Industrial control systems and IoT devices are jeopardized as a result of poor cybersecurity implementation

Aug 27, 2021 10:46 GMT  ·  By

A new report titled SANS 2021 OT/ICS Cybersecurity Report contains alarming information gathered from 480 individuals in various industries. Organizations that use operational technology (OT) and industrial control systems (ICS) are very concerned about cyber attacks. 

The findings highlight the need for businesses to improve the ability to anticipate and respond to emerging threats and opportunities. While many are taking precautions to reduce risks, they are unaware if the breaches already occurred within their organization. To summarize the findings:

  • Approximately 70% of respondents indicated that the risk to their operational technology environment was high or severe.
  • With many companies concerned about cyber risk in their operating environment, 48% of respondents did not know whether they had encountered a breach of operational technology or control system security in the previous year.
  • Only 12% believe that their systems have not been hacked, and 15% are willing to suffer security mishaps, many of which cause business interruption.
The report notes “Of particular concern is the 18% of initial vectors leveraging the engineering workstation” […] “This percentage raises some concern because engineering workstations represent key terrain to accomplish a variety of effects in stage 2 of the ICS Cyber Kill Chain and could have contributed to the high numbers of incidents with impact on processes”.

The following are the most frequently cited responses to the attack vectors used in the situations they encountered: 

  • Compromised technical workstations: 18% 
  • Removable media: 24% 
  • Spear phishing: 26% 
  • Internet-accessible devices: 28% 
  • The use of publicly available applications: 32% 
  • External remote services: 36% 
Most of the respondents blamed hackers for the incidents, followed by employees, contractors, activists, organized crime, service providers, and state-sponsored threat actors.

According to the authors of the study, effective defense of OT environments requires a multi-layered and integrated strategy that considers both internal and external risks, understands the vulnerability to these threats, and prioritizes mitigation actions through people, processes, and technology to address identified risks.