Security defences getting stronger as cyber threats remain high

Industrial control systems (ICS) cybersecurity threats remain high as adversaries set their sights on control system components, the SANS 2022 OT/ICS Cybersecurity Report from Nozomi Networks showed.

In response, organisations have significantly matured their security postures since last year. 

In spite of the progress, more than a third (35%) don’t know whether their organisations had been compromised and attacks on engineering workstations doubled in the last 12 months.

“In the last year, Nozomi Networks researchers and the ICS cybersecurity community have witnessed attacks like Incontroller move beyond traditional targets on enterprise networks, to directly targeting OT,” said Nozomi Networks co-founder and CPO Andrea Carcano. 

Carcano said that while threat actors are honing their ICS skills, the specialised technologies and frameworks for a solid defence are available. 

“The survey found that more organisations are proactively using them,” said Carcano. “Still, there’s work to be done. We encourage others to take steps now to minimise risk and maximise resilience.”

The study found that 62% of respondents rated the risk to their OT environment as high or severe (down slightly from 69.8% in 2021).

Ransomware and financially motivated cybercrimes topped the list of threat vectors (39.7%) followed by nation-state sponsored attacks (38.8%). Non-ransomware criminal attacks came in third (cited by 32.1%), followed closely by hardware/software supply chain risks (30.4%).

While the number of respondents who said they had experienced a breach in the last 12 months dropped to 10.5% (down from 15% in 2021), 35% of those said the engineering workstation was an initial infection vector (doubling from 18.4% last year).

About a third (35%) did not know whether their organisations had been compromised (down from 48%) and 24% were confident that they hadn’t had an incident, a 2x improvement over the previous year.

In general, IT compromises remain the dominant access vector (41%) followed by replication through removable media (37%).

Further, two-thirds (66%) say their control system security budget increased over the past two years (up from 47% last year).

Among respondents, 56% say they are now detecting compromises within the first 24 hours of an incident (up from 51% in 2021). The majority (69%) say they move from detection to containment within 6 to 24 hours.

Seven in every eight (87.5%) have conducted a security audit of their OT/control systems or networks in the past year (up from 75.9% last year) and one-third (29%) have now implemented a continual assessment program.

The overwhelming majority (83%) monitor their OT system security. Of those, 41% used a dedicated OT SOC.

Organisations are investing in ICS training and certification, and 83% of respondents are professional control system certification holders – a significant jump from 54% in the last 12 months.

Nearly four in every five have roles that emphasise ICS operations up from 50% in 2021.