Digital transformation of critical infrastructure is outpacing security safeguards, causing global IT professionals’ fears of coordinated OT cyberattacks.
A research paper on industrial cybersecurity issues has found that 74% of global IT security professionals are more concerned about a cyberattack on critical infrastructure than that on enterprise data.
An independent survey of 1,000 full-time IT security professionals was carried out in the United States, United Kingdom, Germany, France, and Australia by industrial cybersecurity specialist Claroty to determine respondents’ attitudes and concerns toward the security of Operational Technology (OT).
Looking at an overall picture of the security of industrial networks, the survey found that 62% of global respondents believed that industrial networks are properly safeguarded against cyberattacks, and that 60% believe their country’s critical infrastructure is adequately protected.
However, some regions were more confident than others. Respondents from Australia (93%) and Germany (96%) were much more confident in the overall safety of industrial networks versus respondents from the UK, US and France. They were also more confident that their country’s critical infrastructure is properly secured against cyberattacks, with 90% of respondents from Australia and 99% from Germany saying that they were adequately protected.
Said Dave Weinstein, Chief Security Officer of Claroty: “While IT and OT convergence unlocks business value in terms of operations efficiency, performance, and quality of services, it can now be detrimental because threats, both targeted and non-targeted, now have the freedom to maneuver from IT to OT environments and vice versa. Our mission is to help security practitioners to bridge the gap between IT and OT cybersecurity, ensuring that all bases are protected from cyberattacks.”
Weinstein said that this is even more critical in the current new normal of largely remote workforces, which create additional burden on Chief Information Security Officers to remotely secure their production environments.
Drilling into the OT threats
In terms of industries and direct threats, the research found that globally, 45% of IT security professionals saw electric power as the most vulnerable sector of critical infrastructure, followed by oil and gas (21%).
Furthermore, 43% put hacking at the top of the list of threats to industrial networks that they were most concerned about, followed by ransomware (33%).
The survey also explored whose responsibility it is to protect critical infrastructure from cyberattacks, and the results weighed heavily in favor of government over the private sector. In fact, 100% of respondents from Germany believed it is the government’s responsibility, followed by Australia (98%), the UK (91%), France (89%), and the US (87%).