"'High Severity' Vulnerabilities Uncovered in Three-Quarters of Operational Technology Systems"
New Microsoft research has found that three-quarters of industrial control devices used in Operational Technology (OT) networks remain unpatched and riddled with significant vulnerabilities. The latest Cyber Signals report from Microsoft revealed that threats against OT systems and Internet of Things (IoT) devices are on the rise and pose major risks to enterprises worldwide. David Atch, leader of IoT and OT security research at Microsoft Threat Intelligence, pointed out the pervasiveness, susceptibility, and cloud connectivity of IoT and OT devices, providing a quickly growing, uncontrolled risk surface that affects a range of industries and organizations. With OT becoming more cloud-connected and the distance between Information Technology (IT) and OT decreasing, access to less-secure OT is enabling infrastructure attacks. An IDC study predicts that by 2025, more than 41 billion IoT devices will be deployed in enterprise and consumer environments. Threat actors often target connected devices such as smart speakers, cameras, and commercial appliances as initial access points. The increasing convergence of IoT and OT with traditional IT systems will require organizations to reconsider the effect and repercussions of cyber risk. OT systems underlie various critical industries, such as energy, transportation, and other essential infrastructure assets. Therefore, successful cyberattacks could have a crippling effect on the global economy. This article continues to discuss the discovery of three-quarters of industrial control devices used in OT networks containing critical vulnerabilities, as well as the evolving threat landscape and how to counter such threats.