Ponemon Institute study Cybersecurity in Operational Technology: 7 Insights You Need to Know shows the extent cyberattacks experienced by critical infrastructure operators, based on a survey of professionals in industries using industrial control systems (ICS) and operational technology (OT). Among key findings, security professionals in six countries revealed that 90% had been hit by at least one successful attack.
If you're tuning into the @BBCClick's interview with Tenable's Eitan Goldstein, he is going to be sharing the key findings from the latest @PonemonPrivacy report, sponsored by us. Find the full report here to read through post-interview! https://t.co/4P2EZky1xK #bbcclick #OT
— Tenable (@TenableSecurity) April 6, 2019
Experts Comments:
Byron Rashed, VP of Marketing at Centripetal Networks:
Cybersecurity teams need to concentrate on the unknown rather than the known. By blocking know adversary nation states that target critical infrastructure (using geo blocking), and inbound/outbound traffic from known malicious sources, a CI organization will greatly increase their cybersecurity posture and enable their cybersecurity teams to concentrate on the unknown (zero-day, etc.) and increase the efficacy of the security stack in gaining the upper hand. Most breaches come from sources that are known to be malicious. Shifting to a blocking strategy will greatly mitigate risk.
George Wrenn, CEO at CyberSaint Security:
“Another trend emerging here is validated, and that trend is that communicating cybersecurity risk via credible metrics is critical for the modern-day business. As nearly half of organizations to date attempt to quantify cybersecurity risk, it’s clear that this approach is only becoming more common, and necessary, to bridge the communication gap between financial, business, and security leadership.
“What most Boards and C-Levels may not know, however, is a single glaring issue that discredits these initiatives — most Boards and C-Suite do not know that their cybersecurity teams are relying on spreadsheets to keep track of their company’s data, and score their business with cybersecurity best practices. This report highlights this, saying that gaining required visibility will continue to be an issue because of heavy reliance on manual processes. The issue with this method? Compliance and risk data entered into a spreadsheet is invalid the moment that the assessment is complete – there is no real-time management of this data, nor a means to report on it credibly.
“When I was CSO at a Fortune 500, I faced the same problems – so much so that it caused me to build a product to help other CSOs, CISOs, and CIOs facing these issues. Together, cybersecurity leadership and business leadership must wake up to the inefficiencies at the operational level that inherently discredit their own reporting, posture, and are a barrier to the visibility they need. By adopting the automated, intelligent integrated risk management approach, security and business leaders will continue to move towards metrics and efficiency to facilitate better decision making, streamlined communication, and cybersecurity resilience.”
Paolo Emiliani, Industry and SCADA Research Analyst at Positive Technologies:
“As this report from Ponemon highlights, the threat against key infrastructure is extremely high and the risk of attack is growing as more components are added to industrial networks. Over the past few months alone, our researchers have uncovered vulnerabilities in components such as industrial switches and PLCs, even those created by major vendors such as Siemens, Phoenix, and Moxa. One vulnerable component can mean the compromise of an entire industrial network. This is why these figures show that half of successful attacks result in downtime.
“Another way that hackers can compromise industrial networks is through corporate information systems, which are easier to hack. Our research has shown that this is possible in 73 percent of cases, sometimes even in the most trivial of attacks, such as using known passwords. Ultimately, the protection of critical infrastructure is a wholly different beast to traditional cyber security. The stakes are far higher, and each component on the network has to be weighed up against the risks of exploitation. The desire to add smart devices, sensors and IoT to networks is understandable but ultimately organisations have to acknowledge that hackers are out there and will try to undermine these devices to break in.”
Sylvain Gil, Vice President Products & Co-founder at Exabeam:
Tony Atkins, Regional Director at Nozomi Networks:
Threat actors often share what they are doing amongst themselves in order to improve their attacks but I feel that organisations do not do the same because of cultural and individual behavioural challenges, such as fear of being seen as a failure or fear of reputational damage. Such intelligence however is crucial to the community in order to better understand the Tactics, Techniques and Procedures used by the threat actors
The adoption of the NIS Directive should help to support improved reporting. The increased adoption of AI and ML based tools in such areas of OT visibility, OT asset inventory etc. will help to reduce some of the human resource burden.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.