GCA's IoT Work Makes It to the 2021 Microsoft Digital Defense Report

Yesterday, the Microsoft Digital Defense Report 2021 was published in the Microsoft on the Issues blog.

The report is a complete and up-to-date piece of research on a selection of key cybersecurity issues that encompasses learnings from security experts, practitioners, and defenders at Microsoft to empower people everywhere to defend against cyberthreats.

The report has six chapters that will offer readers a deep understanding of the current cyber threat landscape:

  • The state of cybercrime
  • Nation state threats
  • Supply chain, IoT, and OT security
  • Hybrid workforce security
  • Disinformation
  • Actionable insights

GCA’s IoT Policy and Attack Report, published last Monday, is featured on the ‘IoT security policy considerations’ section of the ‘Supply chain, IoT, and OT security’ chapter. Microsoft’s conclusions on GCA’s work were perfectly clear:

GCA’s analysis of real attack data shows that default passwords factory-set by device manufacturers and never changed by users, along with weak passwords set by users, together represent the most exploited security vulnerability for IoT devices. Policy and regulatory frameworks can help drive adoption and harmonize implementation of the requirements in IoT device security standards such as NISTIR 8259, ETSI EN 303 645, and ISO/IEC 27402 to promote secured access control best practices and address this risk.

You can access the complete Microsoft Digital Defense Report 2021 by clicking the link below: