IT teams at risk of being caught unawares by new OT threat, according to Microsoft’s latest threat intelligence

Jan 9, 2024

New research from Microsoft reveals that attackers are increasingly making use of
operational technology to gain new entryways into company networks.

  • Microsoft’s 43 trillion daily security signals and 8,500 security experts provide insight into the latest security trends in the Middle East and Africa
  • Over 1.1 billion IoT connections are expected in the Middle East and North Africa by 2023

Microsoft’s latest Cyber Signals report highlights how
cybercriminals are using Operational Technology (OT) as gateways into an organization’s
network. This comes at a time when IoT connections in the region are growing with the
GSMA predicting that 1.1 billion IoT connections are expected by 2025 in MENA. It’s this
growth in OT and IoT that has given cybercriminals more opportunities to breach an
organization’s network.

Microsoft’s Cyber Signals report is a regular cyberthreat intelligence brief spotlighting
security trends and insights gathered from Microsoft’s 65 trillion daily security signals and
8,500 security experts. The latest edition has found that converging IT, Internet of Things
(IoT) and OT systems pose a wider risk to critical infrastructure.

For CIOs in the Middle East and Africa (MEA), the impact of a possible security breach is top
of mind in an increasingly complex threat environment. This can be seen in the 11.2 percent
rise in cybersecurity spending in the Middle East and North Africa (MENA) for 2022.
The growing rate of digital transformation within the African region is facilitating the
emergence of new attack vectors and opportunities for cybercriminals. The Kenyan
government has identified cybersecurity as a key enabler for digital economy. Kenya faces
increased cybersecurity challenges and risks that threaten national security and the
country’s digital transformation agenda. Cybersecurity statistics indicate that the number of
cyber threats detected in Kenya has significantly increased in the last three years. The
Communications Authority of Kenya reported 278,030,354 threats detected in the period
from July to September 2022, an increase of 99.478% from threats detected between April
to June of the same year.

The increase in digital transformation across the region has enabled organizations to
manage their buildings, emergency systems and access control with smart devices
connected to a network. In addition, we have seen an increase in IoT devices in the
workplace to better enable hybrid work such as smart conference rooms with microphones
and cameras.

As the threat landscape continues to expand and become more complex, organizations
need to rethink their cyber risk approach to stay one step ahead of would-be attackers.
Cyber Signals found that there are currently over 1 million connected devices publicly visible
on the Internet running Boa, an outdated and unsupported software still widely used in IoT
devices and software development kits.

“Organizations are more connected than ever before. From the humble Wi-Fi router to the
everyday office printer, IT teams need to view their IoT devices differently and secure them

as they would any company laptop to prevent security breaches,” says Phyllis Migwi,
Country Manager for Microsoft Kenya. “Gaining complete visibility of an organization’s OT
systems and protecting its IoT solutions will go a long way in preventing cyberattacks.”
To learn more about IT, OT, and IoT threats, read the third edition of Cyber Signals. To learn
more about Microsoft Security solutions and keep up with expert coverage on security
matters, visit the Microsoft Security website and Microsoft Security blog.