The Enterprise of Things Security Report

Executive Summary

In this first edition of The Enterprise of Things Security Report, Forescout Research Labs has undertaken the most comprehensive study of its kind within the greater cybersecurity industry to date to assess the risk posture of over 8 million devices deployed across 5 verticals: Financial Services, Government, Healthcare, Manufacturing and Retail.

Using carefully defined metrics and data from the Forescout Device Cloud, we identified points of risk inherent to device type, industry sector and cybersecurity policies. Furthermore, we translated these findings into data-informed recommendations to help cybersecurity and risk stakeholders to mitigate and remediate these identified points of risk.

Forescout Device Cloud is one of the world’s largest repositories of connected enterprise device data —including IT, OT and IoT device data — and the number of devices it contains grows daily. The anonymous data comes from Forescout customer deployments and, at the time of this report’s publication, contains information from approximately 11 million devices from more than 1,200 global customers.

Key Findings

• IoT devices, which can be hard to monitor and control, exist in every vertical and can present risk to modern organizations, both as entry points into vulnerable networks or as final targets of specialized malware. The device types posing the highest level of risk are those within physical access control systems. These devices are ubiquitous and literally open the doors to the physical world, bridging the gap between the cyber and physical realms. According to our data sample, physical access control solutions are the systems at highest risk due to the presence of many critical open ports, a lot of connectivity with risky devices and the presence of known vulnerabilities.
• These devices – especially medical devices – have enormous potential impact if compromised, and frequently have critical open ports that expose dangerous services on the network.
• Additionally, almost 30% of managed Windows devices in Financial Services are running operating systems that are not patched against the BlueKeep vulnerability.
• In Financial Services, Government and Healthcare, close to 20% of devices have default SMB port 445 and close to 12% have default RDP port 3389 open. These services leave devices open to attacks from automated threats (such as botnets and ransomware) and Advanced Persistent Threats (APTs).