Majority of industrial IoT security projects end in failure

According to new research, 93 percent of organizations have had failed industrial Internet of Things or operational technology (IIoT/OT) security projects.

The study from Barracuda Networks surveyed 800 seniors staff responsible for IIoT/OT security and finds that 94 percent admit experiencing a security incident in the last 12 months, while 87 percent of organizations that experienced an incident were impacted for more than one day.

In addition 89 percent of respondents are very or fairly concerned about the impact that the current threat landscape and geopolitical situation will have on their organizations.

"In the current threat landscape, critical infrastructure is an attractive target for cybercriminals, but unfortunately IIoT/OT security projects often take a backseat to other security initiatives or fail due to cost or complexity, leaving organizations at risk," says Tim Jefferson, SVP, engineering for data, networks and application security at Barracuda. "Issues such as the lack of network segmentation and the number of organizations that aren't requiring multifactor authentication leave networks open to attack and require immediate attention."

The need for further investment is acknowledged with 96 percent of business leaders saying that their organization needs to increase its investment in industrial security. 72 percent of organizations indicate that they have either already implemented or are in the process of implementing IIoT/OT security projects, but many are facing significant challenges when it comes to implementation, including basic cyber hygiene.

It's infrastructure critical industries that are leading the way in implementation, 50 percent of companies in oil and gas having completed security projects. However, only 24 percent in manufacturing and just 17 percent in healthcare have done so.

For those organizations which have completed IIoT and OT security projects, 75 percent have experienced no impact at all from a major incident.

"IIoT attacks go beyond the digital realm and can have real-world implications," says Klaus Gheri, VP network security at Barracuda. "As attacks continue to rise across industries, taking a proactive security approach when it comes to industrial security is critical for businesses to avoid being the next victim of an attack."

The full report is available on the Barracuda site and you can read more on the company's blog.

Image credit: totojang1977/depositphotos.com