Cyber Attacks Shutting Down 1 in 4 Industrial Operations

Staff
By Staff
7 Min Read

A new report by ABI Research and Palo Alto Networks on the state of operational technology (OT) security found that, within the past year, one in four industrial enterprises said they had to shut down their operations temporarily due to a cyber attack. This study, surveying nearly 2,000 executives and practitioners across 16 countries, also noted that more than 60 percent of respondents said OT security solution complexity was their top concern when purchasing solutions.

This new report, The State of OT Security: A Comprehensive Guide to Trends, Risks, and Cyber Resilience, reveals the reality, extent and changing nature of security threats to industrial environments. It sheds light on the frequency of attacks and examines organizations’ struggles and implications in architecting and implementing a streamlined, user-friendly response to these threats.

In particular, the scale and complexity of these challenges stand out in the report’s findings:

  • Almost 70 percent of industrial organizations have experienced cyberattacks in the past year.
  • 1 in 4 organizations had to shut down operations due to an attack.
  • IT is the main attack vector, with 72 percent of attacks originating there.
  • 40 percent of organizations say their OT and IT teams are frictional.
  • 87 percent of respondents believe Zero Trust is the right approach to OT security.

The report paints a clear picture of why OT environments have become such attractive targets in industrial operations, since a successful attack holds immense financial or political potential. The landscape of threats to these environments is anything but static; the threat landscape is real and evolving. Over the past year alone, 70 percent of industrial organizations have fallen victim to cyberattacks, but even more concerning is that 26 percent are experiencing attacks weekly or more.

These findings underscore the serious impact these breaches can have. Beyond the immediate consequences of data and revenue loss, these attacks disrupt the continuity of business operations. As organizations look ahead, the industrial professionals surveyed indicate that securing industrial devices, against the backdrop of many emerging technologies, including AI, 5G and remote access, will be their organization’s top cybersecurity challenges in the next two years.

In addition to threats that exist today, industrial asset owners and operators are also cognizant of emerging technologies and their potential risks. According to this study, the rise of AI is top of mind, with 74 percent of respondents anticipating that AI-enabled attacks pose a critical threat to their OT infrastructure.

The integration of 5G-connected devices presents additional risk. Organizations are integrating 5G technologies into their networks to improve connectivity and efficiency and benefit from their higher transmission speeds, lower latency and support of high-bandwidth applications. However, almost 70 percent see 5G as an increasing threat vector, making it clear that as technology advances, so do the challenges of securing industrial operations. Three out of four also agree that remote access is on the rise for both employees and third parties, offering many benefits like monitoring capabilities and better response times during an event, but also introducing more security risks into the environment.

The survey revealed that complexity was the primary challenge faced by industrial organizations pursuing OT security solutions. Over 60 percent of respondents highlighted OT security solution complexity when purchasing OT security software and equipment, illustrating the need for simplified and streamlined security solutions.

Organizations are also struggling with alignment on two fronts. First, 40 percent of survey respondents say their OT and IT teams are frictional, with only 12 percent saying they are aligned. Since IT is the main attack vector, this misalignment is a clear concern for security practitioners, as reflected by 7 out of 10 respondents intending to consolidate IT and OT solutions from the same cybersecurity vendor.

The second area of internal misalignment is between C-level executives and practitioners. Executives are 33 percent less likely to believe they have had an industrial shutdown than operational staff on the frontlines. Due to the complexity of operations, executives can struggle to gain visibility into the ground truth, making it challenging to make informed investment decisions.

There is more consensus between executives and practitioners about regulatory challenges. In the next two years, 74 percent of executives expect regulatory pressure on OT security to heighten, pointing to a growing awareness at all organizational levels of bolstering OT security measures in anticipation of

stricter regulations.

The survey probed respondents’ perceptions of responsibility for OT security across IT and OT and explored views about consolidated solutions that secure both. What emerged from the findings indicates a growing alignment and perception of shared and equal responsibility, as well as a consensus that a Zero Trust approach is the most secure.

Decision-makers see Zero Trust solutions as vital in the future of OT security, with 86 percent of respondents viewing Zero Trust as the correct approach for bolstering security frameworks. Similarly, more than 50 percent of respondents see cloud infrastructure as creating increased cybersecurity challenges, while more than 80 percent recognize that cloud-based solutions are pivotal. This reflects an understanding that as technology evolves OT environments, so do the solutions that secure them.

A copy of the report can be found here.

Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *