Enterprises are facing heightened cyber threats as attackers increasingly target network infrastructure, particularly routers, following a trend noted in Forescout Research Vedere Labs’ 2025 report on the riskiest connected devices.
The Forescout report reveals a significant shift in the cybersecurity landscape, where routers have now surpassed traditional endpoints as the primary target for cyberattacks.
This change comes due to the inherent exposure of these devices at network perimeters and the availability of high-severity vulnerabilities that are exploited rapidly through large-scale campaigns.
.png
)
Emerging Device Threats
This year’s report highlights a notable increase in risk, with 12 new device types making their debut on the list of most vulnerable devices, marking the largest year-over-year change observed to date.
These include Application Delivery Controllers (ADCs), firewalls, and IPMI devices, which are critical for out-of-band server management but are fraught with vulnerabilities, some of which have public exploits.
Among the most vulnerable devices are routers, which now account for over 50% of the devices with critical vulnerabilities.
This has made them prime targets for exploitation, with attacks often beginning through these gateways into the broader enterprise network.
The retail sector has emerged with the riskiest devices on average, followed by financial services, government, healthcare, and manufacturing.
A clear trend noted is the narrowing gap in risk scores between different sectors, indicating a universal rise in device vulnerability across all industries.
Key Security Challenges
The widespread use of legacy Windows versions, particularly in government and healthcare sectors, continues to pose substantial risks. ‘
Moreover, the use of unencrypted Telnet has surged, replacing the more secure SSH, especially within government networks.
This shift towards less secure protocol usage is a concerning security trend that exposes devices to a higher risk of unauthorized access.
Security professionals are urged to adopt a holistic security strategy that covers IT, IoT, OT, and IoMT devices.
The report stresses the importance of not just identifying vulnerabilities but also actively managing and mitigating risks across these varied device ecosystems.
Traditional endpoint-focused security measures are now insufficient; instead, there should be an emphasis on comprehensive, automated security controls that do not rely solely on endpoint agents.
As the cyberattack landscape evolves, the focus on network equipment, especially routers, as entry points for attacks underscores the need for enterprises to strengthen security measures at the network level.
Continuous vigilance and adaptive security frameworks are crucial in countering these evolving threats effectively.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
