Network and cloud security specialist Barracuda publishes its report on the state of IIoT and OT security "The State of Industrial Security in 2022". Manufacturing and health care bring up the rear when it comes to completed security projects. 800 IIoT/OT managers answered the survey.
Cloud security specialist Barracuda surveyed 800 senior IIoT/OT managers worldwide about their experiences and views regarding IIOT/OT security in their companies. With the current report, Barracuda presents the results around IIoT/OT security projects, implementation challenges, security incidents and technology investments as well as topics related to cybersecurity risks The State of Industrial Security in 2022 .
Increase KRITIS as an attack target
Critical infrastructures are increasingly being targeted by cybercriminals. Despite the now prevailing realization that IIoT and OT security (Industrial Internet of Things/Operational Technology) are of crucial importance, companies and organizations face considerable challenges in view of the increasingly tense geopolitical situation. Security breaches go beyond financial loss and result in significant downtime with long-lasting consequences.
Key results of the survey
- Attacks are widespread: 94 percent of the companies surveyed said they had experienced a security incident in the last 12 months.
- Geopolitical Concerns: 89 percent of respondents are very or fairly concerned about the impact that the current threat landscape and geopolitical situation will have on their organizations.
- Security breaches impact operations: 87 percent of organizations affected by an incident were impacted for more than a day.
Organizations across all industries have recognized the importance of making necessary investments in IIoT and OT security. 96 percent of business leaders said they need to increase their investment in industrial security. 72 percent of the companies reported that they had either already implemented IIoT/OT security projects or were in the process of implementing them.
Significant implementation challenges
- Manufacturing and healthcare are lagging behind: companies with critical infrastructure are leading the way in implementation, 50 percent in the oil and gas industry have completed projects. In manufacturing, only 24 percent and in healthcare only 17 percent have completed their projects.
- Organizations are failing: 93 percent have failed with their IIoT/OT security projects.
- Effective IIoT security implementations make an impact: For companies with completed IIoT and OT security projects, 75 percent have not experienced any impact from a major incident.
- Multi-factor authentication (MFA) usage is low: Only 18 percent of surveyed organizations restrict network access and enforce multi-factor authentication when it comes to remote access to OT networks.
- Low MFA usage is widespread even in critical industries: Critical industries such as energy (47 percent) allow external users full remote access without MFA.
- Qualifications matter: less than half of the companies surveyed can perform security updates themselves (49 percent).
- Manual updates are tedious: Organizations are hit hardest when security updates aren't automatic.
IIoT and OT security is still a big target for attackers. Therefore, it is imperative that organizations implement tools to address these challenges, including the use of secure endpoint connectivity devices and robust network firewalls. Everything should be provided centrally and managed via a secure cloud service. This should enable effective network segmentation and advanced threat protection, provide multi-factor authentication and also be able to implement Zero Trust Access.
The number of attacks continues to increase
"In the current threat landscape, critical infrastructures are an attractive target for cybercriminals, but unfortunately IIoT/OT security projects often take a backseat to other security initiatives, fail because of the costs or are simply too complex, leaving companies at high risk of attack", says dr Klaus Gheri, VP Network Security, Barracuda. "Issues like the lack of network segmentation and the number of organizations that don't require multi-factor authentication leave networks open to attack and require immediate attention." IIoT attacks have gone beyond the digital realm and could have real impact, says Gheri. As the number of attacks increases across all industries, a proactive security approach to industrial security is critical for organizations to avoid being the next victim of an attack.
More at Barracuda.com
Via Barracuda Networks Striving to make the world a safer place, Barracuda believes that every business should have access to cloud-enabled, enterprise-wide security solutions that are easy to purchase, implement and use. Barracuda protects email, networks, data and applications with innovative solutions that grow and adapt as the customer journey progresses. More than 150.000 companies worldwide trust Barracuda to help them focus on growing their business. For more information, visit www.barracuda.com.