Security Experts:

Connect with us

Hi, what are you looking for?



Volume of Attacks on IoT/OT Devices Increasing: Microsoft Study

The volume of attacks on IoT and OT devices is increasing and in many cases these systems were specifically targeted by threat actors, according to a new study commissioned by Microsoft.

The volume of attacks on IoT and OT devices is increasing and in many cases these systems were specifically targeted by threat actors, according to a new study commissioned by Microsoft.

Forty-four percent of the more than 600 respondents who took part in a survey said their organization experienced a cyber incident that involved an IoT or OT device in the past two years. Thirty-nine percent said such a device was the target of the attack and 35% said the device was leveraged to conduct a broader attack — this includes lateral movement, detection evasion and persistence.

IoT and OT devices may be specifically targeted by attackers with the intent to cause disruption. One example provided by Microsoft involves human-operated ransomware attacks that disrupt production in an organization.

Half of respondents said the volume of attacks against IoT/OT devices in their organization “increased” or “significantly increased” in the past 12 to 24 months. Moreover, only less than 20% of respondents believe the volume of attacks will decrease in the upcoming period.

Many organizations are still not confident in their ability to protect their systems. Only less than one-third of the respondents who contributed to the Microsoft study said their organization has a complete inventory of devices, and 42% don’t have the ability to detect vulnerabilities affecting IoT and OT devices.

Moreover, 61% have low or average confidence when it comes to identifying compromised systems, and nearly half still mainly rely on manual processes to identify and correlate impacted devices.

Microsoft’s study also confirms that industrial systems are in many cases not isolated from the internet or the IT network. Roughly half of respondents said their OT network is connected to the corporate IT network, and 56% admitted that their OT network is directly connected to the internet.

While 55% of respondents believe IoT and OT products are not secure by design, 47% are relying on the manufacturer to secure these devices.

The report released by Microsoft is based on a survey of 615 IT, IT security, and OT security practitioners across the United States, conducted by the Ponemon Institute.

A survey conducted recently by Ponemon for industrial cybersecurity firm Dragos showed that some companies reported that the total cost of an ICS/OT incident exceeded $100 million.

Related: Engineering Workstations Are Concerning Initial Access Vector in OT Attacks

Related: Water Sector Security Report Released Just as Another Water Plant Hack Comes to Light

Related: Over 90% of OT Organizations Experienced Cyber Incidents in Past Year: Report

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.