Attacks like Incontroller move beyond traditional targets on enterprise networks
Nozomi Networks Inc., the leader in operational technology (OT) and IoT security, today announced the SANS 2022 OT/ICS Cybersecurity Report finds industrial control systems (ICS) cybersecurity threats remain high as adversaries set their sights on control system components. In response, organisations have significantly matured their security postures since last year. Despite the progress, more than a third (35 per cent) don’t know whether their organisations had been compromised and attacks on engineering workstations doubled in the last 12 months.
“In the last year, Nozomi Networks researchers and the ICS cybersecurity community have witnessed attacks like Incontroller move beyond traditional targets on enterprise networks, to directly targeting OT,” said Nozomi Networks Co-founder and CPO Andrea Carcano. “While threat actors are honing their ICS skills, the specialised technologies and frameworks for a solid defence are available. The survey found that more organisations are proactively using them. Still, there’s work to be done. We encourage others to take steps now to minimise risk and maximise resilience.”
ICS Cybersecurity Risks Remain High
- 62 per cent of respondents rated the risk to their OT environment as high or severe (down slightly from 69.8 per cent in 2021).
- Ransomware and financially motivated cybercrimes topped the list of threat vectors (39.7 per cent) followed by nation-state sponsored attacks (38.8 per cent). Non-ransomware criminal attacks came in third (cited by 32.1 per cent), followed closely by hardware/software supply chain risks (30.4 per cent).
- While the number of respondents who said they had experienced a breach in the last 12 months dropped to 10.5 per cent (down from 15 per cent in 2021), 35 per cent of those said the engineering workstation was an initial infection vector (doubling from 18.4 per cent last year).
- 35 per cent did not know whether their organisations had been compromised (down from 48 per cent) and 24 per cent were confident that they hadn’t had an incident, a 2x improvement over the previous year.
- In general, IT compromises remain the dominant access vector (41 per cent) followed by replication through removable media (37 per cent).
ICS cyber security postures are maturing
- 66 per cent say their control system security budget increased over the past two years (up from 47 per cent last year).
- 56 per cent say they are now detecting compromises within the first 24 hours of an incident (up from 51 per cent in 2021). The majority (69 per cent) say they move from detection to containment within 6 to 24 hours.
- 5 per cent have conducted a security audit of their OT/control systems or networks in the past year (up from 75.9 per cent last year) – one-third (29 per cent) have now implemented a continual assessment program.
- The overwhelming majority (83 per cent) monitor their OT system security. Of those, 41 per cent used a dedicated OT SOC
- Organisations are investing in ICS training and certification: 83 per cent of respondents are professional control system certification holders – a significant jump from 54 per cent in the last 12 months.
- Nearly 80 per cent have roles that emphasise ICS operations up from 50 per cent in 2021.