Most IT and security leaders in critical infrastructure (CNI) businesses are underestimating the scale of the cyber-risk, in spite of having endured breaches above the previous 3 several years, according to Skybox Security.
Cybersecurity vendor, Skybox Security, polled 179 operational technology (OT) security conclusion-makers in the US, UK, Germany, and Australia with most hailing from businesses with $1bn or a lot more in revenue from the producing, electrical power, and utility industries.
The study identified that 73% of CIOs and CISOs are “extremely self-assured” their organizations will not put up with an OT breach upcoming calendar year, inspite of 83% having endured this kind of an incident above the past 36 months.
Tellingly, just 37% of hands-on plant managers ended up equally assured, highlighting the disconnect among notion and fact at a senior choice-making degree.
A 3rd (34%) of respondents also appeared to be more than-relying on insurance as a security ‘strategy,’ professing it is a enough solution.
Even so, some did figure out escalating cyber-threats. Two-fifths (40%) noted that supply chain/3rd-party network accessibility is just one of their top a few security threats, but much less than 50 % (46%) stated their business has a third-party access plan relevant to OT.
Silos and tech complexity also weighed heavily on respondents: 78% mentioned multi-vendor environments make it more tough to secure their organization and half (48%) complained of disjointed architecture across OT and IT environments.
A additional 40% claimed IT-OT convergence was a best-a few risk. As legacy OT technology is enhanced with connectivity, it results in being exposed to internet-primarily based threats capable of exploiting unpatched systems. Patching can be problematic on OT kit as considerably of it is mission critical and there are compatibility issues with legacy apps and working units.
Skybox Security Analysis Lab menace intelligence direct, Sivan Nir, argued that new OT vulnerabilities have been up 46% in the initially 50 % of 2020.
“Despite the rise in vulnerabilities and recent attacks, a lot of security groups do not make OT security a company priority. Why? One of the stunning findings is that some security crew personnel deny they are susceptible nevertheless admit to currently being breached,” he extra.
“The perception that their infrastructure is risk-free — despite proof to the contrary — has led to insufficient OT security measures.”
Some elements of this write-up are sourced from: