According to a critical infrastructure cyberattack report, almost 60% of attacks are led by state-affiliated actors. Additionally, 33% are enabled by internal personnel. Threat actors are most intensely focused on the energy sector (39% of attacks) at over three times more than the next most frequently attacked verticals, critical manufacturing (11%) and transportation (10%).

Phishing remains the most popular attack technique (34%), underscoring the importance of cybersecurity tactics such as segmentation, air gapping, zero trust and security awareness training to mitigate risks. More than 80% of threat actors come from outside organizations, yet insiders play an unintentional role in opening the door for threat actors in approximately one-third of incidents.

In the operational technology/industrial control system (OT/ICS) incidents studied, 60% resulted in operational disruption and 40% resulted in unauthorized access or data exposure. However, the damage of cyberattacks extends beyond the impacted enterprise, as broader supply chains were also impacted 65% of the time. OT/ICS cybersecurity incidents in the last three years have already exceeded the total number reported between 1991-2000. In more than half of OT/ICS incidents, supervisory control and data acquisition (SCADA) systems are targeted (53%), with programmable logic controllers (PLCs) as the next-most-common target (22%).

The research indicates strengthening the security of IT systems is crucial to combatting cyberattacks on critical infrastructure and manufacturing facilities. More than 80% of the OT/ICS incidents analyzed started with an IT system compromise, attributed to increasing interconnectivity across IT and OT systems and applications.

Read the full report here.