Forescout report uncovers the 10 riskiest Internet of Things devices in manufacturing in 2020

Opinions expressed in this article are those of the author.

This article is by Rohan Langdon, regional director, 
Australia and New Zealand, Forescout

New technologies in the manufacturing industry such as the Internet of Things (IoT), predictive analytics, artificial intelligence (AI) and machine learning (ML) have helped the industry dramatically cut costs and boost efficiency. However, these technologies have also simultaneously exposed companies to harmful cybersecurity risks that can have major impacts on Australian and New Zealand companies, and their supply chains.

Forescout has released The Enterprise of Things Security Report, which uncovered the 10 riskiest IoT devices in manufacturing in 2020. In this study, Forescout Research Labs undertook the most comprehensive study of its kind within the greater cybersecurity industry to date. It assessed the risk posture of more than eight million devices deployed across five vertical industries including manufacturing.

Forescout measured the risk of a device to an organisation by aggregating vulnerabilities, exploitability, remediation effort, matching confidence, open ports, potential communications, business criticality and whether the device is managed.

Accordingly, the top 10 riskiest IoT device attack vectors in manufacturing are:

  1. Uninterruptible power supply (UPS).
  2. Physical access control.
  3. Programmable logic controller (PLC).
  4. IP camera.
  5. Heating, ventilation and air conditioning (HVAC) systems.
  6. Point of sale technology.
  7. Network management.
  8. Out of band controller.
  9. Video conferencing.
  10. Robots.

Operational technology (OT) devices ranked as the riskiest device type in manufacturing, with UPS and PLC ranking in the top three. Robots ranked as the tenth-riskiest device. PLCs are fundamental to driving the manufacturing process, while robots are essential for its execution.

The potential impact of OT devices in manufacturing is high, with organisations that rely on OT for their core business increasingly facing cyberattacks. With the destructive nature and repercussions of these attacks only worsening, companies must implement proactive cybersecurity strategies that protect their OT infrastructure.

Additionally, as IoT devices proliferate, and IT and OT converge, smart building devices also present significant risk to manufacturing companies. Physical access controls, IP cameras and HVAC systems ranked in the top five riskiest manufacturing devices due to their ability to give cybercriminals an entry point to the building’s network. From there, cybercriminals can access locked premises or rooms, and could, for example, damage the data centre by tampering with locks and HVAC systems to overheat the delicate equipment.
Manufacturers should aim to reduce their risk and increase their network’s overall resilience by:

  • Increasing visibility: Manufacturers must be able to continuously discover, classify and assess devices without agents or active techniques that could compromise business operations. This facilitates real-time risk management.
  • Segmenting networks: Dynamic network segmentation across the extended enterprise reduces the attack surface and regulatory risk.
  • Managing endpoints: Manufacturers need a single interface to manage every network-connected device and unified asset.
  • Implementing policy-based controls: Manufacturers need countermeasures to mitigate threats, incidents, and compliance gaps.

Cybersecurity used to be the sole responsibility of the IT team. However, the increasing number and diversity of connected devices involved in the manufacturing process means every employee is a cybersecurity stakeholder. Every manufacturer must be aware of the risks presented by the Enterprise of Things and take all possible steps to close the gaps and mitigate those risks.


This article is by Rohan Langdon, regional director, 
Australia and New Zealand, Forescout