83% of basic infrastructure organizations suffered breaches, 2021 c…

Supply chain and third-party risk is a major threat to operational technology

News summary

  • Overconfidence foreshadows future breaches: 73% of CIOs and CISOs “highly confident” they will not suffer an OT breach in the next year
  • Cybersecurity is nevertheless an afterthought: Cyber insurance is considered a sufficient solution by 40%
  • Complexity increases risk: 78% of respondents challenged by multivendor complexity

  • Download the complete report: Operational technology cybersecurity risk considerably underestimated
    SAN JOSE, Calif., Nov. 9, 2021 /PRNewswire/ — A new research study by Skybox Security found that 83% of organizations suffered an operational technology (OT) cybersecurity breach in the prior 36 months. The research also uncovered that organizations underestimate the risk of a cyberattack, with 73% of CIOs and CISOs “highly confident” their organizations will not suffer an OT breach in the next year.

“Not only do enterprises rely on OT, the public at large relies on this technology for vital sets including energy and water. Unfortunately, cybercriminals are all too aware that basic infrastructure security is generally ineffective. As a consequence, threat actors believe ransomware attacks on OT are highly likely to pay off,” said Skybox Security CEO and Founder Gidi Cohen. “Just as evil thrives on apathy, ransomware attacks will continue to adventure OT vulnerabilities as long as inaction persists.”

The new research, Operational technology cybersecurity risk considerably underestimated, unearths the uphill battle that OT security faces – comprised of network complexity, functional silos, supply chain risk, and limited vulnerability remediation options. Threat actors take advantage of these OT weaknesses in ways that don’t just imperil individual companies – but threaten public health, safety, and the economy. 

meaningful takeaways from the 2021 study include:
Organizations underestimate the risk of a cyberattackFifty-six percent of all respondents were “highly confident” their organization will not experience an OT breach in the next year. however, 83% also said they had at the minimum one OT security breach in the prior 36 months. Despite the criticality of these facilities, the security practices in place are often ineffective or nonexistent. CISO disconnect between perception and realitySeventy-three percent of CIOs and CISOs are highly confident their OT security system will not be breached in the next year. Compared to only 37% of plant managers, who have more firsthand experiences with the repercussion of attacks. While some refuse to believe their OT systems are unprotected, others say the next breach is around the corner. Compliance does not equal securityTo date, compliance standards have proven insufficient in preventing security incidents. Maintaining compliance with regulations and requirements was the most shared top concern of all respondents. Regulatory compliance requirements will continue to increase in light of recent attacks on basic infrastructure.  Complexity increases security risk  Seventy-eight percent said complexity due to multivendor technologies is a challenge in securing their OT ecosystem. In addition, 39% of all respondents said that a top obstacle to improving security programs is decisions are made in individual business units with no central oversight. Cyber liability insurance is considered sufficient by some  Thirty-four percent of respondents said that cyber liability insurance is considered a sufficient solution. However, cyber liability insurance does not cover costly “lost business” that results from a ransomware attack, which is one of the top three concerns of the survey respondents. Exposure and path examination are top cybersecurity priorities  Forty-five percent of CISOs and CIOs say the inability to conduct path examination across the ecosystem to understand actual exposure is one of their top three security concerns. Further, CISOs and CIOs said disjointed architecture across OT and IT environments (48%) and the convergence of IT technologies (40%) are two of their top three greatest security risks. Functional silos rule to course of action gaps and technology complexity CIOs, CISOs, Architects, Engineers, and Plant Managers all list functional silos among their top challenges in securing OT infrastructure. Managing OT security is a team sport. If the team members are using different playbooks, they are doubtful to win together. Supply chain and third-party risk is a major threat  Forty percent of respondents said that supply chain/third-party access to the network is one of the top three highest security risks. however, only 46% said their organization as a third-party access policy that applied to OT. Supporting quotes
Navistar, Inc., Information Security Manager Robert Lynch: “Some CISOs could have false confidence because already though they’ve already been breached, they have not identified this however; sometimes hackers are there for a long period establishing their foothold. It is dangerous to be confident as the bad guys are so good.” Skybox Security Research Lab Threat Intelligence rule Sivan Nir: “Our threat intelligence shows that new vulnerabilities in OT were up 46% versus the first half of 2020. Despite the rise in vulnerabilities and recent attacks, many security teams do not make OT security a corporate priority. Why? One of the surprising findings is that some security team personnel deny they are unprotected however let in to being breached. The belief that their infrastructure is safe — despite evidence to the contrary — has led to inadequate OT security measures.”To learn more, download the complete research study.

Methodology   The research study included responses from 179 OT security decision-makers in the U.S., U.K., Germany, and Australia. The majority of the respondents (152) were from companies with $1B or more in revenue within the manufacturing, energy, and utility industries. 

About Skybox Security  Over 500 of the largest and most security-conscious enterprises in the world rely on Skybox for the insights and assurance required to stay ahead of dynamically changing attack surfaces. At Skybox, we don’t just serve up data and information. We provide the intelligence and context to make informed decisions, taking the guesswork out of securely enabling enterprises at extent and speed. Our unified security posture management platform delivers complete visibility, analytics, and automation to quickly map, prioritize, and remediate vulnerabilities across your organization. The vendor-agnostic platform intelligently optimizes security policies, actions, and change processes across all corporate and cloud environments. With Skybox, security teams can focus on the most strategic business initiatives while ensuring that enterprises keep protected. 

We are Skybox. obtain more, limit less. https://www.skyboxsecurity.com/

Media & analyst contact   Ashley Nakano  Corporate Communications Director  [email protected] 

© 2021 Skybox Security, Inc. All rights reserved. Skybox Security and the Skybox Security logo are either registered trademarks or trademarks of Skybox Security, Inc., in the United States and/or other countries. All other trademarks are the character of their respective owners. Product specifications unprotected to change at any time without prior notice.

Logo – https://mma.prnewswire.com/media/1011662/Skybox_Security_logo.jpg

 

Disclaimer:
This Press Release has not been vetted or endorsed by The Eastern Herald’s editorial staff.

Follow us on:

Eastern Herald on Google News

Click: See details

Leave a Reply