Trace Id is missing

Critical Cybersecurity Challenges

Growing attacks on the highly vulnerable intersection of information technology and operational technology emphasize the importance of a comprehensive defense strategy.

Download the report Download the executive summary
Critical infrastructure devices can be vulnerable to cyber threats at any stage of their lifecycle, including design, distribution, and operation. This means that even the most secure devices can be at risk.

Critical infrastructure devices susceptible to compromise

Device vulnerabilities in industrial control networks

Of the 78% of devices that are vulnerable, 46% have CVEs that cannot be patched, and 32% could be patched. Of the 22% that are not vulnerable, 15% are devices with no CVEs, and 7% are devices that have been patched by customers.
Person carrying a backpak, walking quickly in a lit hallway.

Missing security patch deployment in OT environments

True resilience requires a holistic approach to operational technology (OT) risk management, encompassing asset visibility, patch levels, vulnerability monitoring, and the availability of updates.

While the prospect of interrupting essential processes or requiring recertification may be daunting, the consequences of leaving exploitable vulnerabilities unchecked pose a far greater risk. Organizations must recognize the imperative nature of a robust OT patch management system as an essential component of their overall cybersecurity strategy.

Learn more in the full report

Global advances for critical infrastructure resilience

To address IoT and OT security threats, governments and industry are advancing multiple standards and policy initiatives. As the market is changing, governments are moving toward mandatory requirements, where noncompliance could result in losing access to a market segment or financial penalties. These requirements will create significant market pressure on IoT and OT device manufacturers to adopt cybersecurity best practices.

More about this diagram
Critical infrastructure security regulation in Asia-Pacific. Countries that advanced critical infrastructure cybersecurity risk requirements include China, Indonesia, Japan, Philippines, and Thailand. India advanced cyber incident reporting requirements. Countries that advanced both include Australia, Korea, Singapore, and New Zealand.

Innovating for supply chain resilience

Computer software programmer looking at two screens.

Innovating for supply chain resilience

Given attacks targeting open-source software (OSS) have grown 742 percent on average, securing how developers consume OSS is arguably the most important aspect of any organization’s software supply chain.

Woman thinking in a meeting.

Software bills of materials

Microsoft is an advocate for software bills of materials (SBOMs), which provide software transparency to customers. SBOMs enable organizations to manage their supply chain risk for the software that’s deployed across their enterprise.

Modern AI for strengthening the supply chain security landscape

Protecting supply chains depends on strong partnerships between suppliers and their customers. We have been investing in strengthening our digital supply chains by incorporating controls to mitigate evolving AI and privacy risks into our supplier governance processes and providing our suppliers with security awareness training. These controls and training help ensure that our suppliers make the same commitment to safe, secure, and trustworthy AI systems and supply chains that Microsoft has.

Robotic arms on an assembly line building tech components.

Explore other Microsoft Digital Defense Report chapters

Introduction

The power of partnerships is key to overcoming adversity by strengthening defenses and holding cybercriminals accountable.

Learn more

The State of Cybercrime

While cybercriminals remain hard at work, the public and private sectors are coming together to disrupt their technologies and support the victims of cybercrime.

Learn more

Nation State Threats

Nation state cyber operations are bringing governments and tech industry players together to build resilience against threats to online security.

Learn more

Critical Cybersecurity Challenges

As we navigate the ever-changing cybersecurity landscape, holistic defense is a must for resilient organizations, supply chains, and infrastructure.

Learn more

Innovating for Security and Resilience

As modern AI takes a massive leap forward, it will play a vital role in defending and ensuring the resilience of businesses and society.

Learn more

Collective Defense

As cyberthreats evolve, collaboration is strengthening knowledge and mitigation across the global security ecosystem.

Learn more

More on security

Our commitment to earn trust

Microsoft is committed to the responsible use of AI, protecting privacy, and advancing digital safety and cybersecurity.

Learn more

Cyber Signals

A quarterly cyberthreat intelligence brief informed by the latest Microsoft threat data and research. Cyber Signals gives trends analysis and guidance to help strengthen the first line of defense.

Browse reports

Nation State Reports

Semi-annual reports on specific nation state actors that serve to warn our customers and the global community of threats posed by influence operations and cyber activity, identifying specific sectors and regions at heightened risk.

Browse reports

Microsoft Digital Defense Reports archive

Explore previous Microsoft Digital Defense Reports and see how the threat landscape and online safety has changed in a few short years.

Browse reports

Follow Microsoft Security