IT Infrastructure Security Strategies for 2025

Since the ’90s I’ve built, shipped, and occasionally exploited just about every kind of identity control. We’re now pretty good at building gates around privilege, but not nearly as good at removing it once the job is done. This hurts in 2025. Privileged access no longer lives only with well-defined admin accounts. It threads through every developer workflow, CI/CD script, SaaS connector, and microservice. The result: standing privilege is inevitable, an orphaned token here, a break-glass account there, quietly turning into “forever creds.” Here’s what’s working in the field: → One JIT policy engine that spans cloud, SaaS, and on-prem - no more cloud-specific silos.  ↳ Same approval workflow everywhere, so nobody bypasses “the one tricky platform.”  ↳ Central log stream = single source of truth for auditors and threat hunters. → Bundle-based access: server + DB + repo granted (and revoked) as one unit.  ↳ Devs get everything they need in one click - no shadow roles spun up on the side.  ↳ When the bundle expires, all linked privileges disappear, killing stragglers. → Continuous discovery & auto-kill for any threat that slips through #1 or #2.  ↳ Scan surfaces for compromised creds, role drifts, and partially off-boarded accounts.  ↳ Privilege paths are ranked by risk so teams can cut off the dangerous ones first. Killing standing privilege isn’t a tech mystery anymore, it’s an operational discipline.  What else would you put on the “modern PAM” checklist?

The 2025 Honeywell Cyber Threat Report reveals a stark reality: the industrial sector is facing a cybersecurity reckoning. Cyberattacks on operational technology (OT) environments have intensified—ransomware surged 46% in six months, while attacks on water systems, transportation networks, and manufacturing plants have caused real-world disruptions. Threat actors are no longer simply infiltrating; they are interrupting critical services and endangering safety and continuity. One notable trend is the rise in USB-based malware and credential-stealing Trojans like Win32.Worm.Ramnit, which surged 3,000% in frequency. In parallel, over 1,800 distinct threats were detected through Honeywell’s Secure Media Exchange (SMX), with alarming infiltration routes observed across removable media, remote access exploits, and compromised credentials. What’s driving this escalation? • Legacy systems with limited security controls remain widely deployed. • Converged IT/OT environments increase the attack surface. • Regulatory pressure, such as the SEC’s cybersecurity disclosure rule, is raising the stakes for leadership teams. The implication is clear: defending the industrial enterprise requires more than traditional cybersecurity postures. It demands a shift toward cyber resilience—a proactive, integrated approach that embeds security into the DNA of operations. At a minimum, organizations must act on five imperatives: 1. Adopt Zero Trust principles—no device, user, or process should be implicitly trusted. 2. Implement strict segmentation between IT and OT networks. 3. Elevate threat visibility with continuous monitoring, detection, and response tools. 4. Enforce multi-factor authentication and access governance. 5. Ensure secure USB/media handling and endpoint control at every entry point. This is not a technology problem alone—it is an operational and leadership mandate. Every breach is now a business risk. Boards, CISOs, and plant leaders must align around a single objective: operational continuity through cyber integrity. Honeywell remains committed to advancing industrial cyber maturity through our ecosystem of threat detection, monitoring, and managed response capabilities. But securing the future will require collective effort—from regulators, vendors, operators, and industry consortia. As the report concludes, it’s not a matter of if your OT environment will be targeted. The question is—will you be ready?

Last week's announcement by Microsoft of a critical SharePoint zero‑day (CVE‑2025‑53770, CVSS of 9.8) carries several important lessons. 1️⃣ Patched != fixed. In this case, CVE-2025-53770 appears to be a patch bypass of a vulnerability previously announced, CVE-2025-49704 (CVSS of 8.8), as patched in July 2025. 2️⃣ Chaining multiple low, medium, and / or high vulnerabilities can result in a critical exposure. The previous vulnerability, CVE-2025-49704, was part of an exploit chain involving an authentication bypass (CVE-2025-49706, CVSS of 6.5), and a deserialization of untrusted data vulnerability (CVE-2025-49704) to achieve unauthenticated remote code execution (RCE). 3️⃣ Ongoing testing matters—even for decades‑old apps. This latest incident is a powerful reminder that legacy systems aren’t “safe” just because they've been around for years. In cybersecurity, the ground is always shifting. Attackers rapidly weaponized known weaknesses by chaining together bugs even after patches were released. Threat actors are innovating by bypassing existing patches, highlighting deficiencies in initial fixes. And many organizations still run this vulnerable version of on‑prem SharePoint—software that’s over a decade old—because it's deeply embedded in critical workflows. Advice for cyberdefenders: ➡️ Adopt continuous security testing. Don’t rely solely on patch Tuesday—use red‑teaming, fuzzing, and third‑party pentests, especially for legacy systems. ➡️ Prioritize rapid patching and layered defenses. For example, in this case, apply updates immediately, enable AMSI in full mode, use Defender AV/Endpoint, and rotate ASP.NET machine keys. ➡️ Monitor & respond as if breached. Assume compromise on exposed servers, hunt for indicators like unauthorized .aspx files, rotated keys, and odd IIS behavior. ➡️ De‑risk old infrastructure. Where possible, migrate legacy workloads to cloud-native platforms or implement strict isolations and network controls. In today’s threat landscape, age doesn’t grant immunity. Decades-old apps can harbor fresh risks. A strategy of continuous validation, layered controls, and proactive assumption of compromise is essential to stay ahead of agile adversaries. #CyberSecurity #SharePoint #ZeroDay #LegacySystems #InfoSec #DevSecOps

𝗛𝗮𝗽𝗽𝘆 𝗡𝗲𝘄 𝗬𝗲𝗮𝗿 to all Cyber Warriors, Developers, Partners, and Customers fighting adversaries 24x7x365! As we step into 2025, I’m excited about opportunities to innovate, learn from each other and strengthen our defenses. On 𝗗𝗮𝘆 𝟵, let’s focus on Identity and Access Management (IAM), the cornerstone of Zero Trust Architecture (ZTA). ZTA enforces “𝗻𝗲𝘃𝗲𝗿 𝘁𝗿𝘂𝘀𝘁, 𝗮𝗹𝘄𝗮𝘆𝘀 𝘃𝗲𝗿𝗶𝗳𝘆,” ensuring access requests are continuously validated. A recent survey revealed that 𝟴𝟬% 𝗼𝗳 𝗰𝘆𝗯𝗲𝗿𝗮𝘁𝘁𝗮𝗰𝗸𝘀 𝗹𝗲𝘃𝗲𝗿𝗮𝗴𝗲 𝗶𝗱𝗲𝗻𝘁𝗶𝘁𝘆-𝗯𝗮𝘀𝗲𝗱 𝗺𝗲𝘁𝗵𝗼𝗱𝘀, highlighting the importance of robust IAM practices. Weak IAM policies enable ransomware, cloud security breaches, lateral movements, and insider threats due to excessive privileges. As Sun Microsystems (my former employer) declared, “The Network is the Computer. In today’s cloud-first world, where traditional perimeters fade, 𝗜𝗱𝗲𝗻𝘁𝗶𝘁𝘆 𝗶𝘀 𝘁𝗵𝗲 𝗻𝗲𝘄 𝗽𝗲𝗿𝗶𝗺𝗲𝘁𝗲𝗿. Best Practices for Identity as the New Perimeter 1. Enforce Least Privilege Access • Grant users the minimum access needed for their roles leveraging role-based (RBAC) or attribute-based access control (ABAC) • Leverage GenAI to reduce business friction to help RBAC scale with fine-grained access needs. 2. Leverage Single Sign-On (SSO) • Simplify access through centralized SSO, using standards like SAML and OIDC with MFA. • Integrate acquired companies seamlessly using federated identity. • Combine SSO with adaptive authentication to validate device trust and geolocation. 3. Implement Multi-Factor Authentication (MFA) • Require MFA for all users, especially privileged accounts. • Adopt phishing-resistant options like FIDO2 security keys or biometric authentication. • Integrate MFA with conditional access policies for enhanced control. 4. Secure Privileged Access and Automate Management • Use Just-in-Time (JIT) provisioning for temporary elevated privileges. • Automate identity lifecycle tasks like provisioning, deprovisioning, and access certifications. 5. Reduce Friction Without Sacrificing Security • Implement adaptive authentication to balance security and user experience. • Simplify onboarding with SSO and pre-configured roles for employees and external partners. • Streamline approval workflows to enhance user experience and scalability. 6. Seamless Integration for Acquired Companies • Use federated identity to securely link systems across boundaries. • Establish templates and repeatable workflows to align with enterprise-wide policies. Building a strong IAM foundation ensures not only better security but also business agility. By focusing on strong IAM practices, organizations can be resilient in today’s interconnected world. 𝗦𝗲𝗰𝘂𝗿𝗲 𝗶𝗱𝗲𝗻𝘁𝗶𝘁𝘆, 𝘀𝗲𝗰𝘂𝗿𝗲 𝗯𝘂𝘀𝗶𝗻𝗲𝘀𝘀. #VISA, #Cybersecurity, #12DaysofCybersecrityChristmas #IAM #PaymentSecurity #HappyNewYear!