"Critical Industries Failing at IIoT/OT Security"

Security researchers found that most critical services companies are struggling to secure their industrial internet of things (IIoT)/operational technology (OT) systems and acknowledge the need to invest more heavily in these areas.  The researchers surveyed 800 senior IT managers, senior IT security managers, and project managers responsible for IIoT/IoT security projects from various industries, including agriculture, biotechnology, construction, energy, government, healthcare, and manufacturing.  The researchers stated that the impetus for IIoT security is increasing as governments warn about threats against critical infrastructure from Russia.  Companies are especially concerned about this current geopolitical situation, with 89% citing it as a factor.  Against this backdrop, 96% of respondents acknowledged the need to invest further in IIoT and OT security.  The researchers noted that companies are encountering problems when implementing IIoT/OT security projects, with 93% admitting failure.  The most significant cause of failure was that technology took too long to implement, while expense was the second.  Almost four in 10 companies also reported that no one in the organization had taken responsibility for the project.  Overall, just under a third of companies had already implemented some IIoT/OT security projects, while 40% are currently completing at least one.  The researchers also found that 94% of organizations had experienced a security incident in the last 12 months.  Almost nine in 10 of those that suffered an incident saw their operations affected for more than a day, while 23% were impacted for at least three days.  Web applications were the highest attack vector, at 42%, followed by the use of malicious external hardware or removable media like USB sticks, which affected 38% of respondents.
 

Infosecurity reports: "Critical Industries Failing at IIoT/OT Security"