- Industrial organizations have strengthened their cybersecurity postures in the past year as nearly two-thirds have faced high or severe threats to their operational technology environments, according to a SANS Institute report commissioned by Nozomi Networks.
- More than two-thirds of organizations said security budgets for their industrial control systems have increased, compared with less than half in a survey conducted one year ago. The research is based on the responses of 332 responses across a variety of vertical sectors, ranging from energy, chemical, water management to nuclear.
- Almost 9 in 10 organizations said they have conducted a security audit, compared with 76% from the year-ago study.
The research comes at a time of heightened risk and awareness of cybersecurity threats facing critical infrastructure providers, particularly in the industrial space.
The 2021 ransomware attacks against Colonial Pipeline and meat supplier JBS USA raised considerable awareness in the information security community and among policymakers about how key elements of U.S. infrastructure were vulnerable to malicious cyberattacks from rogue nation-state and criminal actors.
“There has been a broad realization that operations that tolerate little-to-no downtime are lucrative targets — just in time manufacturing, transportation, natural and processed resource providers,” Danielle Jablanski, OT cybersecurity strategist at Nozomi Networks said via email.
Among the problems facing OT security is that many of these facilities have aging technology, the need for additional on-site personnel and IT security staff who do not have sufficient expertise in securing OT systems, according to the report.
In April, the FBI and other federal authorities warned about a set of custom made tools dubbed Incontroller, which had been developed to target industrial sites. The tools were capable disrupting production and potentially disabling safety controls.