Economic uncertainty adds to cyber-physical systems risk

New research released today by Claroty looks at the impacts of economic and geopolitical uncertainty on organizations' ability to protect their cyber-physical systems (CPS) environments.

Cyber-physical systems are those that overlap the cyber world -- things like industrial control and medical devices -- and may therefore slip below the radar of traditional cybersecurity approaches. The survey, of 1,100 infosecurity, OT engineering, clinical and biomedical engineering, and facilities management and plant operations professionals, shows concerns that economic policies and geopolitical tensions are adding to risk.

The findings reveal that 49 percent of respondents report supply chain changes caused by shifting global economic policies and geopolitical tensions around the world are creating increased cyber risk to CPS assets and processes. 45 percent are also concerned about their ability to reduce risk to key CPS assets, and in their overall understanding of their risk posture. Additionally, 67 percent said that they are reconsidering the geography of their supply chain to mitigate risks to CPS posed by economic and geopolitical uncertainties.

There’s an escalation of risks associated with third-party remote access, as organizations re-evaluate their vendors and introduce new remote access tools into already complex and exposed CPS environments. 46 percent of respondents say they’ve been breached in the last year because of third-party access and 54 percent report they’ve discovered security gaps or weaknesses in vendor contracts post-incident. As a result, 73 percent of respondents said they are re-evaluating third-party remote access to CPS operations.

“Third-party access is a key part of how modern organizations can operate efficiently. It's a key driver of efficiency, but it's also an area that is fraught with risk. It's an interesting area, particularly if you consider supply chains are being challenged now, like never before,” says Andrew Lintell, general manager for the EMEA region at Claroty.

Compliance is a challenge too, despite successful efforts to follow established frameworks such as the NIST Cybersecurity Framework and ENISA in Europe, there are concerns over what’s to come from the regulatory environment. Although nearly 70 percent of respondents say their current CPS security programs adhere to cybersecurity standards, 76 percent say that emerging regulations may require their organizations to overhaul their strategies, which could cause massive disruptions to operational efficiency.

“The shift from compliance to more of a resilience footing is a key aspect of of what customers are looking to now achieve,” Lintell adds. “Having security embedded as a core business function is a key challenge. The supply chain changes of the first six months of this year have really challenged, what with tariffs and businesses needing to be able to make probably more changes to their supply chain in six months than they have done in the last couple of decades.”

You can get the full report from the Claroty site.

Image credit: Branex/Dreamstime.com