Despite the increasing number of cyberattacks on operational technology (OT), a majority of security decision-makers are “highly confident” that their organizations will not be targeted by one next year, reveals a new report.
Compiled by cybersecurity intelligence firm Skybox Security, the report surveyed CIOs and CISOs in the US, UK, Germany, and Australia, with the majority belonging to companies with $1 billion or more in revenue within the manufacturing, energy, and utility industries.
The most startling aspect of the survey is that even though 83% of the respondents admitted that they’ve faced at least one OT security breach in the prior 36 months, 56% expressed confidence that their organization will not experience an OT breach in the next year.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
"Our threat intelligence shows that new vulnerabilities in OT were up 46% versus the first half of 2020. Despite the rise in vulnerabilities and recent attacks, many security teams do not make OT security a corporate priority. Why? One of the surprising findings is that some security team personnel deny they are vulnerable yet admit to being breached. The belief that their infrastructure is safe — despite evidence to the contrary — has led to inadequate OT security measures," noted Skybox Security Research Lab Threat Intelligence Lead Sivan Nir.
Perception vs reality
The research also highlighted the widening gap between the perception of the security decision-makers, and the ground reality.
While 73% of all surveyed CIOs and CISOs were highly confident their OT security system will not be breached in the next year, the figure drops down to only 37% with plant managers, who have had a more hands-on experience with the repercussions of the attacks.
The survey also helps highlight the challenges that face OT security, including network complexity, functional silos, supply chain risk, and limited vulnerability remediation options.
In fact, as much as 78% of the respondents noted that complexities introduced because of multi-vendor technologies is a key challenge in securing their OT environment, while 39% said that a top barrier to improving security programs is that key decisions are made in individual business units with no central oversight.
"Just as evil thrives on apathy, ransomware attacks will continue to exploit OT vulnerabilities as long as inaction persists," remarked Skybox Security CEO and Founder Gidi Cohen.