About 83% of critical infrastructure organisations suffered an operational technology (OT) breach in the past 36 months, but 73% of Chief Information Officers and Chief Information Security Officers said they were “highly confident” that they will not suffer an OT breach in the coming year, according to a study by cybersecurity company Skybox Security.
"Not only do enterprises rely on OT, the public at large relies on this technology for vital services including energy and water.
Unfortunately, cybercriminals are all too aware that critical infrastructure security is generally weak.
As a result, threat actors believe ransomware attacks on OT are highly likely to pay off," said Gidi Cohen, CEO and founder of Skybox Security.
The study also found that 40% of organisations considered cyber insurance to be a sufficient solution for cybersecurity, while 78% clearly saw multivendor complexity as a clear challenge.
Most importantly, 39% of all respondents pointed out that decisions made in individual business units without any central oversight were a top barrier to improving security.
Operational technology security is a broad term referring to network complexity, functional silos, supply chain risks and limited vulnerability remediation (patching/fixing of cybersecurity flaws/weakness detected in enterprise assets).
The report pointed out that such OT shortcomings don’t only imperil individual companies, but threaten the economy, safety and public health as a whole.
Skybox pointed out that adherence to compliance standards does not translate to equal security.
The study predicts that regulatory compliance requirements will continue to increase in light of recent attacks.
The study took into consideration inputs from over 170 OT security decision makers in US, UK, Germany and Australia spanning across manufacturing, energy and utility.