A survey finds that the majority of operators have been hit by two or more cyber attacks over the past two years.
Nine in 10 critical infrastructure providers have experienced cyber attacks which have rendered their systems out of action in the last two years, new research finds.
The survey of security professionals from six countries also revealed that more than three-fifths of respondents (62 per cent) had been hit by two or more cyber attacks in the same period.
Personnel from energy, utilities, transport, industrial and health sectors were quizzed for the report, Cybersecurity in Operational Technology: 7 Insights You Need to Know, commissioned by Tenable and conducted by the Ponemon Institute.
Half of respondents had experienced an attack against operation technology (OT) infrastructure that resulted in downtime to plant and/or operational equipment.
Nearly one quarter (23 per cent) reported that they had fallen victim to a nation-state attack.
“The people who manage critical systems such as manufacturing plants and transportation almost unanimously state that they are fighting off cyber-attacks on a regular basis”
The report found several major factors that left infrastructure providers vulnerable to attack. Chief among them was poor visibility into the organisation’s attack surface – cited by four-fifths of respondents, followed by cyber-security skills shortages (61 per cent) that were “exacerbated by reliance on manual processes to assess and remediate vulnerabilities”.
“OT professionals have spoken – the people who manage critical systems such as manufacturing plants and transportation almost unanimously state that they are fighting off cyber attacks on a regular basis,” said Eitan Goldstein, senior director of strategic initiatives, Tenable.
“Organisations need visibility into their converged IT/OT environments to not only identify where vulnerabilities exist but also prioritise which to remediate first. The converged IT/OT cyber problem is one that cyber-security and critical infrastructure teams must face together.”
The report is based on a survey of 710 IT and IT security decision-makers. Respondents were from the US, UK, Germany, Australia, Mexico and Japan, and all have involvement in the evaluation and/or management of investments in cyber-security solutions within their organisations.
You might also like: