Over 400 C-level executives from critical infrastructure organisations across North America, Europe and Asia/Pacific were surveyed in a report sponsored in part by Nozomi Networks titled “Weathering the Perfect Storm: Securing the Cyber-Physical Systems of Critical Infrastructure”. The report found that most (88%) critical infrastructure organisations have, or are currently, integrating their IT, OT, IoT and physical systems, and one in five respondents (20%) added that their systems are fully integrated with externally accessible systems.
While the convergence of these systems is expected to improve the overall performance of organisations, cybercrime risks jeopardising this progress. In fact, nine out of ten organisations have faced a security incident in the last year alone and more than half have suffered two or more attacks. Out of these security incidents, it was revealed that 85% of them involved OT, which was initially accessed either through IT and data systems (36%) or through physical incursion (32%). Yet, while nearly half of respondents (47%) say cyber-criminals pose the biggest risk, even more (52%) believe former and current employees are the greatest threat to operational security.
Although 64% of organisations had to experience a breach themselves before choosing to adopt a more holistic approach to cyber-physical security, steps are, fortunately, being taken in the right direction. Indeed, 70% of respondent organisations are now actively seeking to address the new vulnerabilities created by the integration of cyber/digital and OT/physical systems.
As organisations begin to implement a holistic action plan to tackle the ever-changing environment of cybercrime today, they have identified two main challenges. Firstly, 49% struggle with differences in risk tolerances between IT and OT in an environment that has traditionally associated those two areas with very different goals. Secondly, 30% of organisations face employee resistance to cultural change. The good news is, however, that 32% say clear directives regarding risk tolerance or performance, either from IT/OT executives or from the CEO or Board, is driving change.
“The perfect storm of increasing cyber threats, digital transformation and IT/OT convergence means organisations must move swiftly to gain visibility and enhance cybersecurity into their OT and IoT networks,” explains Nozomi Networks CMO Kim Legelis. “It’s a board issue and an employee issue. We are encouraged that organisations recognise both the threats and the opportunities of modernising critical infrastructure. We know from working with thousands of industrial installations, that it’s possible to monitor and mitigate these risks, whether they stem from cybercriminals, nation-states or employees.”
The survey, conducted by Newsweek Vantage in partnership with Nozomi Networks, Siemens and Yubico with guidance from the International Society of Automation (ISA), can be found here: https://info.nozominetworks.com/security-report-newsweek-securing-physical-systems-lp-0