Security Experts:

Connect with us

Hi, what are you looking for?



Volume of Attacks on IoT/OT Devices Increasing: Microsoft Study

The volume of attacks on IoT and OT devices is increasing and in many cases these systems were specifically targeted by threat actors, according to a new study commissioned by Microsoft.

The volume of attacks on IoT and OT devices is increasing and in many cases these systems were specifically targeted by threat actors, according to a new study commissioned by Microsoft.

Forty-four percent of the more than 600 respondents who took part in a survey said their organization experienced a cyber incident that involved an IoT or OT device in the past two years. Thirty-nine percent said such a device was the target of the attack and 35% said the device was leveraged to conduct a broader attack — this includes lateral movement, detection evasion and persistence.

IoT and OT devices may be specifically targeted by attackers with the intent to cause disruption. One example provided by Microsoft involves human-operated ransomware attacks that disrupt production in an organization.

Half of respondents said the volume of attacks against IoT/OT devices in their organization “increased” or “significantly increased” in the past 12 to 24 months. Moreover, only less than 20% of respondents believe the volume of attacks will decrease in the upcoming period.

Many organizations are still not confident in their ability to protect their systems. Only less than one-third of the respondents who contributed to the Microsoft study said their organization has a complete inventory of devices, and 42% don’t have the ability to detect vulnerabilities affecting IoT and OT devices.

Moreover, 61% have low or average confidence when it comes to identifying compromised systems, and nearly half still mainly rely on manual processes to identify and correlate impacted devices.

Microsoft’s study also confirms that industrial systems are in many cases not isolated from the internet or the IT network. Roughly half of respondents said their OT network is connected to the corporate IT network, and 56% admitted that their OT network is directly connected to the internet.

While 55% of respondents believe IoT and OT products are not secure by design, 47% are relying on the manufacturer to secure these devices.

The report released by Microsoft is based on a survey of 615 IT, IT security, and OT security practitioners across the United States, conducted by the Ponemon Institute.

A survey conducted recently by Ponemon for industrial cybersecurity firm Dragos showed that some companies reported that the total cost of an ICS/OT incident exceeded $100 million.

Related: Engineering Workstations Are Concerning Initial Access Vector in OT Attacks

Related: Water Sector Security Report Released Just as Another Water Plant Hack Comes to Light

Related: Over 90% of OT Organizations Experienced Cyber Incidents in Past Year: Report

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.


Twenty-one cybersecurity-related M&A deals were announced in December 2022.