardware containing their own processors, memory, network connection, and access to the system bus. Vulnerabilities in these controllers can result in a denial-of-service attack and remote code execution.
- Radiology workstations: Though Forescout found no reported vulnerabilities in radiotherapy systems, these workstations are typically connected to peripheral systems in healthcare delivery organizations like radiology information systems, picture archiving communication systems, and electronic heath records systems. When configured with critical ports open or connected to risky devices, the potential for exploitation is very high since it is a workstation where common attacker tools can be easily adapted to achieve persistence or to pivot within a healthcare network.
- Picture archiving and communication systems (PACS): PACS are medical imaging systems that provide storage, retrieval, management, distribution and presentation of medical images. Forescout found PACS to have a similar risk profile to other medical devices due to their place in the network and use case.
- Wireless access points: In addition to a number of critical vulnerabilities, Forescout found wireless access points to be often connected to multiple risky guest devices.
- Network management cards: Network management cards are used to remotely monitor and control individual Uninterruptible Power Supply devices. Other than the known vulnerabilities, high connectivity and open ports, these devices also support BACnet/IP and Modbus/TCP protocols, which represents a convergence of smart building technology with IT infrastructure.
Mitigating these risks
Because of the quantity and diversity of new, connected IoT devices in nearly every industry vertical, each segment faces a new set of challenges, effectively making most business leaders cybersecurity stakeholders. Forescout posits that applying security controls and sharing threat intelligence (by joining an Information Sharing and Analysis Center, for example) is one of the best ways to help identify and mitigate these risks.
If your organization is considering solutions to support your back-to-work strategy or you’d like guidance on securing the IoT solutions you already have in place, be sure to contact us, visit siriuscom.com/IOT for more information, or call 800-460-1237.