Barracuda found that 93% of organizations in the IIoT/OT sectors have experienced a failed security project.
When companies want to take the next step with the Industrial Internet of Things (IIoT) and active technology (OT), a new study has revealed that the majority of them have failed in security projects around these two types of technologies. Barracuda Networks surveyed 800 senior IT managers, senior IT security managers, and project managers within the framework of “State of Industrial Security in 2022“Reported, and found that a whopping 93% had suffered from failed security projects.
This can make a huge difference when it comes to organizations that remain secure, as 75% of companies that have completed a security project are completely free from any impact from a major incident.
“In today’s threat landscape, critical infrastructure is an attractive target for cybercriminals, but unfortunately IIoT/OT security projects often lag behind other security initiatives. or fail due to cost or complexity, putting organizations at risk,” said Tim Jefferson, SVP, Engineering for Data, Network, and Application Security at Barracuda. “Problems like lack of network segmentation and number of unclaimed organizations multi-factor authentication (MFA) leaves open attack networks and demands immediate attention”.
UNDERSTAND: Recruitment Toolkit: IoT Developer (TechRepublic Premium)
Aspects of critical infrastructure are vulnerable
According to Barracuda, critical infrastructure is under constant threat of attack, with businesses facing a number of challenges related to not only cybersecurity but also an increasingly hostile geopolitical environment. . According to the study, 94% of organizations surveyed said they had experienced a security incident in the last year and 89% were concerned about the effects that the United States has had on its uneasy international relations with other countries. as China or Russia can do to their businesses. .
Gartner was just last month publish a report details eight future cybersecurity projections, with threat actors who have weaponized the technological environment successfully operating to cause human casualties being one of the key concerns that organization should pay attention to in the coming years.
Due to the growing sense of cybersecurity risk in the IIoT/OT sectors, companies know they need to increase their security awareness, but the manufacturing and healthcare sectors health still lags when it comes to security protocols. Barracuda reports that 50% in the oil and gas sector have completed the project, while only 24% in the manufacturing sector and only 17% in the medical sector have completed the project. This puts key regions at risk, which could lead to Gartner’s prediction coming to fruition by 2025.
“IIoT attacks go beyond the digital realm and can have real-world implications.” Klaus Gheri, Vice President of Cyber Security at Barracuda said. “As attacks continue to increase across industries, adopting a proactive security approach when it comes to industrial security is critical for businesses to avoid becoming the next victim. following an attack.”
How do critical infrastructure organizations patch security concerns?
One area of slow growth even with IIoT/OT adoption is the lack of multi-factor authentication. Less than a fifth (18%) of organizations surveyed restrict network access and enforce MFA when it comes to remote access to OT Network. Even in sectors like energy, 47% allow full access without using MFA. Widespread issuance of the MFA could be the difference between a key sector of a country’s vulnerability or the ability to avoid a catastrophic attack with far-reaching consequences.
Other ways companies can prevent attacks is by deploying proactive security updates instead of reactive updates, providing better training for employees to ensure that updates Updates can be adopted by the organization itself and automate those processes so that they don’t have to be installed manually, avoiding potential confusion. If organizations can put these potential fixes into practice, especially when it comes to critical infrastructure, severe attacks lead to the potential loss of revenue or even children’s lives. people can be prevented.
