ไทย
English
According to the 2026 report by Forescout Research – Vedere Labs, cyber risk is expanding across many categories of connected devices, including IT, IoT, OT, and IoMT devices, which are now essential parts of modern enterprise environments.
Forescout Research – Vedere Labs has continuously tracked the risk of connected devices in enterprise networks since 2020. In the 2026 report, the research analyzed millions of devices from the Forescout Device Cloud to identify the device categories with the highest risk across organizational environments.
The findings show that today’s enterprise risk landscape is no longer limited to traditional IT devices such as computers or servers. It also includes IoT, OT, and IoMT devices such as network equipment, building control systems, medical devices, and specialized operational devices.
The key point is that organizations should not manage IT, IoT, OT, and IoMT security separately. Attackers can exploit a weakness in one device as an entry point and then move laterally to other systems within the network.
Table of Contents
How Device Risk is Assessed
The report assesses risk based on multiple factors, focusing on three main areas:
| Factor | Meaning |
|---|---|
| Configuration | Checks for configuration issues such as vulnerabilities, open ports, default passwords, insecure protocols, or outdated versions. |
| Function | Assesses the business impact if the device is compromised or controlled by an attacker. |
| Behavior | Assesses the level of exposure of the device to the internet. |
Each device receives a risk score from 1 to 10. These scores are then averaged by device category to identify which types of devices carry the highest risk.
Riskiest Connected Devices in 2026
The report ranks the riskiest devices across four major groups: IT, IoT, OT, and IoMT.
| IT | IoT | OT | IoMT | |
|---|---|---|---|---|
| 1 | Router | VoIP System | Power Distribution Unit or PDU | Medication Dispensing System |
| 2 | Serial-to-IP Converter | Printer | Physical Access Control System | Medical Image Printer |
| 3 | Workstation | Time Clock | Uninterruptible Power Supply or UPS | DICOM Gateway |
| 4 | Firewall | Network Video Recorder or NVR | I/O Module | MRI Scanner |
| 5 | Domain Controller | RFID Reader | BACnet Router | Healthcare Workstation |
Among the 20 highest-risk device categories in 2026, 11 categories appeared in the ranking for the first time. This reflects how attackers are expanding their targets to devices that many organizations may not yet be monitoring, assessing, or securing adequately.
Risk in the IT Category
The high-risk IT devices have changed from 2025. Two new device types entered the top five: Serial-to-IP Converter and Workstation.
Routers and Firewalls
The report states that network infrastructure devices carry higher risk than endpoints in the IT category. Routers moved from fifth place in 2025 to first place in 2026.
Routers and firewalls are high-risk because they are often located at the network perimeter and may expose administrative services externally. If they contain vulnerabilities, including zero-day vulnerabilities, use outdated firmware, or have open management ports, these devices can become critical gateways for attackers to access an organization’s network.
Serial-to-IP Converter
Serial-to-IP Converters appeared in the high-risk ranking for the first time in 2026. These devices are used to connect serial systems, such as RS-232, to IP networks. They are commonly found in industrial control systems, building automation systems, medical networks, and other specialized environments.
The main reasons these devices are risky include the use of default passwords, lack of regular patching, and their role as connection points between IT networks and OT or medical networks.
Workstations and Domain Controllers
Although network devices have become a major risk in 2026, endpoints such as workstations remain common starting points for many attacks, especially attacks delivered through phishing emails and malware.
Risk in the IoT Category
In the IoT category, high-risk devices include VoIP systems, NVRs, printers, time clocks, and RFID readers.
VoIP Systems and NVRs
VoIP systems and NVRs remain persistent risks because these devices are often connected to the internet, configured insecurely, expose unnecessary ports, use weak passwords, or run outdated firmware.
Printers
Printers are classified as risky devices in 2026. This category includes office printers, receipt printers, label printers, ticket printers, and wristband printers, which are commonly found in hospitals, warehouses, retail businesses, financial institutions, and many other organizations. Many printers still run old firmware, and some still use factory-default passwords.
Time Clocks and RFID Readers
Time clocks and RFID readers are examples of IoT devices that are often overlooked. They are commonly installed by contractors or specialized system integrators and may not be directly managed by security teams. However, these devices connect to important systems such as HR, payroll, ERP, access control, and inventory management systems. Without proper network segmentation, they can become pathways for attackers to access core business systems.
Risk in the OT Category
In the OT category, high-risk devices include PDUs, UPS systems, Physical Access Control Systems, BACnet Routers, and I/O Modules.
PDUs and UPS Systems
PDUs and UPS systems are important components in data centers and enterprise infrastructure. PDUs distribute power to servers, network equipment, and storage systems, while UPS systems provide backup power. When these devices are connected to the network, exposed to the internet, or managed insecurely, they can significantly affect business continuity if compromised.
Physical Access Control Systems and BACnet Routers
Physical Access Control Systems control access to buildings, such as doors and locking systems. The report notes that these devices often expose administrative services such as Telnet, which is an unencrypted and high-risk protocol.
BACnet Routers are used to connect and route data between BACnet networks, which are commonly used in building automation systems. Without proper network segmentation or access control, they can increase risk to both building systems and enterprise networks.
I/O Modules
I/O Modules connect digital control systems to physical processes, such as sensors and actuators. Without sufficient security controls, or when placed in poorly segmented networks, they can become significant risk points in OT environments.
Risk in the IoMT Category
The IoMT, or Internet of Medical Things, category changed significantly in 2026, with several new device types entering the high-risk ranking.
Medication Dispensing System
Medication Dispensing Systems are the highest-risk IoMT devices in this report. These devices have had vulnerability-related issues for several years and often continue to use outdated firmware.
MRI Scanners, DICOM Gateways, and Medical Image Printers
MRI Scanners, DICOM Gateways, and Medical Image Printers reflect the ongoing risk in medical imaging systems. These devices often connect to PACS systems for storing and retrieving medical images. They may use older hardware or software and need to connect to multiple systems to support clinical operations.
Healthcare Workstations
Healthcare Workstations are also important targets because they are used to access patient data and medical systems. If compromised, they can affect both sensitive information and the continuity of medical services.
Risk Varies by Industry
The report also analyzes device risk across five industries with the highest number of connected devices. In 2026, the financial services sector had the highest average device risk score, followed by government and healthcare.
The risk gap is significant. The average device risk in financial services is more than three times higher than in retail, while the average risk in government is more than twice that of manufacturing.
Legacy Operating Systems and Older Devices
Traditional IT operating systems such as Windows, Linux, macOS, and UNIX remain common in financial services and manufacturing. Financial services has the highest proportion of devices using traditional IT operating systems.
Another important issue highlighted in the report is the end of support for Windows 10 on October 14, 2025. This makes older Windows devices a major risk. Retail has the highest proportion of older Windows devices, followed by healthcare and financial services.
In addition, devices running specialized operating systems, such as embedded firmware or network device operating systems, create security management challenges. Their versions are difficult to track, updates are not automatic, and they often run outdated or unsupported firmware.
Open Ports Remain a Major Weakness
The report examines protocols commonly used in attacks, including SMB, RDP, SSH, and Telnet.
SMB remains widely used across all industries, although its use has declined in many sectors except government. RDP is generally stable, while SSH has increased in almost every industry except retail.
The most concerning issue is Telnet, a remote management protocol that is not encrypted but is still used in some legacy and specialized devices. The report found that Telnet usage increased in financial services, healthcare, and manufacturing, indicating that many organizations still have devices using insecure management methods.
The use of factory-default passwords also remains a risk factor. This is commonly found in printers, print servers, PLCs, and Serial-to-IP Converters.
The Most Dangerous Vulnerabilities Are Not Only in Computers
Although computers have the highest overall number of vulnerabilities, routers have the highest risk when considering only critical vulnerabilities with a very high likelihood of exploitation.
Routers also have the highest average number of vulnerabilities per device. Wireless Access Points, Wireless Controllers, and Healthcare Workstations also have high average vulnerability counts per device.
Conclusion
The 2026 report clearly shows that the risk landscape of modern organizations extends far beyond traditional IT devices. Organizations need to systematically gain visibility into and manage the risk of all device categories, including IT, IoT, OT, and IoMT.
Attackers can exploit vulnerabilities in one device to expand attacks into other systems. For example, they may use a router or IP camera as an initial entry point, spread malware from IT to OT environments, or use credentials from IoT systems to access medical systems.
Therefore, organizations should prioritize full visibility into all devices on the network, risk-based prioritization, reduction of unnecessary open ports, firmware updates, proper network segmentation, and automated control systems that do not rely only on endpoint agents.
Managing connected device risk should be part of the organization-wide cybersecurity strategy to reduce the likelihood of attacks and improve readiness against increasingly complex threats in the future.
Let BMSP help safeguard your organization with industry-grade cybersecurity solutions tailored for modern IT, IoT, OT, and IoMT environments.
Contact us to learn how we can support your security journey
Reference
Forescout Research – Vedere Labs. The Riskiest Connected Devices in 2026. March 23, 2026.
Source: Forescout Technologies, Inc. / Forescout Research – Vedere Labs.
