Microsoft Highlights Serious Risks to Critical Infrastructure in its latest Cyber Signals Report

Microsoft has released the third edition of Cyber Signals, a report spotlighting security trends and insights gathered from Microsoft’s 43 trillion daily security signals and 8,500 security experts. The report provides new insights on wider risks that converging IT, Internet of Things (IoT), and operational technology (OT) systems pose to critical infrastructure.

OT is a combination of hardware and software across programmable systems or devices that interact with the physical environment (or manage devices that interact with the physical environment). Examples of OT can include building management systems, fire control systems, and physical access control mechanisms, like doors and elevators.

As OT systems underpinning energy, transportation, and other infrastructures become increasingly connected to IT systems, the risk of disruption and damage grows as boundaries blur between these formerly separated worlds. Microsoft has identified unpatched, high-severity vulnerabilities in 75 percent of the most common industrial controllers in customer OT networks, illustrating how challenging it is for even well-resourced organisations to patch control systems in demanding environments sensitive to downtime.

Additionally, with more than 41 billion IoT devices across enterprise and consumer environments expected by 2025 according to International Data Corporation (IDC) research, devices such as cameras, smart speakers, or locks and commercial appliances can become entry points for attackers.

Vasu Jakkal, Microsoft’s Corporate Vice President, Security, Compliance, Identity, and Management, said: “For businesses and infrastructure operators across industries, the defensive imperatives are gaining total visibility over connected systems and weighing evolving risks and dependencies. Unlike the IT landscape of common operating systems, business applications, and platforms, OT and IoT landscapes are more fragmented, featuring proprietary protocols and devices that may not have cybersecurity standards.

“Other realities affecting things like patching and vulnerability management are also factors. While connected OT and IoT-enabled devices offer significant value to organisations looking to modernise workspaces, become more data-driven, and ease demands on staff through shifts like remote management and automation in critical infrastructure networks, if not properly secured, they increase the risk of unauthorised access to operational assets and networks.”

See more stories here.