The vast greater part (86%) of critical national infrastructure (CNI) companies in the UK have expert cyber-attacks on their operational technology (OT) and industrial manage methods (ICS) in the past 12 months, in accordance to a new review by Bridewell Consulting.
Worryingly, a lot more than nine in 10 (93%) of people that skilled attacks in this period admitted that at the very least a person was profitable.
The survey of 250 UK IT choice makers in the aviation, chemical, electrical power, transportation and h2o sectors also identified that a sizeable proportion of companies use legacy OT programs. A third (34%) count on programs that are between 11-20 years old, whilst 79% use techniques aged among six-20 yrs.
CNI organizations’ legacy infrastructure is also getting to be ever more related, which is possibly widening the attack floor, with 84% confirming their OT/ICS environments are accessible from company networks. Furthermore, just 42% of these surveyed said their OT/ICS devices are not currently obtainable from the internet, and around fifty percent of people plan to make them available in the potential.
The researchers also disclosed that just about a 3rd (32%) of CNI companies have minimized their security budgets due to the fact the get started of the COVID-19 pandemic, which has led to 85% of IT and security groups sensation increasing strain to enhance cybersecurity controls for their OT/ICS environment.
Deficiency of techniques and increasing tasks was an additional challenge outlined by IT conclusion makers (both of those cited by 23% of respondents), and 84% of CNI companies consider they will be impacted by a critical cyber-skills lack in the upcoming three to five a long time.
In spite of this troubling landscape, much more than three-quarters (78%) of respondents expressed assurance that their OT devices are shielded from cyber-threats.
Scott Nicholson, Co-CEO at Bridewell Consulting, commented: “The report highlights some nuances between how some CNI organizations perceive their cybersecurity posture as opposed to reality. Security vulnerabilities, although tough to remediate within some CNI businesses, could have critical implications, not just in phrases of sizeable monetary fines but also pitfalls to general public basic safety and even reduction of daily life, so businesses just are unable to afford to pay for to be complacent.”
Some pieces of this article are sourced from: