To stay secure in an everchanging threat landscape, organisations must build cyber resilience and secure collaboration across their digital environment. In fact, many leaders view security as an enabler of business. Those who feel the most vulnerable are the most mature in their security posture – 83 percent according to our research.

Mature security organisations are realistic about securing in complex environments. In fact, in two years from now, many organisations believe some of their current vulnerabilities will be less of a liability. For example, 28 percent fewer respondents see networks as a significant security concern in two years as they do today.

What are the only vulnerabilities they expect to see the same or more of a challenge two years from now? Operational Technology (OT) and Internet of Things (IoT). Another increasingly common risk factor according to security leaders is the cyber resilience of their partner small and medium-sized enterprises (SMEs) in their ecosystem.

However, with Zero Trust principles and integrated security, organisations can help build cyber resilience and secure collaboration across their digital estate – including OT, IoT and partner access.

IT and OT

Graphic showing IT, a picture of a laptop, mobile phone and the cloud

IT is the devices, networks, systems and apps that allow organisations to collaborate and work together. For example, the cloud, a computer, or server.

A graphic showing OT

OT is the back end of the organisation. It’s the hardware and software that manages industrial equipment and systems. For example, industrial control systems or warehouse equipment.

As organisations connect their systems together, this can result in increased exposure to vulnerable OT systems. According to the Ponemon 2021 State of Industrial Cybersecurity, 63 percent of the respondents indicated that their organisation had at least one OT/ICS cybersecurity incident in the past two years.

A venn diagram showing the convergence of IT, OT and IoT

At the same time, IoT resides in both IT and OT environments. With the added stress of privacy concerns and regulatory requirements, organisations need a holistic approach that unifies IT and OT security.

Multiple layers of defences such as multifactor authentication, endpoint protection, patching, monitoring, identity-based protections and network segmentation can help build resilience and secure collaboration.

Lime and minerals producer Lhoist wanted to ensure their critical OT systems were secure. With Microsoft Azure Defender for IoT, they boosted security while also helping bridge the IT/OT divide.

“We had a malware outbreak occur while we were running proofs of concept to select our OT security solution. Azure Defender for IoT performed well, immediately detecting the suspicious traffic. We were able to pull the plug on the malware before it could stop production,” says Clément Herssens, CISO.

IoT

IoT connected to different systems

IoT is now deeply embedding into organisations, bringing convenience and functionality. However, they’re also an entry point for cyber criminals. Our research found 20 million devices that use the default password ‘admin’ in just 45 days of signals. That’s 20 million vulnerabilities.

To ensure critical systems and infrastructure keep running, it is essential for all IoT devices designed, evaluated, and operated securely. IoT manufacturers and cybersecurity experts developed sets of best practice standards for IoT device cybersecurity, which is reflected across policy, such as the European Technology Standards Institute for consumer IoT security.

Build cyber resilience by gaining visibility into assets and risk across your IoT and OT estate. Leverage automation for continuous monitoring and threat detection. By applying Zero Trust, you’ll implement IoT projects built with secure collaboration and resilience in mind.

For Lhoist, not only are they confident in the security of their IoT and OT systems, but they find they also benefit from a wealth of data that helps them optimise and streamline performance.

Partnerships

Hands shaking

According to (ISC)2, 64 percent of businesses claim to outsource more than a quarter of their daily business tasks to suppliers that require access to their business data.

And for security leaders, this is a concern. A World Economic Forum study found 88 percent of leaders concerned about the cyber resilience of SMEs in their ecosystems.

When working with partners, you must make sure they have well-defined security and privacy assurance requirements. At Microsoft, we use machine learning to scan active supplier contracts and ensure they meet our requirements periodically.

A Zero Trust approach helps ensure that only the right people are getting the right level of access

How to build resilience and security

To build resilience and secure collaboration in your IoT and IT/OT technology, we need to have the right approach. Build a strong foundation with Zero Trust and a comprehensive implementation of security tools that work across your entire digital environment.

Find out more

Unifying Operational Technology and IT Security

Microsoft Executive Summary Of Forrester’s The State of IoT Security, 2021 Report

Imagine security that drives innovation