90% of critical infrastructure operators suffer cyber attacks in last 2 years
Report finds majority of critical infrastructure security professionals organizations have suffered multiple cyber attacks
17 April 2019 | 0
Nine out of 10critical infrastructure security professionals claim their environments have been damaged by cyber attacks in the past two years, as disclosed by cyber exposure company Tenable.
The report, ‘Cybersecurity in Operational Technology: 7 Insights You Need to Know’, which is an independent study from the Ponemon institute, reveals the extent of cyber attacks critical infrastructure operators experienced.
Responses came from 701 firms that run industrial control systems (ICS) and operational technology (OT).
Results were revealing, finding 90% of respondent’s environments damaged by at least one cyber attack in the past two years, while 62% experienced repeat attacks in the time frame.
Further, 80% cited insufficient visibility into the attack surface as the central cause of experiencing business impacting cyber attacks.
Inadequate staffing was the major obstacle for 61%, while 55% said that reliance on manual process hindered their ability to assess and remediate vulnerabilities.
Moving forward, 70% of respondents name improving communication with executives and board members as a governance priority for 2019.
Convergence of IT and OT is part of today’s reality, but this has made once-isolated OT systems vulnerable to a number of attack paths. These findings serve as confirmation that threats to critical infrastructure are real, severe and ongoing.
Eitan Goldstein, senior director of strategic initiatives, Tenable, says, “OT professionals have spoken — the people who manage critical systems such as manufacturing plants and transportation almost unanimously state that they are fighting-off cyber attacks on a regular basis.”
Changes are needed, “organisations need visibility into their converged IT/OT environments to not only identify where vulnerabilities exist but also prioritise which to remediate first. The converged IT/OT cyber problem is one that cybersecurity and Critical Infrastructure teams must face together.”
Survey respondents were from the US, UK, Germany, Australia, Mexico and Japan, with more than 2,400 IT and info-security decision makers participating.