Negligent Insiders Lead ICS Threatscape

November 3, 2020

The Control System Cyber Security Association International (CS)2AI and KPMG released their first annual CS/OT Cyber Security Report. The report findings are based on a survey from a representative sample of over 16,000 professionals responsible for protecting and defending assets and systems worth millions to billions in capital investment. Collectively, their answers provide profound insights into the state of the CS/OT threatscape across multiple industries such as utilities, transportation, manufacturing, information technology services, hospitals, construction, and others.

The report focuses not only on the threats to CS/OT environments from security breaches, but also on the steps being taken by successful CS/OT security practitioners around the world. “The survey reveals a clear relationship between the failure to focus on the data and metrics needed to enhance security, as well as inadequate levels of maturity for OT security programs,” says Derek Harp, Founder and Chairman of (CS)2AI. “For example, our survey reveals that less than 25% of companies have incorporated an active defense of their control systems and assets.” This report, the first of multiple research products our organization is proud to initiate, offers insight into points of failure and areas of success in this industry.”

Key report findings revealed

Notable findings based on the analysis of organizations with more mature CS security programs, versus those with less mature programs, reveals that the former:

Use managed CS security services much more often: 47 percent vs 6 percent

Conduct end-to-end security assessments more frequently: 53 percent vs 36 percent

Frequently replace vulnerable CS hardware or software after assessment: 63 percent vs 34 percent

Monitor all CS networks: 53 percent vs 16 percent

The (CS)2AI-KPMG Control System Cyber Security Report was developed to provide decision support tools enabling CS cyber security practitioners and management to make best-informed and prioritized decisions regarding the protection of critical assets. For example, the report reveals a mismatch between security spending priorities and return on investment of past allocations, as well as critical success factors common to the most mature cyber security programs.

“Enterprise organizations continue to struggle to address cyber security vulnerabilities across control systems and operational technology environments, which can have a material impact on human safety and their businesses’ bottom line,” said Walter Risi, Global Cyber IoT leader and Technology Consulting practice leader, KPMG in Argentina. “If businesses don’t take appropriate action soon to mitigate risks, regulators and governments will. Savvy business leaders will analyze their worst-case scenarios and take decisive action to protect their operations and assets ahead of government mandates. The CS/OT cyber security report will offer business leaders and practitioners valuable data-driven insights to create an actionable plan.”

In collaboration with a team of strategic industry partners, including title partner KPMG and other report supporters including Waterfall Security Solutions, Palo Alto Networks, SecurityWeek, Fortinet, and Airbus Cyber, the report collects and analyzes key data around: (1) CS security events, (2) trends in attack activities and protective technologies, and (3) how organizations are adapting to ongoing challenges including the limited talent pool of skilled workers.

Terms of Use | Copyright © 2002 - 2020 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement