SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
New report finds ICS cybersecurity threats remain high
Tue, 1st Nov 2022
FYI, this story is more than a year old

According to a new report from Nozomi Networks, industrial control systems (ICS) cybersecurity threats remain high as adversaries set their sights on control system components.

The company’s SANS 2022 OT/ICS Cybersecurity Report finds that, as a result, enterprises have implemented significantly more robust security postures since last year.

Regarding security budgets for control systems, 66% of organisations increased their spending, up from 47% in 2021.

In addition, 56% say they now see compromises within the first 24 hours after an incident, an increase of 5% from 51% last year.

69% say they move from detection to containment within 6 to 24 hours, and 87.5% have carried out a security audit of their OT/control systems or networks in the past year. This is a significant increase from 75.9% the previous year. 29% have also now put in place a continual assessment program.

Moreover, 83% monitor their OT system security, and 41% use a dedicated OT SOC.

Organisations are also investing in ICS training and certification, with 83% of those surveyed saying they are professional control system certification holders, a major jump from 54% in the last 12 months.

Additionally, nearly 80% have roles that emphasise ICS operations, up from 50% in 2021.

However, despite this progress, 35% of organisations are unsure whether they have been compromised, and attacks on engineering workstations doubled in the last 12 months. Although, this was a decrease of 13% from 48% in 2021.

24% are confident they haven’t had an incident, marking a 2x improvement compared with the previous year.

“In the last year, Nozomi Networks researchers and the ICS cybersecurity community have witnessed attacks like Incontroller move beyond traditional targets on enterprise networks, to directly targeting OT,” says Andrea Carcano, Co-founder and CPO, Nozomi Networks.

“While threat actors are honing their ICS skills, the specialised technologies and frameworks for a solid defence are available. The survey found that more organisations are proactively using them.

“Still, there’s work to be done. We encourage others to take steps now to minimise risk and maximise resilience.”

62% of respondents rated the risk to their OT environment as high or severe, a marginal decline compared to 69.8% in 2021.

The report also finds that ransomware and financially motivated cybercrimes are the most prominent threat vector at 39.7%, closely followed by nation-state-sponsored attacks at 38.8%.

Further, in third place is non-ransomware criminal attacks at 32.1%, with hardware and software supply chain risks accounting for 30.4%.

10.5% of those surveyed say they have experienced a breach in the last year, declining from 15% in 2021, although 35% of those respondents say the engineering workstation was an initial infection vector, almost doubling from 18.4% last year.

Overall, IT compromises remain the dominant access vector at 41%, with removable media coming in at 37%.