Forescout, a prominent company in cybersecurity, recently unveiled significant findings regarding the evolving landscape of enterprise cyber risk. Their analysis reveals a stark shift in vulnerabilities, indicating that network infrastructure has now overtaken traditional endpoints, such as computers, as the most susceptible components within organizational environments. This new perspective emphasizes the pressing need for businesses to reevaluate their cyber risk management strategies.
In the recently published report titled “Riskiest Connected Devices in 2026,” Forescout leveraged insights gleaned from millions of assets analyzed within its Device Cloud. The report underscores a rapid transformation in the threat landscape, particularly from the device standpoint. A striking statistic from the report is that 75% of the device types deemed most risky were not even included in the high-risk category just two years prior, illustrating the speed at which new vulnerabilities and attack surfaces are emerging.
One of the most significant revelations from the report is the ascendance of network infrastructure as the primary risk category. Routers, in particular, have surpassed computers as the leading focal point for vulnerabilities and critical risks. The analysis indicates that approximately one-third of the most pressing vulnerabilities now reside in routers. On average, each router and switch is burdened with nearly 32 vulnerabilities, highlighting the need for organizations to adopt more stringent security measures for these devices.
Additionally, the report has unveiled 11 device types that have made their debut on the high-risk list, including serial-to-IP converters, RFID readers, BACnet routers, and medical image printers. Alarmingly, many of these devices are often situated outside the confines of traditional IT security controls, rendering them challenging to monitor, patch, or even identify. This lack of oversight raises significant concerns regarding their contributions to overall cyber risk.
According to Forescout, this trend is reflective of a broader movement within organizations to deploy increasingly specialized and often unmanaged devices across various environments, including IT, operational technology (OT), Internet of Things (IoT), and Internet of Medical Things (IoMT). Each of these environments presents unique vulnerabilities that can be exploited, creating new entry points for cyber attackers. This reality stresses the importance of adaptive security measures that can address these diverse environments effectively.
Barry Mainz, the CEO of Forescout, articulated the dangers associated with these emerging gaps in security. He warned that many of these newly identified devices often lack proper hardening, carry default credentials, and do not receive monitoring in the same manner as traditional endpoints. In his view, once cyber adversaries gain access to these devices, they possess the means to move laterally across the network, circumventing defenses that are often focused solely on perimeter security. Mainz concluded by emphasizing that containment strategies are now crucial to limit the potential impact of cyber breaches.
The report further underscores the growing exposure presented by legacy systems, particularly as support for Windows 10 approaches its end. Legacy operating systems remain prevalent in various sectors, with retail, healthcare, and financial services noting rates of 39%, 35%, and 29%, respectively. In tandem, common devices such as printers, switches, and IP phones often operate on outdated firmware, adding additional layers of risk to organizational networks.
Moreover, the analysis highlights a shift in protocol usage trends, which further compounds the overall risk landscape. The Secure Shell (SSH) protocol has now become the second most observed protocol across environments, while the insecure Telnet continues to gain traction. This is especially concerning in financial services and manufacturing sectors, where reliance on Telnet persists despite its lack of encryption and security features.
Daniel dos Santos, Forescout’s Vice President of Research, pointed out that cyber attackers are increasingly targeting devices that act as bridges between different environments. He noted that ransomware actors are leveraging routers and IP cameras, while malware is known to migrate from IT environments into OT and even medical systems. In light of these evolving challenges, dos Santos emphasized the necessity for security strategies to adapt and extend visibility and control across all interconnected domains.
In summary, the findings presented in Forescout’s report illustrate a substantial shift in how cyber risk is distributed across organizational networks. No longer are risks concentrated solely in traditional endpoints; they have infiltrated a diverse and often unmanaged device ecosystem. This evolution necessitates a reevaluation of how organizations identify, prioritize, and contain cyber threats, underscoring the growing complexity of cybersecurity in today’s interconnected world.