90% of critical infrastructure firms suffered cyber attacks in the last two years

90% of critical infrastructure firms suffered cyber attacks in the last two years

US to introduce manual controls in power grids to stop cyber attacks

Lack of personnel, an over-reliance on manual processes, and a lack of visibility into the attack surface resulted in nine out of ten critical infrastructure firms suffering at least one successful cyber attack in the last two years that damaged their environments.

This was revealed in a survey of professionals at companies that have deployed industrial control systems and operational technology, 62 percent of whom also said that their organisations had been impacted by at least two cyber incidents in the past two years.

The biggest reason behind cyber criminals breaching IT systems of critical infrastructure firms has been the acute lack of visibility of IT security teams over what systems are part of their IT environments. Such lack of visibility, which plagues 80% of critical infrastructure organisations, has also resulted in organisaions not being able to completely secure the attack surface.

While 61% of professionals said lack of personnel was holding them back from preventing business-impacting cyber attacks, 55% of them said existing reliance on manual processes was the number reason for their failure.

70% of professionals believe that increased communication with executives and board members will help critical infrastructure firms in preventing business-impacting cyber attacks in the future.

“OT professionals have spoken — the people who manage critical systems such as manufacturing plants and transportation almost unanimously state that they are fighting-off cyberattacks on a regular basis,” said Eitan Goldstein, senior director of strategic initiatives, Tenable.

“Organisations need visibility into their converged IT/OT environments to not only identify where vulnerabilities exist but also prioritize which to remediate first. The converged IT/OT cyber problem is one that cybersecurity and Critical Infrastructure teams must face together,” Goldstein added.

“The issue with industrial systems is that many of them are old, ten to twenty years old in some cases, and there is not necessarily a practical way to upgrade them due the criticality of their availability. Industrial networks were designed before cyber threats emerged and as a result, they lack the visibility and policy enforcement layers that enterprise IT networks have,” said Sylvain Gil, Vice President Products & Co-founder at Exabeam.

“We need more insight into the behaviours of these systems. They are rudimentary and were never thought to be vulnerable to people outside the operating facility – but they certainly are. We’ve seen enough examples that we know they can be manipulated, not just in terms of being used for cybercrime, but they can actually have physical consequences, as well, like a shutdown or explosion,” Gill added.

Cyber attacks caused outages in 70% of critical infrastructure firms

Last year, a Freedom of Information request by security firm Corero Network Security revealed that around 70 percent of critical infrastructure organisations in the UK suffered from service outages, many of them due to cyber-attacks in the previous two years.

“Service outages and cyber attacks against national infrastructure have the potential to inflict significant, real-life disruption by preventing access to essential services such as power, transport, and the emergency services.

“The fact that so many infrastructure organisations have suffered from service outages points to an alarming lack of resilience within organisations that are critical to the functioning of UK society,” said Andrew Lloyd, President at Corero Network Security.

“The head of the National Cyber Security Centre has already warned that it is a matter of when, not if, the UK experiences a devastating cyber attack on its critical infrastructure. The study poses serious questions about the UK’s current capability to withstand such an attack,” he added.

Copyright Lyonsdown Limited 2021

Top Articles

The expert view: Accelerating the journey to the cloud

At a virtual seminar on 9 June 2021, sponsored by managed IT service provider Sungard Availability Services, eight senior IT decision makers gathered to discuss how organisations can accelerate their…

Ransomware attacks and the future role of the CISO - teissTalk

On 18 May, teissTalk host Jenny Radcliffe was joined by a panel of four cybersecurity experts in a wide-ranging discussion that covered government actions, ransomware attacks and the future of…

Communicating a Data Breach: Best Practices

When customers trust you with their personal data, they are expecting it to be protected. This means your response to a data breach is imperative and can make or break…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]