What are the riskiest connected devices in 2026?

Endpoint security has carried a lot of defensive weight for a while now; but in 2026, the balance is shifting. Routers and firewalls are now at the top of the risk stack. 

According to Forescout’s recent analysis, routers alone account for roughly a third of the most critical vulnerabilities found in enterprise networks. On average, each device carries around 32 vulnerabilities.

These systems sit at the boundary between internal networks and the internet. When they expose management ports or rely on weak credentials, they offer attackers a direct path inside.

Network infrastructure has become a high-value target. 

The overlooked devices are back in play

If network gear represents the obvious risk, IoT tells a different story.

Printers, VoIP systems, RFID readers and time clocks have moved into the top tier of risky devices. They may not be sophisticated technologies, but they’re consistently ignored by security processes. 

Printers frequently run outdated firmware and default credentials. Time clocks and RFID systems often sit in semi-public environments, connected to core systems like HR or inventory platforms. Once compromised, they offer a route into business-critical workflows.

And they’re not edge cases – they’re everywhere. 

OT risk is no longer theoretical

Operational tech has moved firmly into enterprise risk conversations.

Devices including power distribution units (PDUs), uninterruptible power supplies (UPS), and building management systems now appear among the riskiest assets. These systems are network-connected, remotely managed, and often poorly segmented.

Beyond data loss, the consequences can be extensive and serious; compromise can disrupt power, physical access, or environmental controls. 

And this creates a different class of risk – one that blends cyber incidents with operational failure.

Healthcare is exposed by design

Healthcare environments continue to carry persistent exposure.

Medication dispensing systems, MRI scanners, DICOM gateways and medical printers all feature on this year’s risk list. These devices rely on legacy operating systems, require constant connectivity, and are difficult to patch without affecting clinical workflows.

They’re also close to sensitive data and critical services. The result is a combination of high value and limited control – a familiar challenge in healthcare security.

The real issue is hygiene 

Across all categories, the same weaknesses keep appearing.

• Default credentials are common
• Firmware is often outdated
• Patch cycles continue to slip
• Around 24% of devices operate outside effective vulnerability management controls 

And around 10% of enterprise endpoints are now permanently unpatched, following the end of Windows 10 support. 

These are operational gaps that leave organisations exposed.

Exposure is going below the surface

Protocol data shows another shift. Traditional IT protocols such as SMB and RDP are stabilising. Meanwhile, SSH and Telnet usage is increasing, particularly across embedded and OT environments. 

Telnet’s resurgence stands out here. In financial services, exposure rose from 3% to 12% in a year.

This points to a more pervasive trend. Risk is moving into environments where visibility is weaker and controls are harder to enforce.

The impact of these risks isn’t limited to breaches. According to a report from Absolute Security, 83% of organisations reported operational disruption in 2025 following cyber incidents, with average annual downtime costs reaching $49 million.

The entry point often starts with a single device – but the consequences play out across the business.

Now is the time to: 

• Treat network infrastructure as a primary attack surface, not a background asset • Identify and monitor hidden IoT devices integrated into business workflows • Segment OT and building systems from core enterprise networks

Because the riskiest devices in 2026 are familiar and widely deployed – and most importantly, chronically overlooked. Which is exactly what makes them effective entry points for disruption.