83% of Vital Infrastructure Organizations Suffered Breaches, 2021 Cybersecurity Analysis Reveals

Are Baby Boomers More Vulnerable Online Than Younger Generations? You Might Be Surprised

Information Abstract:

  • Overconfidence foreshadows future breaches: 73% of CIOs and CISOs “extremely assured” they won’t endure an OT breach within the subsequent yr
  • Cybersecurity remains to be an afterthought: Cyber insurance coverage is taken into account a enough answer by 40%
  • Complexity will increase threat: 78% of respondents challenged by multivendor complexity
  • Obtain the total report: Operational know-how cybersecurity threat considerably underestimated

SAN JOSE, Calif., Nov. 9, 2021 – A brand new analysis examine by Skybox Safety discovered that 83% of organizations suffered an operational know-how (OT) cybersecurity breach within the prior 36 months. The analysis additionally uncovered that organizations underestimate the chance of a cyberattack, with 73% of CIOs and CISOs “extremely assured” their organizations is not going to endure an OT breach within the subsequent yr.

“Not solely do enterprises depend on OT, the general public at massive depends on this know-how for important providers together with vitality and water. Sadly, cybercriminals are all too conscious that essential infrastructure safety is mostly weak. Because of this, risk actors imagine ransomware assaults on OT are extremely prone to repay,” stated Skybox Safety CEO and Founder Gidi Cohen. “Simply as evil thrives on apathy, ransomware assaults will proceed to take advantage of OT vulnerabilities so long as inaction persists.”

The brand new analysis, Operational know-how cybersecurity threat considerably underestimated, finds the uphill battle that OT safety faces – comprised of community complexity, practical silos, provide chain threat, and restricted vulnerability remediation choices. Menace actors benefit from these OT weaknesses in ways in which do not simply imperil particular person corporations – however threaten public well being, security, and the financial system.

Key takeaways from the 2021 examine embrace:

Organizations underestimate the chance of a cyberattack
Fifty-six % of all respondents had been “extremely assured” their group is not going to expertise an OT breach within the subsequent yr. But, 83% additionally stated they’d no less than one OT safety breach within the prior 36 months. Regardless of the criticality of those services, the safety practices in place are sometimes weak or nonexistent.

CISO disconnect between notion and actuality
Seventy-three % of CIOs and CISOs are extremely assured their OT safety system is not going to be breached within the subsequent yr. In comparison with solely 37% of plant managers, who’ve extra firsthand experiences with the repercussion of assaults. Whereas some refuse to imagine their OT techniques are weak, others say the subsequent breach is across the nook.

Compliance doesn’t equal safety
Up to now, compliance requirements have confirmed inadequate in stopping safety incidents. Sustaining compliance with rules and necessities was the most typical high concern of all respondents. Regulatory compliance necessities will proceed to extend in gentle of current assaults on essential infrastructure.

Complexity will increase safety threat
Seventy-eight % stated complexity on account of multivendor applied sciences is a problem in securing their OT atmosphere. As well as, 39% of all respondents stated {that a} high barrier to enhancing safety applications is choices are made in particular person enterprise items with no central oversight.

Cyber legal responsibility insurance coverage is taken into account enough by some
Thirty-four % of respondents stated that cyber legal responsibility insurance coverage is taken into account a enough answer. Nonetheless, cyber legal responsibility insurance coverage doesn’t cowl pricey “misplaced enterprise” that outcomes from a ransomware assault, which is likely one of the high three considerations of the survey respondents.

Publicity and path evaluation are high cybersecurity priorities
Forty-five % of CISOs and CIOs say the shortcoming to conduct path evaluation throughout the atmosphere to grasp precise publicity is considered one of their high three safety considerations. Additional, CISOs and CIOs stated disjointed structure throughout OT and IT environments (48%) and the convergence of IT applied sciences (40%) are two of their high three biggest safety dangers.

Purposeful silos result in course of gaps and know-how complexity
CIOs, CISOs, Architects, Engineers, and Plant Managers all checklist practical silos amongst their high challenges in securing OT infrastructure. Managing OT safety is a staff sport. If the staff members are utilizing totally different playbooks, they’re unlikely to win collectively.

Provide chain and third-party threat is a significant risk
Forty % of respondents stated that offer chain/third-party entry to the community is likely one of the high three highest safety dangers. But, solely 46% stated their group as a third-party entry coverage that utilized to OT.

Supporting quotes

Navistar, Inc., Info Safety Supervisor Robert Lynch: “Some CISOs might have false confidence as a result of though they’ve already been breached, they haven’t recognized this but; typically hackers are there for a protracted interval establishing their foothold. It’s harmful to be assured because the dangerous guys are so good.”

Skybox Safety Analysis Lab Menace Intelligence Lead Sivan Nir: “Our risk intelligence exhibits that new vulnerabilities in OT had been up 46% versus the primary half of 2020. Regardless of the rise in vulnerabilities and up to date assaults, many safety groups don’t make OT safety a company precedence. Why? One of many stunning findings is that some safety staff personnel deny they’re weak but admit to being breached. The idea that their infrastructure is secure — regardless of proof on the contrary — has led to insufficient OT safety measures.”

To study extra, obtain the total analysis examine.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts