Microsoft Releases its Third Edition of Cyber Signals Analyzing the Rise in Risks to Critical Infrastructure

Microsoft has released its third edition of Cyber Signals, a regular cyberthreat intelligence brief spotlighting security trends and insights gathered from Microsoft’s 43 trillion daily security signals and 8,500 security experts. This edition highlights new insights on the wider risks that converging IT, Internet-of-Things (IoT), and Operational Technology (OT) systems pose to critical infrastructure, and how enterprises can defend against these attacks.

According to IDC, it is predicted that by 2025 there will be more than 41.6 billion connected IoT devices, more than double the number of connected devices in 2020. Cyber Signals presents new data on these risks with practical recommendations for businesses.

Over the past year, Microsoft identified unpatched, high-severity vulnerabilities in 75 percent of the most common industrial controllers in customer OT networks, illustrating how challenging it is for even well-resourced organizations to patch control systems in demanding environments sensitive to downtime. Also, there was a 78% increase in high-severity vulnerability disclosures from 2020 to 2022 in industrial control equipment produced by popular vendors.

While connected OT and IoT-enabled devices offer significant value to organizations looking to modernize workspaces, become more data-driven, and ease demands on staff through shifts like remote management and automation in critical infrastructure networks, if not properly secured, they increase the risk of unauthorized access to operational assets and networks. In this context, devices such as cameras, smart speakers, or commercial locks and appliances, could also become entry points for attackers. For businesses and infrastructure operators across industries, the defensive imperatives are gaining total visibility over connected systems and weighing evolving risks and dependencies.

Unlike the IT landscape of common operating systems, business applications, and platforms, OT and IoT landscapes are more fragmented, featuring proprietary protocols and devices that may not have cybersecurity standards. Other realities affecting things like patching and vulnerability management are also factors.

David Atch, Microsoft Threat Intelligence, Head IoT and OT Security Research, highlights in this edition’s profile that to address IT and OT threats to critical infrastructure, organizations must have full visibility into the number of IT, OT, and IoT devices in their enterprise, where or how they converge, and the vital data, resources, and utilities accessible across these devices. Without this, organizations face both mass information disclosure (such as leaked production data of a factory) and the potential elevation of privilege for command and control of cyber-physical systems (such as stopping a factory production line). He shares additional insights in the Cyber Signals digital briefing where we take a deeper dive into wider risks that converging IT, IoT, and OT systems pose.

Securing IoT solutions with a Zero Trust security model starts with non-IoT specific requirements—specifically ensuring you have implemented the basics to securing identities and their devices and limiting their access. These requirements include explicitly verifying users, having visibility into the devices on the network, and real-time risk detections.

With a comprehensive view of the threat picture – informed by the 43 trillion threat signals Microsoft analyzes daily and the human intelligence of its more than 8,500 experts – Microsoft supports IoT/OT users in becoming cybersecurity advocates with the goal of visualizing local cyber threats, in applying Zero Trust and in identifying the cyber impact and risks resulting from increased connectivity, malware and espionage.