The vast greater part (86%) of critical national infrastructure (CNI) organizations in the Uk have expert cyber-assaults on their operational technology (OT) and industrial management programs (ICS) in the past 12 months, according to a new study by Bridewell Consulting.
Worryingly, extra than 9 in 10 (93%) of all those that skilled assaults in this period of time admitted that at the very least just one was prosperous.
The survey of 250 Uk IT final decision makers in the aviation, chemical, vitality, transportation and h2o sectors also located that a significant proportion of corporations use legacy OT methods. A 3rd (34%) count on systems that are concerning 11-20 decades previous, while 79% use methods aged in between 6-20 many years.
CNI organizations’ legacy infrastructure is also turning out to be more and more related, which is likely widening the attack surface, with 84% confirming their OT/ICS environments are available from corporate networks. Furthermore, just 42% of all those surveyed explained their OT/ICS methods are not at the moment available from the internet, and above fifty percent of individuals plan to make them obtainable in the foreseeable future.
The researchers also uncovered that practically a 3rd (32%) of CNI companies have decreased their security budgets because the start of the COVID-19 pandemic, which has led to 85% of IT and security groups sensation growing tension to boost cybersecurity controls for their OT/ICS environment.
Lack of abilities and expanding responsibilities was one more problem outlined by IT choice makers (both equally cited by 23% of respondents), and 84% of CNI businesses imagine they will be impacted by a critical cyber-abilities shortage in the subsequent a few to five several years.
Regardless of this troubling landscape, much more than three-quarters (78%) of respondents expressed assurance that their OT methods are guarded from cyber-threats.
Scott Nicholson, Co-CEO at Bridewell Consulting, commented: “The report highlights some nuances concerning how some CNI businesses understand their cybersecurity posture vs . truth. Security vulnerabilities, while difficult to remediate in some CNI organizations, could have severe implications, not just in phrases of substantial financial fines but also threats to general public protection and even reduction of existence, so businesses merely simply cannot pay for to be complacent.”
Some parts of this article are sourced from:
www.infosecurity-journal.com