China, United States, India, Korea and Taiwan are the top five countries originating Internet of Things (IoT) malware infection in 2022, a Microsoft report said.
IoT devices offer significant value to organizations looking to modernize workspaces, become more data-driven and ease demands on staff through shifts like remote management and automation.
Therefore, the cyber-threat landscape is real and security is the need of the hour. Microsoft aims to help incident responders and security specialists better understand their environments and prevent potential incidents.
There will be 41.6 billion connected IoT devices by 2025, a growth rate higher than traditional IT equipment, IDC estimates.
A recent Gartner report said three factors influencing growth in security spending are the increase in remote and hybrid work, the transition from virtual private networks (VPNs) to zero trust network access (ZTNA) and the shift to cloud-based delivery models.
“The modern CISO needs to focus on an expanding attack surface created by digital transformation initiatives such as cloud adoption, IT/OT-IoT convergence, remote working and third-party infrastructure integration,” said Ruggero Contu, senior director analyst at Gartner.
With increasing connectivity across converging IT, Operational Technology (OT) and IoT, organizations and individuals need to rethink cyber risk impact and consequences, Microsoft said.
Microsoft observed a spike in threats across traditional IT equipment, OT controllers and IoT devices like routers and cameras fueled by the interconnectivity many organizations have adopted over the past few years.
Microsoft has identified unpatched, high-severity vulnerabilities in 75 percent of the most common industrial controllers in customer OT networks.
“As OT systems underpinning energy, transportation, and other infrastructures become increasingly connected to IT systems, the risk of disruption and damage grows as boundaries blur between these formerly separated worlds,” said Vasu Jakkal, corporate vice president, security, compliance, identity, and management at Microsoft.
Microsoft also observed over 1 million connected devices publicly visible on the Internet running Boa, an outdated and unsupported software still widely used in IoT devices and software development kits (SDKs).