Critical infrastructure providers struggling to stay secure

Nine in 10 critical infrastructure providers have had their environments damaged by a cyber attack in the last two years, according to research from cybersecurity company Tenable and the Ponemon Institute.

A survey of representatives from critical infrastructure operators from markets including Australia found that 62% had experienced two or more cyber attacks in the past two years. Nearly a quarter (23%) reported falling victim to at least one nation state attack over this time.

Meanwhile, half of organisations experienced an attack in the past two years against operational technology (OT) infrastructure that resulted in equipment downtime.

Factors leaving critical infrastructure providers vulnerable to attack include a lack of visibility into their organisation’s attack surface (cited by 80% of respondents), lack of personnel (61%) and an over-reliance on manual processes (55%).

“OT professionals have spoken — the people who manage critical systems such as manufacturing plants and transportation almost unanimously state that they are fighting off cyber attacks on a regular basis,” Tenable Senior Director of Strategic Initiatives Eitan Goldstein said.

Goldstein said one factor making it challenging for organisations to respond to attacks is the trend of convergence of IT and OT systems, which is exposing once-isolated OT systems to a range of different attack paths.

“Organisations need visibility into their converged IT/OT environments to not only identify where vulnerabilities exist but also prioritise which to remediate first,” he said. “The converged IT/OT cyber problem is one that cybersecurity and critical infrastructure teams must face together.”

Image credit: ©stock.adobe.com/au/hafakot

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.