- Nozomi Networks and SANS survey find security defenses are getting stronger as cyber threats to ICS continue to be high.
- The report also unveils that some of the organizations 35% do not know whether they had a cyber attack in the last 12 months.
- The report found that the most concerning threat vectors are ransomware, extortion, and other financially motivated crimes.
Nozomi Networks, an OT and IoT security company unveiled the SANS 2022 OT/ICS Cybersecurity Report finds ICS cybersecurity threats continue to be high despite the progress in the control systems; and 35% don’t know whether their organizations had been compromised. Also, attacks on engineering workstations doubled in the last 12 months.
Risks in industrial control systems are still high
Not surprisingly, the researchers found that ransomware and financially motivated attacks are the top threat vectors at 39.7% as ranked number one. Followed by nation-state attacks at 38.8% and non-ransomware criminal attacks came in third, cited by 32.1%. 62% of respondents evaluated the risk to their OT (operational technology) environment as high or severe (down slightly from 69.8% in 2021). The number of respondents that have encountered a breach in the last 12 months dropped to 10.5%, down from 15% in 2021. And 35% of those pointed to the engineering workstations as the initial infection vector, doubling from 18.4% last year.
35% of respondents did not know whether their organizations had been compromised, down from 48% last year, and as an improvement over the previous year, 24% were confident that they hadn’t had an incident. Overall, IT compromises remain the dominant access vector at 41% followed by replication through removable media at 37%.
The report also unveils that some sectors are more targeted than others. For example business services, healthcare and public health, and commercial facilities are the top three sectors considered most likely to have a successful ICS compromise that will impact safe and reliable operations.
ICS cybersecurity attitudes are changing
According to the report, 75% of respondents inform that their control system security budget increased over the past two years (up from 51% last year). Most organizations now have budgets allocated between $100,000 and $499,999 USD or between $500,000 and $999,999 USD. 56% of survey participants say they are detecting compromises within the first 24 hours of an incident (up from 51% in 2021). The majority of them 69% mention they move from detection to containment within 6 to 24 hours.
The report also found that the conduct of a security audit of the OT/control systems or networks rose to 87.5% from 75.9% last year. The majority of the companies, 83%, monitor their OT system security, and, of those, 41% used a dedicated OT SOC. The organizations that are investing in ICS training and certification are now 83% which is a significant increase from 54% in the last 12 months.
The researchers also asked about the cybersecurity project priories for the next 18 months and respondents who are allocating those budgets toward several initiatives, mention planning for increased visibility into cyber assets and their configurations (42%). The implementation of network-based anomaly and intrusion detection tools (34%) showed the highest focus, closely behind there’s a focus on network-based intrusion prevention tools on control-system networks (26%).
Lastly, the report indicates that security efforts are progressively becoming stronger. Asset owners and vendors are stepping up to meet new challenges as well as serious impactful threats the community is facing.