Organizations have significantly matured their security postures since last year in response to operational technology (OT) and industrial control systems (ICS) cybersecurity threats.

The SANS 2022 OT/ICS Cybersecurity Report, a Nozomi Networks-sponsored SANS Institute survey, finds that in spite of the progress, more than a third (35%) don’t know whether their organizations had been compromised and attacks on engineering workstations doubled in the last 12 months. While organizations are proactively boosting digital defenses, there's work to be done, the survey shows:

• 62% of respondents rated the risk to their OT environment as high or severe (down slightly from 69.8% in 2021).
• Ransomware and financially motivated cybercrimes topped the list of threat vectors (39.7%) followed by nation-state sponsored attacks (38.8%). Non-ransomware criminal attacks came in third (cited by 32.1%), followed closely by hardware/software supply chain risks (30.4%).
• While the number of respondents who said they had experienced a breach in the last 12 months dropped to 10.5% (down from 15% in 2021), 35% of those said the engineering workstation was an initial infection vector (doubling from 18.4% last year).
• 35% did not know whether their organizations had been compromised (down from 48%) and 24% were confident that they hadn’t had an incident, a 2x improvement over the previous year.
• In general, IT compromises remain the dominant access vector (41%) followed by replication through removable media (37%).

ICS Cybersecurity Postures are Maturing

• 66% say their control system security budget increased over the past two years (up from 47% last year).
• 56% say they are now detecting compromises within the first 24 hours of an incident (up from 51% in 2021). The majority (69%) say they move from detection to containment within 6 to 24 hours.
• 87.5% have conducted a security audit of their OT/control systems or networks in the past year (up from 75.9% last year) – one-third (29%) have now implemented a continual assessment program.
• The overwhelming majority (83%) monitor their OT system security. Of those, 41% used a dedicated OT SOC
• Organizations are investing in ICS training and certification: 83% of respondents are professional control system certification holders – a significant jump from 54% in the last 12 months.
• Nearly 80% have roles that emphasize ICS operations up from 50% in 2021.

Bud Broomhead, CEO at Viakoo, believes the rise in ransomware and other attacks against OT infrastructure will directly lead to organizations needing more data and information on their OT systems to obtain cyber security insurance. "Even with that cybersecurity insurance around OT and IOT environments will be significantly higher in cost because of these threats. Organizations need to start on their security journey especially with OT. That starts with having asset discovery followed by automated remediation methods," Broomhead says.

To learn more about the latest trends in OT/ICS cybersecurity, visit www.nozominetworks.com.