Routers Replace PCs as Primary Threat Vector in Evolving Device Risk Landscape

The latest Forescout analysis marks a turning point in enterprise cyber‑risk profiling. While traditional endpoints once dominated vulnerability metrics, routers and switches have surged to represent roughly a third of the most critical flaws, with each device averaging 32 weaknesses. This rapid evolution reflects the proliferation of specialized, often unmanaged hardware across corporate networks, blurring the lines between IT, OT, IoT and medical environments. As a result, attackers now have a richer palette of entry points, from serial‑to‑IP converters to RFID readers, that sit outside conventional security tooling.

For security leaders, the implication is clear: perimeter‑focused defenses are no longer sufficient. Visibility platforms must ingest data from a broader spectrum of assets, applying continuous monitoring, automated patching and credential hygiene to devices that historically escaped IT oversight. The report also underscores a worrying persistence of legacy operating systems—still prevalent in retail (39%), healthcare (35%) and financial services (29%)—and the resurgence of insecure protocols such as Telnet, especially in high‑value sectors. These gaps create fertile ground for lateral movement, enabling ransomware actors to traverse from routers to IP cameras and even into OT and medical systems.

Mitigating this expanding threat surface requires a multi‑layered approach. Organizations should prioritize inventorying every networked device, enforce strict hardening standards, and replace default credentials with robust authentication. Deploying zero‑trust network access and micro‑segmentation can contain breaches before they spread, while regular firmware updates and protocol deprecation (e.g., phasing out Telnet) reduce exploitable footholds. As the device ecosystem continues to diversify, continuous risk scoring and adaptive response mechanisms will become indispensable for safeguarding enterprise resilience.