"Engineering Workstations Are a Concerning Initial Access Vector in OT Attacks"
The SANS 2021 OT/ICS Cybersecurity Report shares findings from a survey of 480 individuals from a wide range of industries. The survey showed that almost 70 percent of respondents believe their Operational Technology (OT) environments face high or severe risk, which is an increase from the 51 percent in 2019 when SANS did a similar survey. Although many organizations have expressed concern about cyber threats to their OT environments, 48 percent of respondents revealed that they do not know whether they experienced a security breach on OT or control systems in the past year, thus emphasizing the need for organizations to improve their detection and response capabilities. Only 12 percent of respondents were confident that their systems had not been compromised, and 15 percent admitted to detecting security incidents, many of which resulted in the disruption of operations. Most of the respondents blamed hackers for incidents, followed by organized crime, service providers, employees, activists, and state-sponsored threat actors. External remote services were cited as the top initial attack vector involved in incidents, followed by the exploitation of public-facing applications, Internet-accessible devices, spear-phishing, removable media, and compromised engineering workstations. This article continues to discuss key findings shared in the SANS 2021 OT/ICS Cybersecurity Report.