90 percent of critical infrastructure hit by cyberattacks
A new survey of professionals in industries using industrial control systems (ICS) and operational technology (OT) finds 90 percent of respondents say their environment has been damaged by at least one cyberattack over the past two years, with 62 percent experiencing two or more attacks.
The study commissioned by Tenable from the Ponemon Institute also finds 80 percent of respondents cite lack of visibility into the attack surface, knowing what systems are part of their IT environments, as the number one issue in their inability to prevent business-impacting cyberattacks.
More than a third (37 percent) report at least one significant disruption caused by malware and almost a quarter of organizations (23 percent) report at least one nation-state attack. Over a fifth (23 percent) report at least one instance of economic espionage or an instance of cyber extortion (21 percent), such as a ransomware attack.
"OT professionals have spoken -- the people who manage critical systems such as manufacturing plants and transportation almost unanimously state that they are fighting-off cyberattacks on a regular basis," says Eitan Goldstein, senior director of strategic initiatives at Tenable. "Organizations need visibility into their converged IT/OT environments to not only identify where vulnerabilities exist but also prioritize which to remediate first. The converged IT/OT cyber problem is one that cybersecurity and critical infrastructure teams must face together."
A lack of personnel and a reliance on manual processes are cited by 61 percent and 55 percent of respondents respectively as major obstacles in their ability to assess and remediate vulnerabilities. Also 70 percent of respondents view increasing communication with executives and board members as one of their governance priorities for 2019.
The full report is available from the Tenable website.