New study identifies the true extent of cyber-attacks

Muscat: Tenable, the cyber exposure company, released recently the ‘Cyber-security in Operational Technology: 7 Insights You Need to Know’ report, an independent study by the Ponemon Institute.
The study identifies the true extent of cyber-attacks experienced by critical infrastructure operators — professionals in industries using industrial control systems (ICS) and operational technology (OT). It found that 90 per cent of respondents stated their environments had been damaged by at least one cyber-attack over the past two years, with 62 per cent experiencing two or more attacks.
Key highlights
More than 80 per cent of respondents cited lack of visibility into the attack surface, knowing what systems are part of their IT environments, as the number one issue in their inability to prevent business-impacting cyber-attacks.
Lack of personnel and a reliance on manual processes were cited by 61 per cent and 55 per cent of respondents respectively as major obstacles in their ability to assess and remediate vulnerabilities.
Nearly 70 per cent of respondents view increasing communication with executives and board members as one of their governance priorities for 2019.
The convergence of IT and OT is a reality in today’s digital era. But this convergence has connected once-isolated OT systems to a variety of attack paths. This Ponemon study, based entirely on the self-reported experiences and observations of ICS and OT experts themselves, confirms that the threats to critical infrastructure are real, severe and ongoing.
“OT professionals have spoken — the people who manage critical systems such as manufacturing plants and transportation almost unanimously state that they are fighting-off cyber attacks on a regular basis,” said Eitan Goldstein, senior director of strategic initiatives, Tenable.
“Organisations need visibility into their converged IT/OT environments to not only identify where vulnerabilities exist but also prioritise which to remediate first. The converged IT/OT cyber problem is one that cyber-security and critical infrastructure teams must face together,” he added.