Security Market Segment LS
Monday, 08 April 2019 09:56

90% in operational tech sector face cyber attack every 2 years

By
90% in operational tech sector face cyber attack every 2 years Image by Gerd Altmann from Pixabay

A subset of data from a December 2018 survey shows that nine out of 10 companies which can be put in the operational technology sector face cyber security threats at least once in two years.

The study was carried out by the Ponemon Institute for security firm Tenable; the data was culled from an initial study of 2,410 IT and IT security practitioners in the US, the UK, Germany, Australia, Mexico and Japan.

The responses of 701 companies that belong to the energy and utilities, health and pharmaceuticals, industrial and manufacturing and transportation sectors were extracted and used for the figures issued on Monday.

Key findings:

  • C-level technology, security and risk officers are most involved in the evaluation of cyber risk as part of their organisation’s business risk management.
  • Forty-eight percent in the OT sector (vs 38% in the non-OT sector) attempt to quantify the damage a cyber event could have on their business – and they’re most likely to quantify the impact based on downtime of OT systems.
  • Concerns about third parties misusing or sharing confidential information and OT attacks resulting in downtime to plant and/or operational equipment increase when looking at 2019. Worries about nation-state attacks continue at a significant level. No definition was given as to what was considered "significant".
  • Increasing communication with the C-suite and board of directors about cyber security threats facing the organisation and ensuring third parties have appropriate security practices to protect sensitive and confidential data are top priorities for 2019.
  • The top 2019 security priority is to improve the ability to keep up with the sophistication and stealth of attackers. This isn’t surprising given the significant number of OT sector organisations that have suffered a nation-state attack in the past 24 months.
  • Few organisations have sufficient visibility into their attack surface. Gaining required visibility will continue to be a challenge due to a combination of staff shortages and heavy reliance on manual processes. Only 20% said they had sufficient visibility into their organisations' attack surface.

The Ponemon Institute made the following recommendations in the light of the survey data:

Improve communication with the C-suite and board of directors about the cyber threats facing the organisation. This will help identify and address gaps among the organisation’s risk appetite and actual risk exposure.

Improve visibility into the attack surface. Blind spots can result in unmanaged and unsecured IT and OT systems. Complete visibility is required for organisations to assess their risk.

Increase the use of automated processes to compensate for the security staff shortage.

Continue to recognise the security impact of interdependencies between IT and OT systems. Vulnerabilities and other weaknesses in IT systems can put interconnected OT systems at risk, and vice versa.

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments