IT teams at risk of being caught unawares by new OT threat, according to Microsoft’s latest threat intelligence

May 17, 2023

New research from Microsoft reveals that attackers are increasingly making use of operational technology to gain new entryways into company networks.

Microsoft’s latest Cyber Signals report highlights how cybercriminals are using Operational Technology (OT) as gateways into an organization’s network. This comes at a time when IoT connections in the region are growing with the GSMA predicting that 1.1 billion IoT connections are expected by 2025 in MENA. It’s this growth in OT and IoT that has given cybercriminals more opportunities to breach an organization’s network.

Microsoft’s Cyber Signals report is a regular cyberthreat intelligence brief spotlighting security trends and insights gathered from Microsoft’s 65 trillion daily security signals and 8,500 security experts. The latest edition has found that converging IT, Internet of Things (IoT) and OT systems pose a wider risk to critical infrastructure.

For CIOs in the Middle East and Africa (MEA), the impact of a possible security breach is top of mind in an increasingly complex threat environment. This can be seen in the 11.2 percent rise in cybersecurity spending in the Middle East and North Africa (MENA) for 2022.

The growing rate of digital transformation within the African region is facilitating the emergence of new attack vectors and opportunities for cybercriminals. The Kenyan government has identified cybersecurity as a key enabler for digital economy. Kenya faces increased cybersecurity challenges and risks that threaten national security and the country’s digital transformation agenda. Cybersecurity statistics indicate that the number of cyber threats detected in Kenya has significantly increased in the last three years. The Communications Authority of Kenya reported 278,030,354 threats detected in the period from July to September 2022, an increase of 99.478% from threats detected between April to June of the same year.

The increase in digital transformation across the region has enabled organizations to manage their buildings, emergency systems and access control with smart devices connected to a network. In addition, we have seen an increase in IoT devices in the workplace to better enable hybrid work such as smart conference rooms with microphones and cameras. 

As the threat landscape continues to expand and become more complex, organizations need to rethink their cyber risk approach to stay one step ahead of would-be attackers. Cyber Signals found that there are currently over 1 million connected devices publicly visible on the Internet running Boa, an outdated and unsupported software still widely used in IoT devices and software development kits.

“Organizations are more connected than ever before. From the humble Wi-Fi router to the everyday office printer, IT teams need to view their IoT devices differently and secure them as they would any company laptop to prevent security breaches,” says Phyllis Migwi, Country Manager for Microsoft Kenya. “Gaining complete visibility of an organization’s OT systems and protecting its IoT solutions will go a long way in preventing cyberattacks.”

Check out other Microsoft stories making the news across Africa and the Middle East region.