IoT and OT environments face obsolescence risks: Microsoft

Lack of security patches and outdated software are some of the challenges that organizations face in IoT and OT.

On average, 75% of industrial OT network controllers have serious vulnerabilities due to lack of security patches.

More of 1 million visible connected devices are running on outdated softwareare some of the findings of Microsoft in its study Cyber ​​Signals.

In its third edition, in which it collects information on malicious digital signals, to identify the main risks and threats.

Noting that, according to the estimates of IDCenvironments such as the Internet of Things (IoT) and Operational Technology (OT), will continue to grow to represent 41.6 billion connected devices by 2025.

You might be interested in reading: IoT puts the network at risk, Zero Trust protects it

The document complements that the disclosure of serious vulnerabilities in industrial control equipment increased by 78% from 2020 to 2022.

It emphasizes that China is positioned as the place from which the largest number of IoT attacks originate (38%)followed by the United States (19%) and India (10%).

The report specifies that these conclusions are derived from the collection of information from 43 billion malicious signals.

They analyze their systems on a daily basis together with the more than 8,500 security experts of the firm.

Warns the lack of protection to these environments

He points out that while connected OT and IoT-enabled devices offer considerable value to organizations.

How to modernize workspaces through remote management and automation in critical infrastructure networks.

If not properly secured, they increase the risk of unauthorized access to operational assets and networks, creating an expanded attack surface, targeting exposed OT systems.

In this context, it specifies that devices such as cameras, smart speakers, or commercial locks and appliances could also become potential points of attack.

For this reason, the company encourages IoT/OT users to apply Zero Trust, identify the impact and cyber risks, resulting from the increase in connectivity, malware and espionage.

To respond to IT and OT threats to critical infrastructure, organizations must have complete visibility into the number of IT, OT, and IoT devices.

“Locate where or how they converge, and the vital data, resources and utilities accessible through these devices”.

He mentioned David Atch, Head of IoT and OT Security Research at Microsoft Threat Intelligence.

Without this, organizations face just as much information disclosure as a leak of factory production data.”

“To the possible tightening of the privileges necessary for the command and control of cyber-physical systems, for example, stopping the production line of a factory”.


Atch added that unlike the IT landscape of operating systems, in OT and IoT solutions are more fragmented.

Well, they have proprietary devices and protocols that may not have cybersecurity standards.