To stay secure in an everchanging threat landscape, organisations must build cyber resilience and secure collaboration across their digital environment. In fact, many leaders view security as an enabler of business. Those who feel the most vulnerable are the most mature in their security posture – 83 percent according to our research.
Mature security organisations are realistic about securing in complex environments. In fact, in two years from now, many organisations believe some of their current vulnerabilities will be less of a liability. For example, 28 percent fewer respondents see networks as a significant security concern in two years as they do today.
What are the only vulnerabilities they expect to see the same or more of a challenge two years from now? Operational Technology (OT) and Internet of Things (IoT). Another increasingly common risk factor according to security leaders is the cyber resilience of their partner small and medium-sized enterprises (SMEs) in their ecosystem.
However, with Zero Trust principles and integrated security, organisations can help build cyber resilience and secure collaboration across their digital estate – including OT, IoT and partner access.
IT and OT
IT is the devices, networks, systems and apps that allow organisations to collaborate and work together. For example, the cloud, a computer, or server.
OT is the back end of the organisation. It’s the hardware and software that manages industrial equipment and systems. For example, industrial control systems or warehouse equipment.
As organisations connect their systems together, this can result in increased exposure to vulnerable OT systems. According to the Ponemon 2021 State of Industrial Cybersecurity, 63 percent of the respondents indicated that their organisation had at least one OT/ICS cybersecurity incident in the past two years.
At the same time, IoT resides in both IT and OT environments. With the added stress of privacy concerns and regulatory requirements, organisations need a holistic approach that unifies IT and OT security.
Multiple layers of defences such as multifactor authentication, endpoint protection, patching, monitoring, identity-based protections and network segmentation can help build resilience and secure collaboration.
Lime and minerals producer Lhoist wanted to ensure their critical OT systems were secure. With Microsoft Azure Defender for IoT, they boosted security while also helping bridge the IT/OT divide.
“We had a malware outbreak occur while we were running proofs of concept to select our OT security solution. Azure Defender for IoT performed well, immediately detecting the suspicious traffic. We were able to pull the plug on the malware before it could stop production,” says Clément Herssens, CISO.
IoT is now deeply embedding into organisations, bringing convenience and functionality. However, they’re also an entry point for cyber criminals. Our research found 20 million devices that use the default password ‘admin’ in just 45 days of signals. That’s 20 million vulnerabilities.
To ensure critical systems and infrastructure keep running, it is essential for all IoT devices designed, evaluated, and operated securely. IoT manufacturers and cybersecurity experts developed sets of best practice standards for IoT device cybersecurity, which is reflected across policy, such as the European Technology Standards Institute for consumer IoT security.
Build cyber resilience by gaining visibility into assets and risk across your IoT and OT estate. Leverage automation for continuous monitoring and threat detection. By applying Zero Trust, you’ll implement IoT projects built with secure collaboration and resilience in mind.
For Lhoist, not only are they confident in the security of their IoT and OT systems, but they find they also benefit from a wealth of data that helps them optimise and streamline performance.
According to (ISC)2, 64 percent of businesses claim to outsource more than a quarter of their daily business tasks to suppliers that require access to their business data.
And for security leaders, this is a concern. A World Economic Forum study found 88 percent of leaders concerned about the cyber resilience of SMEs in their ecosystems.
When working with partners, you must make sure they have well-defined security and privacy assurance requirements. At Microsoft, we use machine learning to scan active supplier contracts and ensure they meet our requirements periodically.
A Zero Trust approach helps ensure that only the right people are getting the right level of access
How to build resilience and security
To build resilience and secure collaboration in your IoT and IT/OT technology, we need to have the right approach. Build a strong foundation with Zero Trust and a comprehensive implementation of security tools that work across your entire digital environment.